Abstract: A system and method for persona management in online environments provides an identity by proxy with trusted parties having portions of the private cryptographic key of the consumer so that the private cryptographic key of the consumer may be generated. The system and method implements the persona management in online environments in one embodiment using an immutable ledger with decentralized transaction consensus and a process to share portions of the private cryptographic key with trusted third parties.

Abstract: An image display system includes a first terminal device and with a second terminal device whose usable function range is smaller than a usable function range of the first terminal device. The image display system includes a display projection unit, a communication unit that establishes wireless connection with the first and second terminal devices, a control unit that manages the wireless connection, and a connection control image generating unit. The control unit and the connection control image generating unit generate a terminal connection image including information for connecting the second terminal device with the image display system, based on terminal connection permission information that assigns the second terminal device whose wireless connection with the display system is permitted, the terminal connection permission information being transmitted from the first terminal device. The display projection unit displays the terminal connection image.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to facilitate end-user defined policy management. An example apparatus includes an edge node interface to detect addition of a networked user device to a service gateway, and to extract publish information from the networked user device. The example apparatus also includes a device context manager to identify tag parameters based on the publish information from the networked user device, and a tag manager to prohibit unauthorized disclosure of the networked user device by setting values of the tag parameters based on a user profile associated with a type of the networked user device.

Abstract: A method for authenticating a wearable device is disclosed. The method includes: receiving, a signal representing an indication that the wearable device is in active use; in response to receiving the signal, updating a device database to associate a first status with the wearable device; receiving, from a tokenization service provider (TSP), a signal representing a first code derived by the TSP from decrypting a security token previously provisioned in the wearable device, wherein the security token was received at a terminal from the wearable device and transmitted to the TSP; obtaining, based on the received first code, a device identifier of the wearable device and an identifier of an account; querying the device database to verify that the wearable device is associated with the first status; verifying that the account is enabled for an operation initiated using the wearable device; and transmitting an authorization message to the terminal, the authorization message authorizing the operation.

Abstract: An access configuration for an access control manager is generated. Access data including users, resources, and actions the users performed on the resources is received into a matrix. Clusters of the matrix are formed to produce ranges of the users and ranges of the resources having selected permission levels based on the actions. Administrator-modifiable security groups are created based on the ranges of users and administrator-modifiable resources groups based on the ranges of resources.

Abstract: Implementations of this specification provide a method and apparatus for transaction scheduling in a blockchain. An example method performed by a node in the blockchain includes receiving a first privacy transaction, and determining a data volume of the first privacy transaction; determining a first summation value by adding the data volume of the first privacy transaction to a data volume of all privacy transactions in a buffer queue, and adding the first privacy transaction to the buffer queue; receiving a second privacy transaction, and determining a data volume of the second privacy transaction; determining a second summation value by adding the data volume of the second privacy transaction to a data volume of all privacy transactions in the buffer queue, and packaging all privacy transactions in the buffer queue and transferring the packaged privacy transactions into a trusted environment; and adding the second privacy transaction to the buffer queue.

Abstract: A computer system receive a virtual world data set corresponding to a virtual world as experienced by a user. The computer system adds, to the virtual world data set, virtual world location data sets, with each given virtual world location data set respectively defining virtual world locations, with the virtual world location data sets including a first virtual location data set corresponding to a first virtual location that corresponds to a first real world location in the real world. The computer system adds, to the virtual world data set, a first virtual asset data set defining: (i) a first virtual asset, and (ii) a triggering rule that specifies the first real world location. The computer system determines that the user is in proximity to the first real world location. The computer system, responsive to the determination that the user is in proximity to the first real world location, applies the triggering rule to render the first virtual world asset in the first virtual location.

Abstract: A method for checking a confidence level associated with a first user account of an online service, each user account including associated user data and contact means, the method includes the steps of selecting at least one second user account, generating a first code, recording the first code in association with the first user account, sending a first message via a contact means associated with the second user account, the first message including the first code generated and, in subsequent steps, of receiving, from a first electronic device connected to the online service with the first user account, a second message including a second code and, when the second code is equal to the first code recorded in association with the first user account, then increasing the value of the parameter indicating the confidence level associated with the first user account of the online service.

Abstract: In a mobile device including an image capturing device having an imaging element (CCD), and an illumination element, capturing an image of a hologram and sending the image of the hologram to a server for authenticating the image and authorizing a transaction.

Abstract: Disclosed is a method and system for utilizing an Internet Protocol Multimedia Subsystem (IMS) to authenticate an HTTP session between a communication device and an online application program. The method includes registering a communication device on an IMS, and generating an authorization token which is sent to the communication device. The communication device then embeds the authorization token in HTTP request communication directed to the IMS. The IMS, after verifying the authorization token, forwards the HTTP request and token to a selected Web server that hosts an online application to authenticate an HTTP session.

Abstract: A computer system and method having a user interface including a touch-sensitive display screen. The system and method enables entry of a password which includes displaying a first array of a plurality of images on the touch-sensitive display prompting a user to select with a finger one of the plurality of images displayed. Subsequently at least another array of a plurality of images successive to the first array is displayed on the touch sensitive display prompting a user to select with a finger one of the plurality of images displayed in the another array of images. A computer processor then determines if a user selected a predetermined iage from the first array of the plurality of images and a predetermined image from each at least another array of plurality of images displayed after the first array. If determined, the user is permitted access to an application executable on the computer system.

Abstract: A system is provided that determines a location of a user based on various criteria. The system may detect the location of a user based on the location of the user's device, as determined using a beacon signal, and an expected location of the user's device, as determined using schedule information. The system may process data representing the user's device location and expected location using a model to determine a confidence that a user is at a particular location. Based on the determined location, the system may perform various actions.

Abstract: A method of secure hash table implementation includes performing a secret key exchange between a server enclave of a server device and a client enclave of a client device and establishing an encrypted channel between the server enclave and the client enclave using the exchanged secret keys. The method includes generating a random key for a keyed hash function or a pseudo random function (PRF) and communicating the random key to the client enclave. The method includes receiving hashes of input data at the server enclave. The method includes building a hash table based on key-value pairs included in the received hashes. The method includes receiving a hash table query that includes keys. The method includes retrieving values that correspond to the keys. The method includes returning the retrieved values that correspond to the keys or a null if a value has not been inserted into the hash table for one of the keys.

Abstract: An electronic device and method for providing vehicle information based on personal authentication and vehicle authentication are disclosed. According to various example embodiments, an electronic device includes a communication module comprising communication circuitry configured to communicate with a vehicle device and a first server and a processor electrically connected with the communication module, in which the processor is configured to receive an encrypted session key set including at least one session key from the first server, to transmit the encrypted session key set to the vehicle device, receive, from the vehicle device, second vehicle information in which first vehicle information of the vehicle device is encrypted using a first session key of the at least one session key and is signed using a secret key of the vehicle device, and to transmit, to the first server, third vehicle information in which the received second vehicle information is signed using a secret key of a user.

Abstract: Approaches for using a device-based authentication certificate to obtain data access to a cloud-based destination application are provided. Using an edge manager device, a token and data access request is received from a machine. The edge manager device is configured to administer data access to one or more cloud-based applications.

Abstract: A method (400) of encrypting data at an electronic device (3) where the electronic device is associated with a key device (5). Each device is associated with an asymmetric cryptography pair, each pair including a first private key and a first public key. Respective second private and public keys may be determined based on the first private key, first public key and a deterministic key. A secret may be determined based on the second private and public keys. The data at the electronic device (3) may be encrypted using the determined secret or an encryption key that is based on the secret. Information indicative of the deterministic key may be sent to the key device (5) where the information may be stored.

Abstract: Various aspects described herein are directed to methods and systems that preprocess an electronic document or some data therein and conceal sensitive data in the electronic document by applying steganography to the data associated with one or more fonts. A steganography map is generated or updated to include steganography information about applying steganography to the data. Cryptography may be applied to the steganography map; and the electronic document may be transformed into a different document format.

Abstract: A system and/or method includes facilitating secured chat messaging. An application module can derive a master password-based encryption key from a master password. The application module can generate a data key and encrypt the data key with the master password-based encryption key. The application module can generate a record key for encrypting chat messages of a chat thread and encrypt the record key with the data key. The application module can decrypt the chat messages in the chat thread with the record key, where the record key is decrypted with the data key, and where the data key is decrypted with the master password-based encryption key. The application module can display the decrypted chat messages.

Abstract: An edge server disposed on an edge of a cloud network, includes: a processor, wherein when encryption key information relating to a terminal which requests a connection to the edge server and the encryption key information generated before the request, is included in shared information shared between a cloud server and another edge server in the cloud network, the processor is configured to start encryption communication with the terminal using the encryption key information of the shared information.

Abstract: The present disclosure describes systems and method for performing a vulnerabilities assessment of an organization. A campaign controller executes one or more simulated phishing campaigns directed to a plurality of users of an organization, using a plurality of models determined by the campaign controller based at least on identification of the organization. The campaign controller stores to a database the results of execution of the one or more simulated phishing campaigns and based on the results, the campaign controller determines one or more vulnerabilities to phishing for the organization. In one embodiment, the campaign controller determines a percentage of the plurality of users of the organization that are phish-prone. In some embodiments, the users of the organization that are phish-prone interacted with a link of a simulated phishing communication.