Abstract: An authentication method and system for an HVAC system are provided. Embodiments of the present disclosure generally relate to an access-control or authentication system for an HVAC system, in which access to certain functions of the HVAC system is conditioned on a user performing certain basic operational instructions for the HVAC system in a provided sequence, thereby providing evidence that the user has authorization to access and operate the HVAC system wirelessly.

Abstract: A method for a story fill authentication process includes, responsive to receiving a first authentication request to authenticate a user, displaying a first generated story with one or more obfuscated portions, where the first generated story is based on event data associated with a first previously captured event and additional data utilized to enrich the event data for the first previously captured event. The method also includes, responsive to determining text provided for the one or more obfuscated portions of the first generated story at least meets a comparison threshold level to a first complete generated story based on a semantic comparison, granting the user access to a resource associated with the first authentication request.

Abstract: A system for authorizing a mobile identity information controlled device includes a mobile identity information controlled device, an identity system device, and/or an enabling device. At least one digital representation of a biometric is received using a biometric reader device. Identity information is obtained from an identity system device using the at least one digital representation of the biometric. Operation of the mobile identity information controlled device is controlled using the identity information. In some examples, the operation may subsequently be deauthorized if the at least one digital representation of the biometric and/or the identity information is not reobtained.

Abstract: An information processing device according to the present invention includes a first acquiring unit configured to acquire first authentication information of a person, a tracking unit configured to track a person from whom the first authentication information has been acquired based on a captured image captured by an image capturing device, a second acquiring unit configured to acquire second authentication information of a person in a predetermined place, and an associating unit configured to associate the first authentication information and the second authentication information of the same person based on the result of tracking a person.

Abstract: A network system to provide a centralized system to connect to third-party systems by using pre-built, secure, and pre-tested standardized connectors to data and services provided via APIs. A service provider pre-configures third-party systems connections to establish a type of certificate required, establish a security level required for each third-party system connection, pre-configure a software connection, and test the connection. The service provider presents a graphical user interface to a user of a client system with representations of each pre-configured third-party system connection. When a client selects a third-party system connection to connect with the client system data, the service provider generates a certificate signing request, communicates a private key to the client system, and communicates the client system data and the certificate signing request to a certificate authority system.

Abstract: Relevance information obtaining means of a fraud estimation system is configured to obtain relevance information about relevance between one service and another service. Comparison result obtaining means is configured to obtain a comparison result of a comparison between user information of a target user in the one service and user information of a fraudulent user or an authentic user in the another service. Estimation means is configured to estimate fraudulence of the target user based on the relevance information and the comparison result.

Abstract: Securing a group-based communication system may comprise identity verification of a user based on tracking an entity's interactions with a computing device associated with a user profile registered with the group-based communication system. The identity verification techniques may comprise capturing various inputs at a computing device associated with a user profile registered with the group-based communication system and storing and/or transmitting the inputs and/or interaction parameters quantifying features of the inputs to a security component of the group-based communication system. The security component may generate a data structure based at least in part on comparing the interaction parameters to historical interaction parameters and the data structure may be used to generate a trust score for verifying or denying the entity interacting with the computing device.

Abstract: Techniques are provided for device protection using a configuration lockdown mode. One method comprises receiving a configuration command from a user for a device; determining, responsive to receiving the configuration command, if the device is in a configuration lockdown mode that limits an execution of one or more configuration commands; and performing one or more automated remedial actions in response to determining that the device is in the configuration lockdown mode, such as generating a configuration lockdown alert. A configuration manager associated with the device may (i) determine if a duration of a disabling of the configuration lockdown mode violates one or more duration limits, and/or (ii) determine if the device is in the configuration lockdown mode.

Abstract: Managing worksheet access including receiving a request from a first user account to access a worksheet shared from a second user account, wherein the worksheet comprises a worksheet architecture for at least one data set from a database; determining that the first user account is authorized to access the worksheet architecture of the worksheet; determining that the first user account is authorized to access the at least one data set presented by the worksheet; and granting the first user account access to the worksheet in response to determining that the first user account is authorized to access the worksheet architecture of the worksheet and determining that the first user account is authorized to access the at least one data set presented by the worksheet.

Abstract: A method for a hybrid content protection architecture includes obtaining, by data processing hardware, a client-side cryptographic key and locally encrypting user content using the client-side cryptographic key. The method also includes communicating the client-side cryptographic key to a third party key manager, the third party key manager configured to store the client-side cryptographic key. In response to the third party key manager storing the client-side cryptographic key, the method includes receiving a token from the third party key manager, the token identifying the client-side cryptographic key stored at the third party key manager. The method further includes uploading the encrypted user content and the token to a server of a cloud computing platform.

Abstract: A system for validating a write command to a device in a process control system using biometric credentials and relationship attributes. A two user validation process may use biometric inputs of the two users to authenticate the two users and to query for associated profiles to determine whether the two users have a relationship required to release an intercepted write command to the device.

Abstract: A method and system for controlling the use of a temporary password is provided, and the method includes the steps: generating by a random code generator end a preset number of temporary passwords after successful matching between the random code generator end and the random code use end; sending by the random code generator end at least one temporary password among the preset number of temporary passwords to the random code use end for storage therein to form a preset temporary password; and receiving a current temporary password, comparing the current temporary password with each of the pre-stored temporary passwords, and indicating successful verification if the current temporary password is the same as one of the pre-stored temporary passwords. The method can generate multiple temporary passwords at once, and control and manage the use of temporary passwords by adding function codes to the temporary passwords.

Abstract: Examples described herein relate to a system consistent with the disclosure. For instance, the system may comprise a display, a computing device, a display, an input mechanism commutatively coupled to the computing device, and an independent second processing resource to receive a password entry to unlock the computing device while the computing device is in a S5 state, determine a total number of incorrect password entry attempts to successfully unlock the computing device, save the total number of password entry attempts to a non-volatile memory of the independent second processing resource, and secure the computing device in response to a determination that the total number of incorrect password entry attempts exceeds a threshold value.

Abstract: Methods and systems for granting or denying a client device access to one or more resources in a remote computing environment are described herein. A computing device may receive from an identity provider a token authenticating that a user of a client device is at a first location. The computing device may determine, based on the token, one or more labels for a session associated with the user. Each label of the one or more labels is associated with a corresponding security group. Based on the one or more labels, the user of the client device may be granted access to sensitive data.

Abstract: A computing system configured to support entities having the ability to indicate capability information for capabilities of the entities is illustrated. Embodiments may include an identity provider computer system comprising at least one processor. The identity provider computer system is configured to receive requests for access tokens from entities. The requests include capability information for the entities. The identity provider computer system is further configured to provide access tokens to the entities which include the capability information. The computing system further includes a resource provider computer system comprising at least one processor configured to receive resource requests and access tokens from entities. The access tokens include the capability information. The resource providers are further configured to provide responses to the entities according to the capability information.

Abstract: A display system includes: a transmission device that transmits image data; a reception device that is connected to the transmission device and receives the image data; and a display device that displays an image indicated by the image data received by the reception device. The reception device creates a connection code, creates a security key, which is used for connection with the transmission device, from the connection code, and transmits the connection code to the display device to cause the display device to display it. The display device displays the connection code. The transmission device creates the security key from the connection code having been inputted, and is connected to the reception device by using the security key.

Abstract: The invention provides an authentication technique that involves provision of a new authentication credential for each authentication attempt. The requestor of the new authentication credential is required to provide a previous authentication credential in order to successfully receive the new authentication credential. The previous authentication credential has however been de-authorised so it cannot be used to authenticate the requestor, only to successfully obtain a new authentication credential. The requestor then authenticates using the new authentication credential. The cycle is repeated for as many repeat authentication attempts as are made by the requestor.

Abstract: Systems and methods for data authentication can comprise processing a first secret element to generate a first encrypted secret element, processing a second secret element to generate a non-secret element, and processing the first encrypted secret element and the non-secret element to generate an encrypted data block.

Abstract: Systems and methods for authenticating and executing a user request with increased security and efficiency are provided. A method may include receiving a selection from a user to restrict informational access of a selected administrator who is logged in to a system network, and locking access of the administrator to secure user information. The method may also include receiving, from the user, limited identifying information, and transmitting to the user, based on the limited identifying information, a uniform resource locator (URL) link and a one-time password (OTP). The method may also include achieving 2-factor authentication when the user accesses the URL link and submits the OTP, and receiving from the user the secure user information and a service request. In response to receiving the secure user information and the service request, the method may include executing a response to the service request via the system network.

Abstract: A first request is received for generation of a temporary alternate identifier for a user, wherein the user is identified within a service using a user service identifier, and wherein the temporary alternate identifier assists in binding the user service identifier with a resource identifier that identifies the user within a resource. The temporary alternate identifier is then generated and associated with the user service identifier. The temporary alternate identifier is then provided the user, and the temporary alternate identifier is also provided by the user to the resource. A second request is received, from the resource, for validation of the temporary alternate identifier. The user resource identifier is also received from the resource, for example as part of the second request. The user service identifier is then bound with the user resource identifier. Additionally, an indication is provided, to the resource, that the temporary alternate identifier is valid.