Abstract: Security policies are made dependent on location of a device and the location of a device is determined and the appropriate security policy applied without providing the device's location to a server. A device determine its location and identifies a security policy identifier mapped to a zone including the location. The device requests the security policy corresponding to the identifier from a server and implements it. The device may also store a database of the security policies and implement them according to its location. Devices registered for a user evaluate whether locations detected for the devices correspond to impossible travel by the user. Objects encoding geolocation data of a device may be encrypted with a private key of the device and the public key of another to prevent access by an intermediary server.

Abstract: A method for securing communications for a given network topology is provided. The method comprises generating by a node N(i) of the network, security parameters for the node N(i); transmitting by the node N(i), said security parameters to a controller for the network; maintaining by the controller said security parameters for the node N(i); receiving by the controller a request from a node N(j) for the security parameters for the node N(i); retrieving by the controller the security parameters for the node N(i); and transmitting by the controller said security parameters to the node N(j).

Abstract: The present invention provides a method of registering a new user of an online system is disclosed. A base grid is created. The user provides a passcode that includes an indication of an ordered set of cells a grid. A grid salt, user identifying information, and a passcode identifier is generated. The passcode identifier is then split into at least three parts using a secret sharing algorithm wherein three of the parts are required to regenerate the passcode identifier. First and second parts are stored in first and second locations in an array and a third part is stored in a third location with user identifying information. The first and second parts are indexed using X-OTC and Y-OTC. A user token containing the position of the first and second parts in the array is passed to the user.

Abstract: A robotic process automation (RPA) system provides bots that interact with and provide user credentials to applications that require multi-factor authentication (MFA). First user credentials associated with MFA are retrieved by the bots from credential storage. Second user credentials that correspond to questions posed to a user of an application are retrieved from credential storage. Second user credentials that correspond to a one-time password are generated by the RPA system. The second user credentials may also be generated by a third-party authentication service that provides the credentials via a secondary channel such as email or SMS, which are then retrieved for presentation to the application.

Abstract: A multiuser measurement system is provided. The multiuser measurement system may authenticate a specific user. When the user has been authenticated, user related data may be obtained from a memory. The user related data are stored in the memory in an encrypted manner, and the encrypted data are only decrypted after authenticating the user.

Abstract: A method for securing communications for a given network topology is provided. The method comprises generating by a node N(i) of the network, security parameters for the node N(i); transmitting by the node N(i), said security parameters to a controller for the network; maintaining by the controller said security parameters for the node N(i); receiving by the controller a request from a node N(j) for the security parameters for the node N(i); retrieving by the controller the security parameters for the node N(i); and transmitting by the controller said security parameters to the node N(j).

Abstract: An Internet-of-things (IoT) mechanizes, computerizes, automates, instruments, includes, and connects a broadly dispersed and extensively diverse universe of unrelated “things” to the Internet, e.g., credit cards, home appliances, industrial machinery, airplanes, cars, municipal water pumps, mobile devices, rain gauges, etc. Each thing is assigned a resident local “smart agent”. Or an entity, manifesting remotely only as transaction records and reports, is assigned a virtual smart agent in a network server. These data structures follow, track, record, chart, monitor, characterize, describe, render, and otherwise provide a label and handle on independent things and entities.

Abstract: A system and method of establishing a resource provider as a trusted listing are disclosed. The method includes receiving, by a directory server computer, an indication from a user that a resource provider is trusted. The directory server computer is programmed to provide a first level of authentication. The method then includes storing, in a database, data representing the indication from the user that the resource provider is trusted. The method then includes receiving an authentication request message from the user conducting an interaction at the resource provider computer and determining that the data representing the indication from the user that the resource provider is trusted is present. In response to determining, the method includes providing a second level of authentication to the user before the user is allowed to complete the interaction. The second level of authentication is lower than the first level.

Abstract: The present disclosure relates to assigning an ownership of a first component of a communication system. A processor may identify a second component of the communication system having a relationship to the first component. The processor may identify an owning entity of the second component, the owning entity may have ownership of the second component, and the communication system may include the owning entity. The processor may generate an owner information, the owner information may relate the owning entity of the second component to the first component. The processor may provide the owner information to the communication system. In response to the providing of the owner information, the processor may receive a command for assigning the ownership of the first component to the owning entity. In response to receiving the command, the processor may assign the ownership of the first component to the owning entity.

Abstract: The present disclosure discloses a system and method for providing multi-factor authorization for IEEE 802.1x-enabled networks. Specifically, a network device authenticates a client device to obtain access to network resources in a network via a network authentication protocol. The network device then detects a device quarantine trigger indicating an increased level of suspicion that a current user of the client device is a non-authenticated user. In response to the device quarantine trigger, the network device temporarily places the client device from an authenticated state to a quarantined state pending completion of a particular workflow by the current user. The client device has limited access to the network resources while in the quarantined state regardless of a previous successful user and/or device authentication.

Abstract: Methods and apparatuses are described for secure transmission and authentication of a user credential. A comprising a memory, a processor, and a laser diode identifies a first user credential comprising a sequence of alphanumeric characters, converts the first user credential into a first plurality of analog signals, activates the laser diode using the first plurality of analog signals to emit light detectable by the sensor of the second computing device. The second computing device comprising a memory, a processor, and a sensor for detecting emitted light generates a second plurality of analog signals corresponding to light emitted by the laser diode and detected by the sensor, converts the second plurality of analog signals into a second user credential, and authenticates the second user credential.

Abstract: Authorization for access to an application server and associated communication service can be desirably managed. When a device attempts to access an application server and service, an authorization server generates an encrypted token, comprising device identifier information, and communicates the token to the device. The device communicates the token to the application server. The application server communicates the token to the authorization server. The authorization server determines whether the device is validated to access the application server and service based on the encrypted token, private decryption key, and initialization vector, and based on subscriber-related information. The authorization server does not share the private decryption key or initialization vector with the application server. If validated, the authorization server communicates validation-related information, including a permitted portion of subscriber-related information, to the application server.

Abstract: A method for providing a user authentication credential comprises a) registering, in a device, at least one reference character, as a first user authentication credential; b) submitting, by the user, to the device, at least one character, as a second user authentication credential; c) retrieving, by the device, each reference character along with a corresponding position within the first user authentication credential; d) comparing, by the device, each submitted character within the second user authentication credential to a corresponding reference character within the first user authentication credential at one and the same position within the second user authentication credential and the first user authentication credential; and e) providing, by the device to the user, if the submitted character does not match the corresponding reference character, an information item for prompting the user to correct the submitted character.

Abstract: A method involves receiving authentication module configuration data at a user device from a remote management platform. User credentials are received at the authentication module of the user device using a graphical user interface. The user credentials are transmitted to a remote identity provider service. Upon receiving a response indicating that the user credentials are authenticated by the remote identity provider service, the user credentials are transmitted to an operating system authentication module at the user device. Upon receiving a response indicating that the user credentials are not authenticated by the operating system authentication module, previously-stored user credentials are retrieved from an encrypted credential database at the user device. The user credentials are stored at an operating system credential database using the previously-stored user credentials. The user credentials are retransmitted to the operating system authentication module to authenticate the user at the user device.

Abstract: Disclosed herein is a system for facilitating security of a resource using a plurality of credentials, in accordance with some embodiments. Accordingly, the system may include a communication device configured for receiving a user credential associated with a user from a user device to access one or more services of the resource, and obtaining a current contextual data from the user device. Further, the system may include a storage device configured for retrieving a stored contextual data and a stored credential associated with the user from a database. Further, the system may include a processing device configured for comparing the user credential with the stored credential, analyzing the current contextual data and the stored contextual data, and authenticating the user device based on the comparing and the analyzing to determine a level of access to the one or more services of the resource by the user device.

Abstract: Disclosed herein are system, method, and computer program product embodiments for generating support user permissions to allow access to a cloud computing platform. In an embodiment, a host system may host a cloud computing platform and may provide access to the cloud computing platform to a tenant system. The tenant system may then facilitate access to the cloud computing platform to users. The tenant system may maintain a list of authorized users separate from the host system. In an embodiment, if the tenant system requests support from the host system to fix a problem, the host system is able to generate access for support users to access the cloud computing platform to troubleshoot the problem. In an embodiment, even though the tenant system maintains a separate list of authorized users, the host system is able to generate support user permissions.

Abstract: Client devices can send access request messages to resource management computers to request access to a resource. A data security hub can provide centralized routing between different client devices, resource management computers, and authentication data processing servers. The data security hub can reduce the risk of sensitive authentication information from leaking (e.g., due to a breach) by limiting the amount or types of authentication information distributed to the data processing servers. The data security hub can limited the authentication information being distributed based on its sensitivity, the trust level of the client device, and the security level of the requested resource. The data security hub can also evaluate the client devices and data processing servers to identify security breaches and can cancel or reroute access requests accordingly Thus, the data security hub can maintain resource security while better preserving the privacy of the client device's authentication information.

Abstract: A system, method, and computer-readable medium are disclosed for performing an eventually consistent event resolution operation. The eventually consistent event resolution operation includes: parsing entity identifier information, the parsing generating a plurality of entity identifier elements from the entity identifier information; normalizing an entity identifier element of the plurality of entity identifier elements to provide a normalized entity identifier element; associating the normalized entity identifier element with the entity to resolve the identity of the entity; and, performing an eventually consistent event resolution operation, the eventually consistent event resolution operation updating distributed data associated with the entity, distributed data corresponding to entity identifiers impacted by subsequent changes to entity mappings being updated by the eventually consistent event resolution operation to reflect a more recent entity mapping.

Abstract: There is provided a computer implemented method of authenticating a user, comprising: receiving a sequence of key-related events of a manually typed text by a user using a keyboard, extracting a plurality of sub-features from the sequence of key-related events, for each instance of a plurality of instances of a respective n-gram of a plurality of n-grams extracted from the text, computing a plurality of statistical features for each respective n-gram from the plurality of sub-features extracted for the plurality of instances of the respective n-grams, feeding the plurality of statistical features computed for each of the plurality of n-grams into a trained machine learning (ML) model, and triggering a security process when the ML model outputs an indication of non-authentication of the user.

Abstract: A virtual environment system for validating executable data using authorized hash outputs is provided. In particular, the system may generate a virtual environment using a virtual environment device, where the virtual environment is logically and/or physically separated from other devices and/or environments within the network. The system may then open a specified set of executable data within the virtual environment and perform a set of commands or processes with respect to the executable data. If the system determines that the executable data is unsafe to run, the system may generate a hash output of the executable data and store the hash output in a database of unauthorized executable data. In this way, the system may securely generate a repository of authorized and unauthorized hashes such that the system may ensure that unsafe executable data is blocked from being processed within a network environment.