Abstract: A method and system are provided for enabling collaborative access to a data object. The method comprises establishing an access control policy, the access control policy defining at least one collaborative condition under which access to the data object is permissible, monitoring a plurality of users for compliance with the collaborative condition and providing access to the data object after a predetermined number of the users meet the at least one collaborative condition.

Abstract: A system and method for the management of electronic credentials stored on mobile devices. The system may encrypt information that is provided to a lock device and an access control system using diversification keys. The diversification keys may be generated by supplying a master key and a component identifier such as, for example, a mobile device identifier, to a diversification algorithm. The mobile device may be a conduit for the communication of information between the access control system and the lock device. The mobile device may be unable to decrypt information that has been encrypted by a diversification key. Embodiments also provide for enrolling administrative mobile devices with the access control system, the distribution and revocation of credential identifiers for user mobile device, and removing administrative mobile devices that are enrolled with lock devices.

Abstract: A management device is a management device that manages replacement of batteries. The management device includes an obtaining portion that obtains, from a first battery, specific information that specifies identification information of a vehicle to which the first battery has been attached, and identification information of the first battery. The management device includes an authenticating portion that authenticates a user of the vehicle by using the specific information and the identification information of the first battery that have been obtained by the obtaining portion. The management device includes a replacement receiving portion that receives replacement of the first battery if the authenticating portion authenticates the user.

Abstract: A method, computer system, and computer program product for processing a secure data phone request are provided. The embodiment may include receiving a plurality of user responses to one or more security questions. The embodiment may also include identifying, during a phone call, a request for sensitive information by a call participant. The embodiment may further include identifying a response within the plurality of received user responses that satisfies the identified request. The embodiment may also include transmitting the identified response to the call participant.

Abstract: A method, computer system, and computer program product for processing a secure data phone request are provided. The embodiment may include receiving a plurality of user responses to one or more security questions. The embodiment may also include identifying, during a phone call, a request for sensitive information by a call participant. The embodiment may further include identifying a response within the plurality of received user responses that satisfies the identified request. The embodiment may also include transmitting the identified response to the call participant.

Abstract: A computer system prevents data leakage via version control systems. Outgoing traffic that is destined for an external server hosting a version control system is identified. The outgoing traffic is associated with an endpoint device corresponding to an individual who is a member of the organization. Historical information is collected about the individual, and a user account of the version control system that is associated with the identified individual is identified. The external server hosting the version control system is searched to determine whether potentially sensitive information has been uploaded. Embodiments may further include a method and program product for preventing data leakage via version control systems in substantially the same manner described above.

Abstract: An association management system for establishing, maintaining, and monitoring associations between a personal identifier and an electronic device, includes a provider subsystem in operable communication with at least one of the personal identifier and the electronic device. The provider subsystem is configured to provision a person associated with the personal identifier, authenticate both of the personal identifier and the electronic device, and establish an association of the authenticated personal identifier to the authenticated electronic device. The system further includes a certificate authority subsystem for issuing at least one digital certificate to verify an identity of one or more digital entities operating on the management system, and a digital distributed ledger including a plurality of a consensus pool of participating processors. The digital distributed ledger is configured to verify, using the at least one digital certificate, transaction events of the association management system.

Abstract: A risk analysis system configures the decision engine to detect anomalous online activities by analyzing usage patterns associated with one or more user accounts across multiple frequencies. The risk analysis system obtains transaction log data representing transactions associated with one or more accounts, and extracts data from the transaction log data to generate time-series data along a time dimension. The time-series data may represent usage characteristics of one or more user accounts over a period of time. The risk analysis system derives pattern data representing usage patterns across multiple different frequencies based on the time-series data. The risk analysis system then configures the decision engine to detect anomalous account activities based on the derived pattern data.

Abstract: A telecommunications service provider network gateway computer system. The gateway computer comprises a processor, a non-transitory memory, and a probe application stored in the non-transitory memory. When executed by the processor, the probe application monitors data packets received from a radio access network (RAN), identifies data packets addressed to a server computer hosting a mobile application downloading site, for the data packets addressed to the downloading site, collect information associated with telecommunications service subscribers downloading applications from the downloading site based on a telecommunications service subscriber identity associated with each of the data packets provided to the gateway server computer by the RAN, generates a report based on the information collected that anonymizes the subscribers' identities, and transmits the report to an operator of the downloading site.

Abstract: A processing pipeline for supporting advanced analytics for network monitoring and information management as well as specific analytics for particular use cases. The processing pipeline 500 takes in system data (502) and pre-processes (504) the system data. The system data (502) may include any of the types of data described above including text log files, and categorical data from various sources. The illustrated processing pipeline 500 includes two branches; a data modeling branch (506) where a model is developed for the data and a data evaluation branch (508) where the developed model is leveraged to evaluate live data. For certain event detection use cases, the output of the data evaluation branch (508) includes a score (510) (e.g., a threat level score) and context information for evaluating the threat.

Abstract: A method and a system for implanting a handshake between a source cluster having files replicated to a destination cluster, the system comprising: a source cluster having a plurality of nodes and replication manager; and a destination cluster having a plurality of nodes, a replication manager and single port manager which run on each node of the destination cluster, wherein the replication managers of the source and destination clusters are configured to replicate all files and processes on the nodes of the source cluster to the nodes of the destination cluster, wherein all replicated files and processes register with the single port manager, and wherein the single port manager is configured to communicate with the source cluster via a single port and to provide descriptors of the required replicated files and processes via a kernel.

Abstract: A computer system identifies one or more characteristics corresponding to a memory of a user device based on analyzing information stored in the memory of the user device during one or more instances of a first time period. The computer system detects an untrusted user device attempting to access an account during a second time period. In response to the detecting the untrusted device attempting to access the account, the computer system compares one or more characteristics of the information stored in a memory of the untrusted user device to the identified one or more characteristics. In response to determining that a similarity level between the one or more characteristics of the information stored in the memory of the untrusted device and the identified one or more characteristics is above a threshold level, the computer system allows access to the account.

Abstract: Systems and methods related to an online security center are provided. For example, a processor may receive authentication information via a first website, a first application, or both. The authentication information may be associated with an account registered with a second website, a second application, or both. The processor may store the authentication information. The processor may receive input of a selection related to managing a stored password of the authentication information. The processor may automatically generate a new password based at least in part on one or more password specifications that enhance security of the new password, a configurable time limit for changing the authentication information, or some combination thereof. The processor may then display a recommendation including the new password, automatically change the stored password to the new password, or some combination thereof, based on the input.

Abstract: A network device obtains information, associated with blacklisted domains, that includes blacklisted domain identifiers, and sinkhole server identifiers associated with the blacklisted domain identifiers. The network device obtains a set of rules that specify match criteria, associated with the blacklisted domains, that include source network addresses and/or destination network addresses for comparison to packet source network addresses and/or packet destination network addresses associated with incoming packets. The set of rules specify actions to perform based on a result of comparing the match criteria and the packet source network addresses and/or the packet destination network addresses for the incoming packets.

Abstract: A method for verifying identities of parties to a transaction includes receiving a login attempt from a mobile communication device, the login attempt including a security credential. The method determines that the security credential of the login attempt from the mobile communication device is authentic. The method communicates a one-time access code to the mobile communication device. The method receives a one-time entry code and mobile communication device information from the mobile communication device. The method determines that the one-time entry code and the mobile communication device information from the mobile communication device satisfies the communicated one-time access code and predetermined user mobile communication device information. The method provides by the mobile communication device access to a secure transaction environment.

Abstract: Federated systems for issuing playback certifications granting access to technically protected content are described. One embodiment of the system includes a registration server connected to a network, a content server connected to the network and to a trusted system, a first device including a non-volatile memory that is connected to the network and a second device including a non-volatile memory that is connected to the network. In addition, the registration server is configured to provide the first device with a first set of activation information in a first format, the first device is configured to store the first set of activation information in non-volatile memory, the registration server is configured to provide the second device with a second set of activation information in a second format, and the second device is configured to store the second set of activation information in non-volatile memory.

Abstract: An inspection target apparatus includes a generating circuit and a processing unit. The generating circuit generates a value depending on hardware. The processing unit generates, in response to a first request, encoding result data using the generated value and an error-correction encoding method and outputs the encoding result data. The processing unit generates, in response to a second request, decoding result data using designated encoding result data, the generated value, and an error-correction decoding method and outputs the decoding result data. An inspection apparatus includes a storing unit and a processing unit. The storing unit stores encoding result data generated by a different inspection target apparatus and reference data. The processing unit designates encoding result and receives decoding result data from the inspection target apparatus. The processing unit determines whether the decoding result data matches the reference data in comparison with each other.

Abstract: Methods and systems for granting or denying a client device access to one or more resources in a remote computing environment are described herein. During authentication, context information for the client device, such as device type, device location, etc., may be determined. A computing device in the system may receive data indicating the context information, such as data indicating that the user is at a particular location and/or is of a particular device type. One or more labels for a session associated with the user of the client device may be determined based on the data indicating the context information. The computing device may generate an authentication certificate comprising one or more labels. Based on the certificate, one or more access groups for the user of the client device may be determined, and the user of the client device may be granted or denied access to one or more resources according to the access group(s).

Abstract: Systems and methods for data authentication can comprise processing a first secret element to generate a first encrypted secret element, processing a second secret element to generate a non-secret element, and processing the first encrypted secret element and the non-secret element to generate an encrypted data block.

Abstract: A method of providing electronic home assistant service. The method comprises processing a first audio received from a microphone of an electronic home assistant by a voice recognition application executing on the electronic home assistant into a first parsed digital signal, providing the parsed digital signal by the voice recognition application to a plurality of applications executing on the electronic home assistant, receiving an exclusive access to parsed digital signals request by the voice recognition application from a wireless communication service account self-service client application executing on the electronic home assistant, processing a second audio received from the microphone of the electronic home assistant by the voice recognition application to form a second parsed digital signal, and providing the second parsed digital signal exclusively to the wireless communication service account self-service client application.