Abstract: Systems and methods are disclosed for determining if an account identifier is computer-generated. One method includes receiving the account identifier, dividing the account identifier into a plurality of fragments, and determining one or more features of at least one of the fragments. The method further includes determining the commonness of at least one of the fragments, and determining if the account identifier is computer-generated based on the features of at least one of the fragments, and the commonness of at least one of the fragments.

Abstract: Systems and methods are disclosed for identifying malicious traffic associated with a website.

Abstract: The present teaching relates to method, system, medium, and implementation for authenticating a user. An authentication session is initiated to authenticate, via iris, a person claiming to be an authorized user. A challenge is determined to be used to challenge the person and a set of expected features associated with the challenge is obtained. The challenge is presented to the person and one or more pictures are captured from the person reacting in response to the challenge and are used to determine whether the person is live.

Abstract: The present teaching relates to method, system, medium, and implementation for secure data management by a trusted entity. A request is first received for validating one or more data items related to a record owner in order to carry out a transaction between the record owner and a service provider. With respect to the one or more data items, at least one access limitation associated therewith is determined. A cloaked identifier is generated for the request with information related to the transaction and the one or more data items incorporated therein and sent to the record owner to proceed with the validation.

Abstract: The present teaching relates to method, system, medium, and implementation for secure data management by a transaction engine. A request is received from a record owner for validating one or more data items related to a record owner in order to carry out a transaction involving the record owner and a service provider. A trusted entity that is in possession of the one or more data items is determined and a request is sent to the trusted entity with first information related to the record owner. A cloaked identifier is obtained where the cloaked identifier is generated in connection with the request for validating the one or more data items. The obtained cloaked identifier is then forwarded to the record owner.

Abstract: Systems and methods for blockchain ledger growth management using separation of a blockchain ledger into multiple blockchain ledgers (each ledger having a state that can be tracked and used). The systems and methods also include linking the separated ledgers by utilizing a linking application and smart contracts added to the separated ledgers.

Abstract: The present teaching relates to method, system, medium, and implementation for secure data management associated with a record owner. A request is first received from a service provider for validating one or more data items in order to carry out a transaction between the record owner and the service provider. The record owner performs authentication required and send the request to a trusted party seeking to validate the one or more data items, wherein the trusted party is authorized to access the one or more data items. When a cloaked identifier to be used for validating the one or more data items is received from the trusted party, it is sent to the service provider for the service provider to use for validating the one or more data items.

Abstract: The present teaching relates to method, system, medium, and implementation for biometric authentication in secure data management. Authentication is initiated for a person claiming to be a record owner prior to a transaction between the record owner and a service provider. Biometric based authentication of the person is performed by detecting liveness of the person and authenticating an identity of the person based on biometric information of the person. Upon successful authentication of the person, a trusted party processes a request directed to a trusted entity to validate one or more data items related to the record owner in order to proceed with the transaction and forward a cloaked identifier obtained based on the request, where the cloaked identifier is to be used by the service provider to seek a validation response with regard to the one or more data items from the trusted party.

Abstract: The present teaching relates to method, system, medium, and implementations for authenticating a user. An authentication session is initiated to authenticate, via iris, a person claiming to be an authorized user. An obfuscation configuration is retrieved with respect to the authorized user and used to determine a sub-obfuscation configuration in accordance with information associated with the authentication session. A set of expected features associated with the sub-obfuscation configuration is obtained. One or more pictures are captured from the iris of the person who is expected to carry out at least one obfuscation measure consistent with the sub-obfuscation configuration for the authorized user in accordance with the information related to the authentication session and are used to determine whether the person is live based on the set of expected features associated with the sub-obfuscation configuration.

Abstract: The present teaching relates to method, system, medium and implementation for secure transaction. A transaction package is received from a trusted entity, which is generated by a trusted entity in response to a request for validating one or more data items related to a record owner in order to carry out a transaction involving the record owner and a service provider and incorporates at least one access limitation associated with the one or more data items. A transaction package identifier is provided to the trusted entity, which uniquely identifies the transaction package and is used to store the transaction package.

Abstract: The present teaching relates to method, system, medium, and implementation for secure data management by a service provider. A request is first received for carrying out a transaction with a user and one or more data items associated with the user are then determined that need to be validated prior to the transaction. A request is then sent to the user seeking to validate the one or more data items. When a cloaked identifier is received from the user with information related to a trusted party, the cloaked identifier is then sent to the trusted party with a request for a validation response. When the validation response is received with an indication that the one or more data items are validated, the transaction with the user is carried out.

Abstract: Technologies for compressing a blockchain. In some examples, the technologies include removing selected blocks within a blockchain, and replacing the selected blocks with a summary block and a padding block. Each block of the selected blocks includes data in a certain state (such as data in an obsolete state). The technologies can include generating the summary block and padding blocks according to the data in the selected blocks and an original root hash included in the selected blocks and other blocks of the blockchain. The generating of the summary and padding blocks can include generating a new root hash in the summary and padding blocks that only replaces the original root hash in the summary and padding blocks. The generation of the new root hash can be based on a part of a header of a non-selected block of the blockchain directly linked to an end block of selected blocks.

Abstract: The present teaching relates to method, system, medium, and implementations for authenticating a user. A first request is received to set up authentication information with respect to a user, wherein the first request specifies a type of information to be used for future authentication of the user. It is determined whether the type of information related to the user poses risks based on a reverse information search result. The type of information for being used for future authentication of the user is rejected when the type of information is determined to pose risks.

Abstract: The present teaching relates to method, system, medium, and implementations for authenticating a user. An authentication session is first initiated to authenticate, via iris, a person claiming to be an authorized user, in which a first set of signals is randomly generated for controlling light strobing to be applied to the iris of the person for detecting liveness of the iris. A second set of signals is accordingly generated for controlling iris picture capturing synchronized with the light strobing. The light strobing is applied to the person via strobes generated based on the first set of signals and pictures of the iris of the person are acquired, based on the second set of signals, that are synchronized with the light strobing. Whether the person is live is then determined based on the synchronized pictures acquired when the light strobing is applied.

Abstract: The present teaching relates to method, system, medium, and implementations for authenticating a user. An authentication session is initiated to authenticate, via iris, a person claiming to be an authorized user. A trajectory is determined with respect to a display visible to the person. A plurality of focus dots are generated with corresponding coordinates on the trajectory with respect to the display and rendered to the person on the display in accordance with the corresponding coordinates during a specified period of time. A plurality of pictures of the iris of the person are captured during the period of time and used to determine whether the person is live based on the captured plurality of pictures of the iris of the person.

Abstract: Systems and methods are disclosed for identifying human users on a network.

Abstract: Systems and methods are disclosed for cryptographic signing of content requests. One method includes receiving, at a content network, a content request from a publisher website, the publisher website purporting to be associated with a publisher domain. At the content network, a public key may be received associated with the publisher domain. At the content network, at least one policy may be received associated with the publisher domain. It may be determined whether the content request comprises a cryptographic signature. If it is determined that the content request does not comprise a cryptographic signature, content may or may not be provided to the publisher website according to the policy from the publisher domain. If it is determined that the content request comprises a cryptographic signature, the cryptographic signature of the request may be validated using the public key.

Abstract: Systems and methods are disclosed for analyzing a plurality of failed login records that correspond to failed login attempts detected by a computing system, to identify suspicious patterns of activity that can facilitate the supplementation of password blacklists for improving account security. To accomplish the foregoing, failed login records that include information associated with failed login attempts are obtained for analysis. The failed login records are analyzed to identify a set of failed login records that show initial characteristics of a suspicious pattern of activity. The information included in the set of failed login records are further analyzed to determine whether a suspicious pattern of activity is actually present. When a suspicious pattern of activity is identified in the set of failed login records, the passwords used in the failed login attempts are stored in password blacklists associated with the account identifier(s) with which the passwords were used.

Abstract: Systems and methods are disclosed for managing the resetting of online identities or accounts of users of Internet web pages. One method includes: receiving, through an electronic device, a request to reset login information to access a web page associated with the user's online account; determining that an IP address associated with the request is not identified as being suspicious; receiving user data intrinsic to the user's request; automatically verifying two or more values of the data intrinsic to the user's request as being indicative of a level of trust of the identity of the user; and transmitting, to the user over the Internet, a subset of options to reset the login information, the subset being selected based on the level of trust.

Abstract: Systems and methods are disclosed for cryptographic signing of content requests. One method includes receiving, at a content network, a content request from a publisher website, the publisher website purporting to be associated with a publisher domain. At the content network, a public key may be received associated with the publisher domain. At the content network, at least one policy may be received associated with the publisher domain. It may be determined whether the content request comprises a cryptographic signature. If it is determined that the content request does not comprise a cryptographic signature, content may or may not be provided to the publisher website according to the policy from the publisher domain. If it is determined that the content request comprises a cryptographic signature, the cryptographic signature of the request may be validated using the public key.