Abstract: A biometric sensor can be integrated into a user device to enable multifactor biometric authentication of a user on the user device. The biometric sensor can comprise at fingerprint scanner and a heartrate detector, the heartrate detector further comprising an optical input device and a light emitting diode (LED). The fingerprint scanner comprises a camera encircling the edge of the biometric sensor and detects and scans the users fingerprint to compare to a stored fingerprint to authenticate the users fingerprint. The heartrate detector can determine a heartrate of the user. Based on the detected heartrate of the user and utilizing a validation profile it can be determined if the user is, for example, a live person, is under duress, or sleeping. If the heartrate data is validated by the user device within certain allowable parameters, and the fingerprint of the user is authenticated, access to the user device is enabled.

Abstract: One or more access events can be logged to a system log. The system log includes a history of recorded user device actions. A request associated with modifying the system log can be received. The modifying of the system log may be denied based at least in part on a plurality of distributed nodes invalidating the request. Each of the plurality of distributed nodes may include a copy of the system log. The invalidating of the request may include comparing contents of the copy of the system log with the request.

Abstract: A password breach registry is utilized to secure a service provided by a service provider. The password breach registry is a publicly accessible registry and includes password tokens written by breached service providers. The password tokens indicate passwords used to access breached service providers that may have been breached. A service provider can subscribe to the password breach registry and periodically query the password breach registry to determine if a password token corresponding to a user of a service provided by the service provider has been written to the password breach registry. This may indicate that the user of the service utilizes the same password on other services that have been breached. Upon determining that the password token has been written to the password breach registry, the user can be locked out from the service to prevent a malicious actor from gaining access to the account of the user.

Abstract: A registry is utilized to identify personally identifiable information (PII) that has been breached. The registry is a distributed database shared by multiple organizations to track which PII has been breached in other organizations. A first service provider initially receives PII and corresponding signed descriptor from a user. The PII is used to verify an identity of the user and the signed descriptor describes the type of PII that is received. The first service provider queries the registry to determine if the signed descriptor of the user has been written to the registry by a second service provider, indicating that it has been breached at a service provided by the second service provider. If the first service provider uses the breached PII, the breached PII is invalidated by the first service provider.

Abstract: A password breach registry is utilized to secure a service provided by a service provider. The password breach registry is a publicly accessible registry and includes password tokens written by breached service providers. The password tokens indicate passwords used to access breached service providers that may have been breached. A service provider can subscribe to the password breach registry and periodically query the password breach registry to determine if a password token corresponding to a user of a service provided by the service provider has been written to the password breach registry. This may indicate that the user of the service utilizes the same password on other services that have been breached. Upon determining that the password token has been written to the password breach registry, the user can be locked out from the service to prevent a malicious actor from gaining access to the account of the user.

Abstract: A method includes identifying a set of computing-resistant puzzles and receiving human-input proposed solutions to at least a subset of the puzzles. The method further includes confirming the validity of the human-input proposed solutions and producing a proof-of-work based on at least a threshold quantity of validated human-input proposed solutions. A new block including the produced proof-of-work is added to a blockchain database.

Abstract: A method includes obtaining a plurality of proof-of-stake blocks that include user data to be added to a blockchain database, and each of the proof-of-stake blocks is confirmed. In response to confirming each of the proof-of-stake blocks, each of the proof-of-stake blocks is added to the blockchain database. The method further includes obtaining a proof-of-work block that includes a representation of each of the proof-of-stake blocks added to the blockchain database and confirming the proof-of-work block. In response to confirming the proof-of-work block, the method adds the proof-of-work block to the blockchain database.

Abstract: A method includes distributing a plurality of key pieces associated with an encryption key to a plurality of key piece holders, adding release data to a blockchain database including sensitive data encrypted with the encryption key and a specified release date. The method further includes providing instructions to key piece holders to add respective key pieces to the blockchain database at the specified release date to facilitate time-based release of the sensitive data.

Abstract: A registry is utilized to identify personally identifiable information (PII) that has been breached. The registry is a distributed database shared by multiple organizations to track which PII has been breached in other organizations. A first service provider initially receives PII and corresponding signed descriptor from a user. The PII is used to verify an identity of the user and the signed descriptor describes the type of PII that is received. The first service provider queries the registry to determine if the signed descriptor of the user has been written to the registry by a second service provider, indicating that it has been breached at a service provided by the second service provider. If the first service provider uses the breached PII, the breached PII is invalidated by the first service provider.

Abstract: A password breach registry is utilized to secure a service provided by a service provider. The password breach registry is a publicly accessible registry and includes password tokens written by breached service providers. The password tokens indicate passwords used to access breached service providers that may have been breached. A service provider can subscribe to the password breach registry and periodically query the password breach registry to determine if a password token corresponding to a user of a service provided by the service provider has been written to the password breach registry. This may indicate that the user of the service utilizes the same password on other services that have been breached. Upon determining that the password token has been written to the password breach registry, the user can be locked out from the service to prevent a malicious actor from gaining access to the account of the user.

Abstract: A registry is utilized to identify personally identifiable information (PII) that has been breached. The registry is a distributed database shared by multiple organizations to track which PII has been breached in other organizations. A first service provider initially receives PII and corresponding signed descriptor from a user. The PII is used to verify an identity of the user and the signed descriptor describes the type of PII that is received. The first service provider queries the registry to determine if the signed descriptor of the user has been written to the registry by a second service provider, indicating that it has been breached at a service provided by the second service provider. If the first service provider uses the breached PII, the breached PII is invalidated by the first service provider.

Abstract: In a computer-implemented method for endpoint management, a plurality of messages communicated between a target endpoint and a client are recorded, in a computer-readable memory. Ones of the messages are clustered into respective groups, where the respective groups correspond to respective operation types of the ones of the messages included therein. For the respective operation types, respective message structures used by the target endpoint are determined based on commonalities among the ones of the messages of the respective groups corresponding to the operation types. For one of the respective operation types, a request to the target endpoint is generated in accordance with a corresponding one of the respective message structures used by the target endpoint. Related computer systems and computer program products are also discussed.

Abstract: A registry is utilized to identify personally identifiable information (PII) that has been breached. The registry is a distributed database shared by multiple organizations to track which PII has been breached in other organizations. A first service provider initially receives PII and corresponding signed descriptor from a user. The PII is used to verify an identity of the user and the signed descriptor describes the type of PII that is received. The first service provider queries the registry to determine if the signed descriptor of the user has been written to the registry by a second service provider, indicating that it has been breached at a service provided by the second service provider. If the first service provider uses the breached PII, the breached PII is invalidated by the first service provider.

Abstract: A password breach registry is utilized to secure a service provided by a service provider. The password breach registry is a publicly accessible registry and includes password tokens written by breached service providers. The password tokens indicate passwords used to access breached service providers that may have been breached. A service provider can subscribe to the password breach registry and periodically query the password breach registry to determine if a password token corresponding to a user of a service provided by the service provider has been written to the password breach registry. This may indicate that the user of the service utilizes the same password on other services that have been breached. Upon determining that the password token has been written to the password breach registry, the user can be locked out from the service to prevent a malicious actor from gaining access to the account of the user.

Abstract: In a method of service emulation, a plurality of messages communicated between a system under test and a target system for emulation are recorded in a computer-readable memory. Ones of the messages are clustered to define a plurality of message clusters, and respective cluster prototypes are generated for the message clusters. The respective cluster prototypes include a commonality among the ones of the messages of the corresponding message clusters. One of the message clusters is identified as corresponding to a request from the system under test based on a comparison of the request with the respective cluster prototypes, and a response to the request for transmission to the system under test is generated based on the one of the message clusters that was identified. Related computer systems and computer program products are also discussed.

Abstract: A registry is utilized to identify personally identifiable information (PII) that has been breached. The registry is a distributed database shared by multiple organizations to track which PII has been breached in other organizations. A first service provider initially receives PII and corresponding signed descriptor from a user. The PII is used to verify an identity of the user and the signed descriptor describes the type of PII that is received. The first service provider queries the registry to determine if the signed descriptor of the user has been written to the registry by a second service provider, indicating that it has been breached at a service provided by the second service provider. If the first service provider uses the breached PII, the breached PII is invalidated by the first service provider.

Abstract: A password breach registry is utilized to secure a service provided by a service provider. The password breach registry is a publicly accessible registry and includes password tokens written by breached service providers. The password tokens indicate passwords used to access breached service providers that may have been breached. A service provider can subscribe to the password breach registry and periodically query the password breach registry to determine if a password token corresponding to a user of a service provided by the service provider has been written to the password breach registry. This may indicate that the user of the service utilizes the same password on other services that have been breached. Upon determining that the password token has been written to the password breach registry, the user can be locked out from the service to prevent a malicious actor from gaining access to the account of the user.

Abstract: A method, program product, and apparatus for managing profiles in an access management domain. In an embodiment, attribute field mapping rules are generated for an identity profile schema applied to a plurality of identity profiles and an account profile schema applied to a plurality of account profiles. Each of the identity profiles includes one or more identity attribute fields and each of the plurality of account profiles includes one or more account attribute fields. As part of generating attribute field mapping rules, a synchronization manager iteratively compares, using an edit distance function, data in each of the identity attribute fields with data in one or more of each of the account attribute fields. In response to detecting a match between data in a given identity attribute field and data in a given account attribute field, the synchronization manager increments an attribute correlation value that is associated with the given identity attribute field and the given account attribute field.

Abstract: In a service emulation method, a transaction library storing a plurality of messages communicated between a system under test and a target system upon which the system under test depends is accessed responsive to receiving a request from the system under test. One of the messages stored in the transaction library is identified as corresponding to the received request based on a distance measure therebetween, and a response to the received request is generated using the one of the messages that was identified. Related systems and computer program products are also discussed.

Abstract: A method, program product, and apparatus for managing profiles in an access management domain. In an embodiment, attribute field mapping rules are generated for an identity profile schema applied to a plurality of identity profiles and an account profile schema applied to a plurality of account profiles. Each of the identity profiles includes one or more identity attribute fields and each of the plurality of account profiles includes one or more account attribute fields. As part of generating attribute field mapping rules, a synchronization manager iteratively compares data in each of the identity attribute fields with data in one or more of each of the account attribute fields. In response to detecting a match between data in a given identity attribute field and data in a given account attribute field, the synchronization manager increments an attribute correlation value that is associated with the given identity attribute field and the given account attribute field.