Abstract: A method of managing a telecommunications network (100), the telecommunications network having a first user (110-1) and a second user (110-2), and the telecommunications network comprising a first network slice onto which the first user is allocated, the method comprising the step of: measuring network performance in respect of the first user and in respect of the second user; comparing network performance associated with the first user and the second user; identifying whether there is a disparity between the network performance associated with the first user and the second user that exceeds a threshold; and if it is identified that the disparity exceeds the threshold, adapting the network configuration of the first network slice so as reduce the disparity in the network performance associated with the first user and the second user.

Abstract: Techniques for tracking compute capacity of a scalable application service platform to perform dynamic bandwidth allocation for data flows associated with applications hosted by the service platform are disclosed. Some of the techniques may include allocating a first amount of bandwidth of a physical underlay of a network for data flows associated with an application. The techniques may also include receiving, from a scalable application service hosting the application, an indication of an amount of computing resources of the scalable application service that are allocated to host the application. Based at least in part on the indications, a second amount of bandwidth of the physical underlay to allocate for the data flows may be determined. The techniques may also include allocating the second amount of bandwidth of the physical underlay of the network for the data flows associated with the application.

Abstract: Time-spaced messaging for network communications is facilitated. An example method may include receiving a plurality of messages at a message rate. The method may further include determining a number of the plurality of messages a network device is unable to process. The method may further include determining, based on the number, a miss rate associated with the plurality of messages. The method may further include determining whether the miss rate exceeds a threshold miss rate and, if the miss rate is determined to exceed the threshold miss rate, determining a time delay based on the miss rate and message rate, and applying the first time delay to at least one message received subsequent to the plurality of messages.

Abstract: Access nodes of a large-scale network are arranged into a number of groups. The groups are arranged into a number of bands. Each distributor of a pool of distributors interconnects each access node of a selected group to at least one channel from each group of a selected band. A discipline of allocating the selected group and the selected band to a distributor ensures that each access node has: a number, approximately equal to half the number of groups, of parallel single-hop paths to each other access node of a same group; a number, approximately equal to half the number of bands, of parallel single-hop paths to each access node of a different group within a same band; and one single-hop path to each other access node of a different access band. To eliminate the need for cross connectors, geographically-spread distributors are arranged into geographically-spread constellations of collocated distributors.

Abstract: An artificial intelligence (AI) system which utilizes machine learning algorithm such as deep learning and application is provided. The artificial intelligence (AI) system includes a controlling method of an electronic device for determining a chatbot using an artificial intelligence learning model includes receiving a voice uttered by a user, processing the voice and acquiring text information corresponding to the voice, and displaying the text information on a chat screen, determining a chatbot for providing a response message regarding the voice by inputting the acquired text information and chat history information regarding the chat screen to a model which is trained to determine the chatbot by inputting text information and chat history information, transmitting the acquired text information and the chat history information regarding the chat screen to a server for providing the determined chatbot, and receiving a response message from the server and displaying the response message on the chat screen.

Abstract: The disclosed systems and methods join a user to a primary communication channel that is associated with an automated human interface module. The automated human interface module includes a plurality of nodes. A message including a text communication is posted by the user and sent to a decision module associated with a plurality of classifiers. The decision module is configured to identify a node that best matches the text communication in accordance with the plurality of classifiers. Each respective classifier produces a respective classifier result thereby producing a plurality of classifier results. Each respective classifier result identifies a respective node of the plurality of nodes best matching the text communication. The plurality of classifier results is collectively considered, and the node best matching the text communication is identified and the text communication is sent to the identified node.

Abstract: Systems and methods for mobile communication platforms are described. In one embodiment, a method for distributing contextual information over a network to a first remote subscriber computer comprises receiving contextual information at a transmission server sent from a data source over a network, storing the remote subscriber's preferences relating to defined communication aspects, configuring the contextual information accordingly, and providing a configurable viewer application to the first remote subscriber for installation on the remote subscriber computer, the configurable viewer application including an interactive graphical user interface for viewing the configured contextual information. In a further aspect, the method includes sending a first encoded short URL for downloading the configurable application in a message to the first remote subscriber's computer.

Abstract: Methods, systems, and computer-readable storage mediums are described for effecting practical use of a dual currency which is a currency that can be electronically created and stored, and further for which there is a secret key (e.g., the secret key of a public key/secret key pair as used in public key cryptography) such that: an entity that does not possess the secret key cannot, in practice, create notes of the currency; and an entity that does possess the secret key can, in practice, create notes of the currency without assistance from entities that do not possess the secret key.

Abstract: Systems and techniques for providing security data points from an electronic message are presented. A system can determine a first interne protocol (IP) address of a computing device in response to a user of the computing device opening an email sent to an email address corresponding to a particular electronic account of the user, the email comprising an IP address tracking mechanism. The system can also compare the first IP address with one or more second IP addresses corresponding to one or more electronic accesses of the particular electronic account. Furthermore, the system can determine if an account access anomaly exists in regard to the particular electronic account based on a result of the comparing. The system can also implement a security measure impacting an ability of the particular electronic account to conduct one or more transactions in response to the account access anomaly existing for the particular electronic account.

Abstract: Systems and methods of controlling a state of electronic messaging applications are provided. A system detects a launch of a network application via an embedded browser. The network application is associated with a session identifier of a user. The system identifies one or more electronic messaging applications on a client device of the user. The system transmits, responsive to the launch of the network application associated with the session identifier, an instruction to one or more servers managing the one or more electronic messaging applications to control a state of the one or more electronic messaging applications.

Abstract: The present disclosure relates to systems, non-transitory computer-readable media, and methods for communication using multiple media content items stored on both a sending device and a receiving device. In particular, in one or more embodiments, the disclosed systems receive an application package. The application generates a message from input text and matches a portion of the text input to an audio content item using mapping data. The application generates a message including the text input and an identifier to the audio content item. A receiving system receives an application package. The application receives the message and locates the audio content item on the application package using the identifier and presents the message, including the text and the audio content item.

Abstract: The present disclosure relates generally to internet social media, and more specifically to techniques for determining location-related information about internet social media content. In some embodiments, a system accesses data representing a first social media post, the data including geographic location data identifying a first geographic location. The system identifies a second social media post related to the first post. The system accesses data representing the second social media post, wherein the data representing the second post does not include geographic location data identifying the first geographic location. The system analyzes the data representing the second social media post and determines a location score based at least in part on the analysis of the data representing the second social media post. If the location score exceeds a threshold location score, the system associates the second social media post with the first geographic location.

Abstract: A system and method are provided for tagging data. The method is executed by a device having a communications module and includes providing via the communications module, to a client device, an option to associate tags with an event, the option providing at least one automatically determined tag based on: i) the event, ii) an entity associated with the client device, or iii) stored tag data associated with a plurality of client devices. The method also includes receiving via the communications module, from the client device, at least one tag added by the client device, and associating the at least one tag with the event and store the association with the stored tag data. The method also includes enabling via the communications module, the at least one tag to be displayed in a user interface comprising a listing of events, and using the at least one tag in executing a follow up action associated with the client device.

Abstract: Techniques are described herein for processing intra- and inter-messaging platform communications, including by receiving and analyzing messages originating from one sender for distribution to a recipient, where the sender and recipient may be on a same or separate messaging platform. Clusters of such messages with similar contents or other similar characteristics are identified and categorized, such as in accordance with configuration information regarding one or both of the originating and destination messaging platforms. Based on a determination of one or more categories associated with such an identified message cluster, as well as an analysis of metadata associated with the profile of the sender of the messages, various actions may be taken with respect to such message clusters or with parties associated with such message clusters, including actions based at least in part on the configuration information.

Abstract: An electronic apparatus for establishing a Dual-Stack Lite (DS-lite) tunnel is provided. The apparatus sends a request for an Internet Protocol (IP) address of a Domain Name System (DNS) server and a domain name of an Address Family Transition Router (AFTR) server to a Dynamic Host Configuration Protocol (DHCP) server using an IP address of the DHCP server, receives the IP address of the DNS server and the domain name of the AFTR server from the DHCP server in response to the request, sends a DNS query including the domain name of the AFTR server to the DNS server using the IP address of the DNS server. In response to the DNS query being successful, the apparatus receives an IP address of the AFTR server from the DNS server, and establishes the DS-lite tunnel between the apparatus and the AFTR server using the IP address of the AFTR server.

Abstract: A method performed by a node (111) supporting operation on a Constrained Application Protocol (CoAP), but incapable of supporting operation on a Domain Name System (DNS) protocol. The node (111) encodes (402) a DNS query into a first message (601, 701), which has a format supported by the CoAP. The DNS query is mapped to the CoAP format of the first message (601, 701) based on a mapping scheme. The node (111) then initiates sending (403) the first message (601, 701) to another node (112) operating in the communications network (100). The another node (112) supports operation on the CoAP and on the DNS protocol. The node (111) finally receives (404) a second message (620, 706) from the another node (112), which has the format supported by the CoAP. The second message (620, 706) comprises the DNS response to the sent DNS query. The DNS response is mapped to the CoAP format of the second message (620, 706) based on the mapping scheme.

Abstract: A network includes at least two nodes that employ a routing protocol to communicate across a network. One of the nodes is a parent node and another of the nodes is a child node of the parent node. An address generator assigns a unique network address to the child node by appending an address value of a number of bits to a parent address of the parent node to create the unique network address for the child node.

Abstract: In some embodiments, a method receives a packet for a flow from a first application in a first workload to a second application in a second workload. The packet includes an inner header that includes layer 4 information for the first application. The method determines if a setting indicates an outer source port in an outer header should be generated using layer 4 information from the inner header. The setting is based on an analysis of packet types in the flow to determine if fragmented packets are sent. When the setting indicates the outer source port in the outer header should be generated using layer 4 information from the inner header, the method generates the outer source port using the layer 4 information for the first application from the inner header. The packet is encapsulated using the outer header, wherein the outer header includes the outer source port.

Abstract: Systems and methods may include sending, to a network registrar, a first message including a first nonce generated by a host computing device, and receiving, from the network registrar, a second message including a second nonce, the second nonce being signed by the network registrar via a private key of a first public key infrastructure (PKI) key pair of the network registrar via a first signature. The method further includes sending a first neighbor advertisement (NA) message to the host computing device including the second nonce. The second nonce and the private key of the network registrar verifies the first signature from the network registrar, the verification of the first signature indicating that the router is not impersonating the network.

Abstract: A system and method for facilitating controlled access by a client device to one or more services provided by a server are disclosed. The client device's access to the services provided by the server may be dynamically controlled by a controller, which may generate instructions to an agent to effectuate the access control. The agent may be configured to control one or more access components associated with the server. The instructions generated by the controller may instruct the agent to cause the access control components to grant or remove the client device's access to the services provided by the server. In some implementations, the controller may generate such instructions based on a status of a session established between the controller and the client device.

Abstract: An integrated security system is described that integrates broadband and mobile access and control with conventional security systems and premise devices to provide a tri-mode security network (broadband, cellular/GSM, POTS access) that enables users to remotely stay connected to their premises. The integrated security system, while delivering remote premise monitoring and control functionality to conventional monitored premise protection, complements existing premise protection equipment. The integrated security system integrates into the premise network and couples wirelessly with the conventional security panel, enabling broadband access to premise security systems. Automation devices (cameras, lamp modules, thermostats, etc.) can be added, enabling users to remotely see live video and/or pictures and control home devices via their personal web portal or webpage, mobile phone, and/or other remote client device.

Abstract: Disclosed herein are systems and methods for storing patient medical information on a local processing device, anonymizing a portion of that medical information and storing it on a second processing device, exposing that anonymized medical information to a third processing device coupled to the second processing device through a network, and restricting users of the third processing device to only accessing HIPAA compliant medical information. Alarms are included for indicating the improper transfer of HIPAA data.

Abstract: Systems and methods for implementing a micro firewall in a mobile application are provided here. Firewall logic can be injected or provided to a mobile application. The firewall logic can provide one or more rules for processing network traffic from application programming interfaces (APIs) of the mobile application. The mobile application having the firewall logic can be made available for installation on a mobile device. The mobile application having the firewall logic can be provided or installed on to a mobile device. During execution of the mobile application, the firewall logic of the mobile application can hook a plurality of API calls of the mobile application relevant to network traffic. The firewall logic can apply one or more rules of the firewall logic to process network traffic corresponding to an API call of the plurality of API calls of the mobile application.

Abstract: Methods, devices, and a non-transitory computer-readable storage mediums for processing an access request. The method includes receiving the access request and generating a suffix of a first IPv6 address corresponding to the access request according to a predetermined algorithm based on a uniform resource locator of a resource requested to be accessed. The method also includes viewing a suffix of a second IPv6 address in an access process corresponding to the access request and comparing the suffix of the first IPv6 address with the suffix of the second IPv6 address. The method further includes judging whether the access request is legal based on the comparison result.

Abstract: A network device communication system can configure network devices (e.g., a primary and secondary database) to send and receive sequences messages, such as replication data, over a channel comprising a plurality of private network nodes. The messages can be generated and encrypted using one or more key pairs and changing wrapping replication keys to send and receive the messages between different types of database deployments.

Abstract: Methods for dynamic forward proxy chaining are performed by systems and devices. A forward proxy server receives an electronic communication message that includes destination information in a header and payload information. Destination information includes an ordered set of subsequent destination identifiers associated with subsequent forward proxy servers and an ultimate destination identifier for the electronic communication message. The destination information in the electronic communication message is modified by the forward proxy server to generate a modified electronic communication message. Based on proxy operations performed by the forward proxy server, destination information is modified by removing destinations, adding destinations, altering ports for destinations, and other modifications.

Abstract: A computer system providing a methodology for bypassing an endpoint in a proxy network. The system and method reduce the number of endpoints in the proxy network between a source computer and a target computer through which network packets must traverse, thereby reducing the latency of information transfer between the source and target computers.

Abstract: A Data Leakage Prevention (DLP) device and a method for processing a packet are disclosed. The DLP device receives an IP packet sent by a user device, wherein the IP packet includes TCP port information; and detects whether a first TCP connection is established between the DLP device and the user device. If the first TCP connection is not established, when the IP packet is a data packet, an application layer protocol for transmitting the IP packet is determined by comparing a packet feature of the IP packet with packet features corresponding to respective application layer protocols. When the application layer protocol for transmitting the IP packet is listened to, a pair of TCP connections is established according to the TCP port information, wherein the pair of TCP connections includes the first TCP connection and a second TCP connection between the DLP device and a server.

Abstract: A network device and a peripheral device for attachment with a medical imaging device provides for the encryption and conversion of a medical image into a secure and standardized image file format as well as the communication of the encrypted and/or converted image to a secure server on a remote network. The devices may detect an unencrypted medical image file transmitted and encrypt and convert selected medical image files associated with the medical data based on standardized medical data format specifications that correlate with an output destination type. An encryption and conversion unit may be incorporated within the hardware and software of a medical imaging device or another network device in order to provide the capability for encrypting a medical image for transmission that is compatible with a destination device or network.

Abstract: Technologies for attesting a deployment of a workload using a blockchain includes a compute engine that receives a request from a remote device to validate one or more parameters of a managed node composed of one or more sleds. The compute engine retrieves a blockchain associated with the managed node. The blockchain includes one or more blocks, each block including information about the parameters of the managed node. The compute engine validates the blockchain and sends an indication that the blockchain is valid to the requesting device.

Abstract: A method includes obtaining, by a user computing device, a one-time use code from a merchant computing entity to initiate a data conveyance. The method further includes sending, by the user computing device, the one-time use code and a request to initiate the data conveyance. The method further includes translating, by the secure data conveyance device, the amount of the cryptocurrency to a substantially equivalent amount of the desired currency. The method further includes generating, by the trusted SVA device, an SVA representative of the substantially equivalent amount of the desired currency. The method further includes sending, by the secure data conveyance device, the one-time use code, the SVA, a merchant computing entity identifier (ID) associated with the merchant computing entity, and an expiration time frame to use the SVA to the user computing device. The method further includes verifying, by the merchant computing entity, the one-time use code.

Abstract: A system includes an intelligent electronic device (IED) of an electric power distribution system and a key device. The key device is configured to perform operations that include receiving a request from the TED for communication with an additional component of the electrical power distribution system, establishing a Media Access Control security key agreement (MKA) connectivity association with the TED in response to receipt of the request, generating a security association key (SAK) in response to receipt of the request, and distributing the SAK to the IED via the MKA connectivity association to enable the TED to use the SAK to communicate via a Media Access Control security (MACsec) communication link that is isolated from the key device.

Abstract: The present invention provides methods, apparatuses, and systems for delivering protected streaming content to a receiving device. In an aspect of the present invention, a broadcaster provides streaming content. To ensure viewers are properly authorized, the streaming content is encrypted with a traffic key. The traffic key is provided to the users via a key stream message, which is encrypted with a service key. The user obtains at least one rights object from a rights issuers and the at least one rights object includes the service key so that the streaming content may be used. The at least one rights object also contains information regarding usage rights that may be configured by the rights issuer so that, depending on the user and/or the receiving device, different rights may be available. The key stream message may include a program category variable value that indicates the type of content and in conjunction with the rights object, determines what usage rights exist for the streaming content.

Abstract: Systems, devices, and methods are disclosed for selectively decrypting SSL/TLS communications. Contents of the decrypted communications that may result in some action; for example, to terminate the communications, or to log and store the plaintext packets of the communications for subsequent content inspection and analysis. A SSL/TLS proxy may examine the information contained in the TLS handshake protocol and/or examine other information associated with the connection. Based on the examination, a proxy may determine whether or not to decrypt the encrypted communications. The proxy may take additional actions based on content inspection.

Abstract: A data transmission method includes a step in which a first device generates a first encrypted packet by encrypting a packet addressed to a second device with an associated first encryption key. A device to be a transmission destination of the first encrypted packet is determined. A second encrypted packet is generated by encrypting the first encrypted packet with an associated second encryption key, and the second encrypted packet is transmitted to the determined device. The method includes determining another device and executing the transmission step if the decrypted first encrypted packet is not addressed to the device itself in the determination regarding whether or not the decrypted first encrypted packet is addressed to the device itself and of further decrypting the first encrypted packet if the decrypted first encrypted packet is addressed to the device itself.

Abstract: A system, apparatuses and methods are provided to download and process data and other content streamed over a wide area network using one or more dynamically fetched, material specific, data handlers (e.g., download assistants). A download assistant fetches a data stream from a remote location and processes the streamed data iteratively using buffers and multi-threaded processes through the decoder (e.g., codec), allowing source material-specific processing of the data as it is streamed from one or more download sources as well as content-indifferent and platform-indifferent decoding. To minimize versioning issues, payload construction for secure delivery is simplified to packing and encrypting a directory tree containing any number of files or other digital media into an archive and, when needed, dividing a payload into multiple files or archives with a descriptor that lists the archives.

Abstract: A system and method for providing access to data of a user or services relevant to a user. A customer data key is created by a server that is specific to an application, the user of the application, and the device upon which the application resides. The server may receive an application programming interface call to create the customer data key; however, any call accessing or affecting user-specific data which does not contain a valid and authorized customer data key may be rejected. To authorize the access to the offered data or services, the user conducts an entirely separate transaction not mediated by the application. During this separate transaction, the customer data key may be activated, permitting access to the data or services using the activated customer data key.

Abstract: An integrated circuit device includes encryption circuitry to encrypt a data packet and scheduler circuitry to receive the encrypted data packet from the encryption circuitry. The scheduler circuitry monitors a duration of time associated with egress of the encrypted data packet, holds the encrypted data packet until the duration of time matches a threshold duration of time, and transmits the encrypted data packet in response to the duration of time matching the threshold duration of time.

Abstract: Techniques are disclosed relating to a delayed presentation of authentication challenge for users, such as in the context of a chat session. In various embodiments, a server system receives an indication of a request for service initiated by a user in a chat session within an application executed by a client device. The request for service involves an authentication of the user that is dependent on the authentication being successfully completed within a particular time period after the authentication is initiated. The server system delays the initiation of authentication for the request for service until a readiness condition is satisfied. The readiness condition includes the server system being available to process the request for service, as well as subsequently detecting engagement with the user relating to the request for service. In response to the readiness condition being satisfied, the server system initiates the authentication of the user.

Abstract: Systems and methods for implementing multi-factor system-to-system authentication using secure execution environments. An example method comprises: determining, by a first computing system, using a secure execution environment, a measure of one or more computing processes running on the first computing system; presenting, to a second computing system, a first authentication factor derived from the measure computing, using the secure execution environment, a second authentication factor derived from at least one of: one or more first data items received from the second computing system, one or more confidential second data items received from one or more third computing systems, or one or more public data items received from one or more fourth computing systems; and presenting the second authentication factor to the second computing system.

Abstract: Techniques are described for using a single application to interact with multiple separate realms simultaneously while maintaining data security boundaries. For example, a web browser may be used to access and interact with the multiple separate secure realms while maintaining data security boundaries between the systems. Multiple concurrent sessions may be established for a user between the web browser and multiple realms. Separate sets of security credentials (e.g., credentials used for authentication and authorization purposes) may be used to establish the sessions and for operations performed in the realms via the sessions. The application can also execute logic (e.g., via machine-executable code or instructions) for automating operations performed in the realms, such as, automating the initiation of a certain operation in one realm based upon a response received from another realm, causing operations to be initiated in two different realms such that the operations overlap in the time; and the like.

Abstract: The present disclosure relates to a system and a method for autonomously operating a public ledger-based credential, the method including registering credential issuance authority information in a public ledger of a blockchain platform, and verifying a credential issued to a first computing device by referring to the credential issuance authority information registered in the public ledger. The credential issuance authority information includes an attribute value range assigned to a credential issuer and public key information of the credential issuer. A second computing device verifies the credential issued to the first computing device by referring to the credential issuance authority information registered in the public ledger.

Abstract: Methods and systems for transmitting content during a networked conference. In an embodiment, a method is provided for secure access to online events. The method includes receiving a request from a user to access an online event, obtaining a user email address, an event identifier and an event passcode, and hashing the user email address, the event identifier and the event passcode to generate a ticket hash value. The method also includes forming a secure ticket that comprises the ticket hash value, and transmitting the secure ticket to the user. The method also includes receiving the secure ticket from the user when the user want to access the event, hashing the user email address, the event identifier, and the event passcode to generate a confirming hash value, and comparing the two hash values and granting event access to the user if the two hash values match.

Abstract: Example methods and systems for context-aware network policy enforcement are described. In one example, a computer system may detect a request for a client device to access a destination server. The computer system may extract, from the request, connection information identifying a connection to be established for the client device to access the destination server; and map the connection information to contextual information associated with the client device or a user operating the client device, or both. Based on the contextual information, the computer system may apply one or more network policies to determine whether to allow or deny access by the client device to the destination server. In response to determination to allow the access, a first response may be generated and sent to allow establishment of the connection. Otherwise, a second response may be generated and sent to block establishment of the connection.

Abstract: A system is provided for increasing authentication complexity for access to online systems. In particular, the system may use a hidden or obscured method for creating and enforcing a multi-factor authentication scheme. In this regard, the system may introduce authentication logic to a particular application in the network environment such that one or more “invalid” login credentials are generated by a local agent using a pre-shared key and/or algorithm. A back-end authentication system may be calculate its own set of “invalid” login credentials based on the same pre-shared key and/or algorithm, then subsequently compare the calculated incorrect credentials with the incorrect login credentials received from the local agent. If a match is detected, the system may permit a valid set of authentication credentials to be provided to authorize access to the target application and/or online system.

Abstract: Techniques for using a single sign-on (SSO) service as a software defined networking (SDN) controller for a virtual private network environment. The techniques disclosed herein may include receiving, at a first authentication service, first data including a first request to authenticate a user of a client device to access an application. The techniques may also include sending, to the client device, second data representing a second request configured to prompt a second authentication service to authenticate the user of the client device. Additionally, the first authentication service may receive an indication that the user was authenticated by the second authentication service and determine, based at least in part on an attribute associated with at least one of the client device or the application, whether the client device is to access the application using an unsecured connection or, alternatively, access the application using a secured connection.

Abstract: Network controls for application access secured by transport layer security (TLS) using single sign on (SSO) flow may be provided. An application access request for authenticating a user may be received in response to the user requesting an access to an application. User credentials associated with the user may be validated. In response to validating the user credentials, user attributes associated with the user may be determined. Network controls for a user session associated with the application access request may be determined based on the user attributes. The application access request may be redirected to a plain text user session. The plain text user session may comprise the network controls for the user session.

Abstract: A method, system, and computer readable medium are disclosed for providing enterprise multi-technology core and subscriber management. In one embodiment a method includes providing an enterprise network including: at least one Open connect Provider (OP); at least one Access Point (AP) in communication with at least one OP; a locally placed edge core in communication with at least one AP; and using a single sign on service for the edge core to allow different services to be used by different users.

Abstract: The present disclosure relates to a microcontroller comprising a memory module for storing a digital certificate, a network module for establishing a connection with a network, and a processor. The processor is configured to establish a connection with a network computer located in the network, to request a digital certificate from the network computer, to receive the digital certificate from the network computer, to store the digital certificate in the memory module, and to exchange user data with the network computer, provided that a previous verification of the digital certificate of the microcontroller has been successful. The present disclosure further relates to a method for communication between a microcontroller and a network computer as well as to a network computer and a communication system.

Abstract: Upon an attempt to access a service of a third-party server, full-duplex password-less authentication provides a one-time password to the user displayed at the client device and at a mobile device associated with the user. The user verifies the access by comparing the one-time password displayed at the mobile device and the one-time password displayed at the client device. In some embodiments, the one-time password is displayed as a picture while in other embodiments, a combination of a picture the one-time password is displayed as a picture and a set of alphanumeric characters for ease in making the comparison. The user determines whether to accept or deny the authentication sequence after a simple visual comparison.