Abstract: An access management process orchestration method, an access management governance orchestrator, and a computer program product. One embodiment may comprise receiving a request for accessing a managed resource of an information system, querying an authorization for accessing the resource from an access manager, and in response to the querying of the authorization, requesting an access control policy update to grant the access to the managed resource. Receiving the request, querying the authorization, and requesting the access control policy update may comprise generating a transaction record, and adding the transaction record to a distributed ledger, wherein the distributed ledger simultaneously maintains the transaction record at multiple nodes throughout a network.

Abstract: Methods, apparatus, and computer program products for computing device digital certificates that include a geographic extension are disclosed herein. One method includes a processor managing a digital certificate for a first computing device, in which the digital certificate includes a geographic extension, and populating the geographic extension with a distance value that enables the digital certificate to be validated via the populated geographic extension. Apparatus and computer program products that include hardware and/or software that can perform the methods for computing device digital certificates that include a geographic extension are also disclosed herein.

Abstract: Token generation and management are disclosed, including: generating a token corresponding to a set of user data based at least in part on a token generation policy; storing a mapping between the token and the set of user data; and determining whether to grant a token resolution request associated with the token based at least in part on a token access policy associated with the token and a context parameter associated with the token resolution request.

Abstract: A map obtainable by an agricultural harvester contains regime zones with settings resolvers. A plurality of different target actuator settings corresponding to the geographic location of the agricultural work machine are identified. A regime zone is identified based on the geographic location of the agricultural harvester. One of the plurality of different target actuator settings is selected as a resolved target actuator setting based on the settings resolver corresponding to the identified regime zone and is used to control the agricultural harvester.

Abstract: Systems, methods, and non-transitory computer-readable storage media for using mobile network authentication factors to authenticate a mobile device.

Abstract: Systems and methods are provided for checking many users in to a location using a Bluetooth® low energy (BLE) beacon. The provided systems and methods may allow a BLE beacon to facilitate a check in with a remote server that processes check ins and then disconnect from the device used to check in. The device may be assigned a unique identifier that may be broadcast from the device during the check in so that the BLE beacon can quickly scan for the identifier and connect with the device based on the identifier to provide content and other information to the device.

Abstract: A determination system includes: a memory; and a processor coupled to the memory and programmed to execute a process comprising: acquiring location data representing a location of one or more user devices including a first sensor; searching for one or more public devices that is at a location corresponding to the location of the user device and that includes a second sensor having a same function as that of the first sensor included in the user device; requesting the user device to measure using the first sensor to acquire measurement data of the first sensor; acquiring measurement data of the second sensor included in the public device; and determining whether a user of the user device is legitimate based on a result of matching the measurement data of the first sensor with the measurement data of the second sensor.

Abstract: The present technology relates to an information processing apparatus, an information processing method, and a program that allow a sensing time of a sensor to be easily and accurately determined. An information processing apparatus includes a control circuit that outputs a control signal for controlling a sensing timing of a sensor, a counter that updates a counter value in a predetermined cycle, and an addition circuit that adds, to sensor data output from the sensor, sensing time information including a first counter value, a second counter value, and a GNSS (Global Navigation Satellite System) time in a GNSS. The first counter value is obtained when the control signal is output from the control circuit, and the second counter value is obtained when a pulse signal synchronous with the GNSS time is output from a GNSS receiver. The present technology can be applied to, for example, a vehicle-mounted camera.

Abstract: A personal digital key (e.g., which can be carried by a human) contains a memory having different service blocks. Each service block is accessible by a corresponding service block access key. As the personal digital key (PDK) moves around, it is detected by sensors. The sensors report position data, thus enabling location tracking of the PDK. The sensors also provide a data path to various applications. An application that has access to a service block access key can therefore access the corresponding service block on the PDK. The sensors themselves may also contain service block access keys.

Abstract: Systems and processes for operating an intelligent automated assistant are provided. In one example process, a spoken user input, including at least a spoken message and an identity of an intended recipient, is received. After storing the spoken message and the recipient identity, if a user becomes proximate to a first electronic device and the identity of the user is determined to match the recipient identity, the spoken message is provided to the user at the first electronic device.

Abstract: A transaction authentication system authenticates a transaction by determining whether a mobile device and POS device involved in the transaction are at the same location. A POS registry stores location data for POS devices. A PAN registry stores mobile device IDs corresponding to account numbers. A mobile device ID can be provided from the PAN registry in response to receiving an account number from a POS device. The mobile device ID can then be used to retrieve location information from a home location register maintained by a mobile service provider. The retrieved location data for a POS device and the retrieved location data for a mobile device are compared.

Abstract: The number of operational errors where a user unintentionally logs in as another user in quick login is reduced.

Abstract: The present disclosure relates to a router, a method for a router, a computer readable medium and an apparatus. A router is provided, comprising: a memory having instructions stored thereon; and a processor configured to execute the instructions stored on the memory to cause the router to: receive a request from a first client device to access a graphical user interface (GUI) of the router; determine whether the first client device is a trusted device according to a physical address of the first client device; and based at least on the determination that the first client device is a trusted device, allow the first client device to access the GUI of the router without entering a password.

Abstract: A use right information processing apparatus securely manages a use right without using an authentication server and appropriately allowing a valid user to use a device. The apparatus performs processing related to authentication and authorization for a user to use a device to be controlled using a smart contract. The apparatus stores authentication data shared with a user terminal used by the user and having a different value for each process, receives signature data generated in the user terminal by signing the authentication data using a secret key corresponding to the user, derives a public key corresponding to the secret key from the signature data and the authentication data using an elliptic curve digital signature algorithm, and obtains, using the public key or corresponding identification information, information regarding a use right of the device of the user recorded in advance in association with the public key or the identification information.

Abstract: Described herein are systems, methods, and software to manage private networks for computing elements. In one example, a computing element may obtain credential information associated with a user and generate a public-private key pair for the computing element. The computing element may further communicate the public key from the pair with metadata to a coordination service to register the computing element at the coordination service. Once registered, the computing element may receive communication information associated with one or more other computing elements that permit the computing element to communicate with the other computing elements.

Abstract: A second data source may retrieve metadata for one or more versions of a set of versions of a file stored at the first data source. In some examples, the metadata for the one or more versions of the file may include at least an identifier of the file, a timestamp, and a cryptographic signature. In some examples, generation of the cryptographic signature may be based on the identifier of the file, the timestamp, and a cryptographic key. The second data source may identify a set of versions of the file that were uploaded from a trusted data source to the first data source based on a comparison of the cryptographic signature to a computed cryptographic signature. The second data source may then determine a targeted version of the file and retrieve the targeted version of the file from the first data source.

Abstract: A pay television satellite broadcast includes validation data that can be used to validate authenticity of live global positioning system (GPS) data. The validation data may be included within entitlement messages and encrypted for security and selective reception by authorized receivers. A navigation system may compute checksums of received live GPS data and compare with the validation data for a match. A decision about whether or not to use the live GPS data may be taken based on whether or not the computed checksums match the validation data received via the pay television satellite broadcast signals.

Abstract: An object security system comprising a data store storing a document, a processor, and a memory coupled to the processor. The object security system comprises a set of computer instructions executable to provide a user interface to a user, the user interface having controls to allow the user to provide a geo-lock definition for the document, receive the geo-lock definition and assert a geo-lock on the document in the data store based on the geo-lock definition. The geo-lock is enforceable to allow access to the document based on a determination that a target geographic location associated with the document is an allowed location specified by the geo-lock and enforceable to take an action based on a determination that the target geographic location associated with the document is not the allowed location specified by the geo-lock.

Abstract: The disclosed embodiments generate a plurality of anomaly detector configurations and compare results generated by these anomaly detectors to a reference result set. The reference result set is generated by a trained model. A correlation between each result generated by the anomaly detectors and the result set is compared to select an anomaly detector configuration that provides results most similar to those of the trained model. In some embodiments, data defining the selected configuration is then communicated to a product installation. The product installation instantiates the defined anomaly detector and analyzes local events using the instantiated detector. In some other embodiments, the defined anomaly detector is instantiated by the same system that selects the anomaly detector, and thus in these embodiments, the anomaly detector configuration is not transmitted from one system to another.

Abstract: The present disclosure is directed to systems and methods for first hop security in a multi-site and multi-vendor cloud. The method may include receiving, at a first hop security (FHS) device located within a defined security perimeter, a message from a first host; validating a security of the message; signing the message with a signature to prove validation of the message, the signature comprising at least a Crypto-ID Parameters Option (CIPO) and a Neighbor Discovery Protocol Signature Option (NDPSO); and transmitting the signed message to one or more network FHS devices within the security perimeter.

Abstract: In an approach for enabling multiple users to make e-commerce purchases from interactive advertisements using wearable device gestures, a processor identifies a wearable device attempting to pair with a smart display. A processor verifies a user wearing the wearable device is an authenticated user. A processor detects a gesture made by the user based on a sensor of the wearable device. A processor identifies an action the gesture is mapped to. A processor determines whether the user is authorized to complete the action mapped to the gesture detected. Responsive to determining that the user is authorized to complete the action mapped to the gesture, a processor completes the action the gesture is mapped to.

Abstract: In certain embodiments, a distance threshold may be adjusted, and authentication may be performed based on the adjusted distance threshold. In some embodiments, an authentication request from a first user device associated with a user may be received. First location information of the first user device and second location information of a second user device may be obtained. A distance between the first and second user devices may be determined based on the first and second location information. A distance threshold may be adjusted based on whether such location information is obtained over the same wireless network, whether such information is obtained over a public wireless network, whether an IP address from which such location information is obtained matches a stored IP address, or other criteria. The user may be authenticated based on a comparison of the distance to the adjusted distance threshold.

Abstract: Briefly, example methods, apparatuses, and/or articles of manufacture are disclosed that may be implemented, in whole or in part, using one or more processing devices to facilitate and/or support participation in computing activities by multiple parties having limited mutual trust. In one embodiment, computation may occur in a secure processing environment (SPE) while one or more untrusted parties reside outside of the SPE.

Abstract: Systems and methods are provided for checking many users in to a location using a Bluetooth® low energy (BLE) beacon. The provided systems and methods may allow a BLE beacon to facilitate a check in with a remote server that processes check ins and then disconnect from the device used to check in. The device may be assigned a unique identifier that may be broadcast from the device during the check in so that the BLE beacon can quickly scan for the identifier and connect with the device based on the identifier to provide content and other information to the device.

Abstract: In an aspect of the present disclosure, there is provided a method of transmitting a vehicle-to-pedestrian (V2P) message. The method may comprise checking whether a timer is running, generating and storing an identifier when the timer is not running, encoding a personal safety message (PSM) according to a predetermined method and storing the encoded PSM as a lead V2P message and transmitting the generated identifier and the lead V2P message.

Abstract: In a motor vehicle accident data memory and method of operating it, a reference time is determined by a satellite navigation system, and a system time is synchronized with the reference time. When an accident is detected, accident data and the system time are recorded in a non-volatile memory.

Abstract: The present disclosure discloses a remote login processing method, apparatus, device and storage medium for an unmanned vehicle, and relates to the technical field of remote control. The implementation method of the specific method includes: sending a login request to an unmanned vehicle terminal through a first communication channel in response to a the login request received from an operator, and waiting to receive a reply instruction returned by the unmanned vehicle terminal; returning the reply instruction to the operator through the second communication channel in response to the reply instruction received from the unmanned vehicle terminal, so that the operator logs in the unmanned vehicle terminal according to the reply instruction, where there is a persistent connection state that unidirectionally authenticated between the second communication channel and the unmanned vehicle terminal.

Abstract: The present disclosure relates to a system and method for controlling data interception in a communication network. One or more requests from a user for accessing one or more microservices are received through an Application Programming Interface (API). Information associated with one or more requests is the detected and requests are classified as secured microservice request and non-secured microservice request. The information is detected through predefined rules. Authentication token is then issued for secured microservice based on the detecting. The authentication token stores information detected by the detector in a geo storage system. The one or more requests are then routed according to the authentication token towards one or more corresponding microservices of the one or more microservices.

Abstract: A method for monitoring an unmanned aerial vehicle (UAV) includes a processor generating a datagram based on monitoring data for a UAV-detector communication between the UAV and one or more detectors. The monitoring data indicates at least one of a location of the UAV or a location of a control station in communication with the UAV. The method further includes the processor encrypting working data for a UAV-control station communication between the UAV and the control station using an encryption key known to the control station but now known to the one or more detectors, and a transmitter transmitting the datagram along with encrypted working data. The datagram is to be received by the one or more detectors and the encrypted working data is to be received and deciphered by the control station using the encryption key.

Abstract: To effectively and efficiently provide control information, a broadcast pointer channel (BPCH) may be used to identify the type and perhaps relative location of control information that is being provided in a given frame structure, such as a sub-frame, frame, or superframe. A sub-frame (or like framing entity, such a frame or superframe) may have a BPCH and a corresponding system control information segment in which control information may reside. The system control information segment may have any number of control information blocks, wherein each control information block that is present may correspond to a particular type of control information. The BPCH is used to identify the type of control information that is present in a corresponding system control information segment, and if needed or desired, the relative locations of the various control information.

Abstract: Disclosed are a terminal verification method, an AP device, a terminal and a system, wherein the AP device is an encrypted AP device. The method comprises: receiving a connection request sent by a first terminal, wherein the connection request comprises identification information of the first terminal; querying an authorization list according to the identification information of the first terminal, wherein the authorization list includes identification information of terminals located within a preset password-free range; and returning an authorization response to the first terminal when the authorization list includes the identification information of the first terminal, wherein the authorization response is used for instructing the first terminal to establish a network connection with the AP device.

Abstract: A pay television satellite broadcast includes validation data that can be used to validate authenticity of live global positioning system (GPS) data. The validation data may be included within entitlement messages and encrypted for security and selective reception by authorized receivers. A navigation system may compute checksums of received live GPS data and compare with the validation data for a match. A decision about whether or not to use the live GPS data may be taken based on whether or not the computed checksums match the validation data received via the pay television satellite broadcast signals.

Abstract: According to one embodiment, a method, computer system, and computer program product for managing access to one or more protected web resources based on the location of an approver is provided. The present invention may include granting the requestor access to the protected web resource based on one or more access requirements being met, wherein at least one access requirement comprises a location of one or more authorization devices corresponding with one or more approvers being within a threshold distance of a computing device of a requestor requesting a protected web resource.

Abstract: A storage device for providing an improved security function may include a nonvolatile memory device, a position information generator generating first position information indicating a first geographical position of the nonvolatile memory device when an authentication request is input, a user information storage storing user information for accessing the nonvolatile memory device, the user information including second position information, and an access controller obtaining, in response to an authentication request provided from an external host, the first position information from the position information generator, and disposing of data stored in the nonvolatile memory device depending on whether the second position information included in the user information matches the first position information.

Abstract: An information processing system includes an authentication server, a proxy authentication terminal, and an information processing device. The authentication server is connected to a wide-area line located outside a prescribed area, has an authentication privilege, and issues an authentication code. The proxy authentication terminal is connected to the authentication server through the wide-area line, has a proxy authentication privilege which serves as a proxy for the authentication privilege, and issues a proxy authentication code. The information processing device is connected to the proxy authentication terminal through a local-area line located within the prescribed area, receives the proxy authentication code from the proxy authentication terminal, and instructs processing of a job.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for proximity-based access. In some implementations, a computing device detects an attempt to access the computing device while the computing device is in a secured state. In response to detecting the attempt to access the computing device, the computing device sends a first message to a server system over a network. After sending the message, the computing device receives a second message from the server system over the network, the second message comprising authentication data for the computing device. The computing device determines that a mobile device that was previously designated as an authentication factor for accessing the computing device is located within a predetermined level of proximity of the computing device, and the computing device grants access to the computing device.

Abstract: An antenna direction adjustment apparatus (10) according to the present invention includes: auxiliary unit (14) for an adjustment of a direction of an antenna; acquisition unit (11) configured to acquire first information related to a first radio communication apparatus, and second information related to a second radio communication apparatus configured to perform opposite radio communication with the first radio communication apparatus; determination unit (12) configured to determine whether a use license of the auxiliary unit (14) is valid based on a combination of the first information and the second information; and instruction unit (13) configured to provide an instruction to operate the auxiliary unit (14) when it is determined that the use license is valid. This configuration makes it possible to provide an antenna direction adjustment apparatus capable of appropriately limiting an adjustment of a direction of an antenna by a license.

Abstract: Systems, methods, and computer-readable media for performing a cloud-based authentication of a mesh point are described. A mesh point can send out a probe request that includes information indicating that the mesh point has entered a cloud-based porting mode. Upon receiving the probe request, the mesh portal sends an authentication request to a cloud system. The cloud system returns an authentication response indicating whether the mesh point has been authenticated. If successfully authenticated, the cloud system or a device forming part of the mesh deployment such as a virtual controller pushes the mesh configuration to the mesh point. In this manner, a mesh point can be configured with the correct mesh configuration without having to first push the mesh configuration to the mesh point at a common staging location and then physically move the mesh point to its serving location, as is the case in conventional mesh deployments.

Abstract: Techniques are provided for automated key management for accessing remote devices using single sign-on techniques. One method comprises maintaining a data record identifying target user devices that a given source user device is authorized to access; and initiating storage of a public key of the given source user device in a file of at least one target user device, wherein the given source user device accesses the at least one target user device using a secure remote connection protocol based on the public key of the given source user device stored in the file of the at least one target user device. The data record may further comprise a fingerprint of a key of the at least one target user device, and the method may further comprise comparing a fingerprint of the key returned by the at least one target user device to the fingerprint of the key obtained from the data record.

Abstract: Disclosed embodiments provide for detection of fraudulent electronic security tokens. A compromised private key allows forgery of electronic security tokens, which then allow access to computer resources. Some embodiments track sequence numbers issued by a token issuing authority and are then able to predict sequence numbers issued by the token issuing authority going forward. Some embodiments also determine validity of a token based, at least in part, on a service or client attempting to access resources using the token. For example, some of the disclosed embodiments maintain reputation data for clients or services utilizing electronic tokens, and make determinations on whether a token is likely valid based on the client or services reputation.

Abstract: The technology disclosed herein provides an enhanced cryptographic access control mechanism that uses a cryptographic keys that are based on proximity data. An example method may include: determining proximity data of a computing device; transforming the proximity data in view of conversion data associated with the computing device, wherein the conversion data causes a set of alternate proximity data values to transform to a specific cryptographic value; creating, by a processing device, a cryptographic key in view of the transformed proximity data; and using the cryptographic key to enable access to a protected resource.

Abstract: The proposed technology generally relates to interworking and integration of different radio access networks, and more specifically to carrier aggregation between different radio access networks such as a cellular radio access network, e.g. a 3GPP network, on one hand and a WLAN network such as Wi-Fi, on the other hand. Such tight interworking/aggregation of radio access networks puts new requirements on efficient handling of authentication and security aspects. The proposed technology provides methods, and corresponding network nodes, computer programs, carriers comprising such computer programs, and computer program products as well as arrangements to support carrier aggregation between different radio access networks.

Abstract: A method includes receiving a message comprising a user identification code via a social media messaging channel. In addition, the method includes receiving geo-location information of the device transmitting the message. The method also includes verifying the user identification code by confirming that the geo-location information complies with stored expected geo-location information. The method also includes accessing data associated with a transaction account linked to the user identification code based on the content of the message. The method further includes transmitting a reply to the received message on the social media messaging channel.

Abstract: An infusion system to administer fluid is disclosed. The infusion system includes an infusion pump having a pump processor, a pump memory and a pump radio to enable bi-directional communication. The pump memory stores a plurality of fingerprint tokens and security conditions. The infusion system includes a controller with a processor, a controller memory and a controller radio to transmit and receive communication from the pump radio. The controller includes a fingerprint scanner and a graphical user interface (GUI) and controls to manipulate the GUI. The GUI and fingerprint scanner enable the controller to scan and determine tokens based on scanned fingerprints. Additionally, communication between the infusion pump and the controller establish relative proximity between the infusion pump and the controller such that when the relative proximity exceeds a threshold distance at least one of the plurality of security conditions is automatically matched.

Abstract: The present invention relates to a georeferencing certification method actuated by means of a central unit with one or more GNSS sensors and one or more mobile devices which request the georeferencing. The mobile device will collect the information monitored by the GNSS sensor installed on the mobile device and send it to the central unit, which will compare the information received with that which it has acquired through its relative GNSS sensors. The result of the comparison will authorise, or not, the unit to issue the georeferencing certification.

Abstract: An enterprise key management server operates in association with a location service that maintains information defining at least one physical boundary of the enterprise. Upon receipt at the key management server of a request that requires release of key material, an additional security check is performed. When the request is received from a GPS-enabled storage device, the key management server queries the location service to determine whether that device is within the boundary. If so, the key material is released. If the requesting device does not provide its location, or if the location service determines that the device is not within the boundary, the key management server fails the request so that the key material is not released. In this manner, the disclosure of the key material to a device that is no longer within the confines of the enterprise, e.g., because it has been stolen, is averted.

Abstract: An information processing apparatus includes a presentation unit that gives an importance level to shared information, which is information shared in a group including plural users, and presents the shared information, the importance level becoming higher as an access frequency of the shared information becomes higher a correction unit that, when the plural users in the group are changed and the presentation unit gives the importance level to the shared information, determines a user who has left or joined the group as a reserved user and corrects an access frequency of the shared information by the reserved user to a value calculated using a method different from a method used for the other users.

Abstract: Systems and techniques for sensitive data movement detection are described herein. An attempt to relocate a file that is a member of a monitored data set may be identified. A user account associated with the attempt to relocate the file may be determined. A safe user group may be identified for the user account associated with the attempt to relocate the file. A destination may be obtained for the attempt to relocate the file. A safe zone may be determined for the monitored data set using the user account and the identification of the monitored data set. A notification may be provided based on the destination for the attempt to relocate the file and the safe user group and the safe zone.

Abstract: In some cases, signal attenuation may occur when a mobile device communicates with a vehicle. To accommodate for this, a vehicle may determine a distance between the vehicle and the mobile device by evaluating a signal strength of a wireless signal received from the mobile device. An erroneous distance result may be produced when the wireless signal is attenuated by an intervening object. A wearable device worn by the individual is used to detect the presence of the mobile device. The detection procedure involves measuring a separation distance between the wearable device and the mobile device at different instances in time as the individual swings his/her arm back and forth while moving towards the vehicle.

Abstract: The disclosure relates to interactive and adaptive systems and methods for tracking location-sensitive objects. An example method includes presenting a first set of user interfaces for receiving a visual image of the location-sensitive object, and using the image to determine an identifier and identify a geographic location. The example method also includes transmitting the identifier and the location to a remote computing device, and in response to receiving location-specific requirements. A second set of user interfaces may be generated and presented to guide a user to comply with the location-specific requirements.