Abstract: The number of operational errors where a user unintentionally logs in as another user in quick login is reduced.

Abstract: The present disclosure relates to a router, a method for a router, a computer readable medium and an apparatus. A router is provided, comprising: a memory having instructions stored thereon; and a processor configured to execute the instructions stored on the memory to cause the router to: receive a request from a first client device to access a graphical user interface (GUI) of the router; determine whether the first client device is a trusted device according to a physical address of the first client device; and based at least on the determination that the first client device is a trusted device, allow the first client device to access the GUI of the router without entering a password.

Abstract: A use right information processing apparatus securely manages a use right without using an authentication server and appropriately allowing a valid user to use a device. The apparatus performs processing related to authentication and authorization for a user to use a device to be controlled using a smart contract. The apparatus stores authentication data shared with a user terminal used by the user and having a different value for each process, receives signature data generated in the user terminal by signing the authentication data using a secret key corresponding to the user, derives a public key corresponding to the secret key from the signature data and the authentication data using an elliptic curve digital signature algorithm, and obtains, using the public key or corresponding identification information, information regarding a use right of the device of the user recorded in advance in association with the public key or the identification information.

Abstract: Described herein are systems, methods, and software to manage private networks for computing elements. In one example, a computing element may obtain credential information associated with a user and generate a public-private key pair for the computing element. The computing element may further communicate the public key from the pair with metadata to a coordination service to register the computing element at the coordination service. Once registered, the computing element may receive communication information associated with one or more other computing elements that permit the computing element to communicate with the other computing elements.

Abstract: A second data source may retrieve metadata for one or more versions of a set of versions of a file stored at the first data source. In some examples, the metadata for the one or more versions of the file may include at least an identifier of the file, a timestamp, and a cryptographic signature. In some examples, generation of the cryptographic signature may be based on the identifier of the file, the timestamp, and a cryptographic key. The second data source may identify a set of versions of the file that were uploaded from a trusted data source to the first data source based on a comparison of the cryptographic signature to a computed cryptographic signature. The second data source may then determine a targeted version of the file and retrieve the targeted version of the file from the first data source.

Abstract: A pay television satellite broadcast includes validation data that can be used to validate authenticity of live global positioning system (GPS) data. The validation data may be included within entitlement messages and encrypted for security and selective reception by authorized receivers. A navigation system may compute checksums of received live GPS data and compare with the validation data for a match. A decision about whether or not to use the live GPS data may be taken based on whether or not the computed checksums match the validation data received via the pay television satellite broadcast signals.

Abstract: An object security system comprising a data store storing a document, a processor, and a memory coupled to the processor. The object security system comprises a set of computer instructions executable to provide a user interface to a user, the user interface having controls to allow the user to provide a geo-lock definition for the document, receive the geo-lock definition and assert a geo-lock on the document in the data store based on the geo-lock definition. The geo-lock is enforceable to allow access to the document based on a determination that a target geographic location associated with the document is an allowed location specified by the geo-lock and enforceable to take an action based on a determination that the target geographic location associated with the document is not the allowed location specified by the geo-lock.

Abstract: The disclosed embodiments generate a plurality of anomaly detector configurations and compare results generated by these anomaly detectors to a reference result set. The reference result set is generated by a trained model. A correlation between each result generated by the anomaly detectors and the result set is compared to select an anomaly detector configuration that provides results most similar to those of the trained model. In some embodiments, data defining the selected configuration is then communicated to a product installation. The product installation instantiates the defined anomaly detector and analyzes local events using the instantiated detector. In some other embodiments, the defined anomaly detector is instantiated by the same system that selects the anomaly detector, and thus in these embodiments, the anomaly detector configuration is not transmitted from one system to another.

Abstract: The present disclosure is directed to systems and methods for first hop security in a multi-site and multi-vendor cloud. The method may include receiving, at a first hop security (FHS) device located within a defined security perimeter, a message from a first host; validating a security of the message; signing the message with a signature to prove validation of the message, the signature comprising at least a Crypto-ID Parameters Option (CIPO) and a Neighbor Discovery Protocol Signature Option (NDPSO); and transmitting the signed message to one or more network FHS devices within the security perimeter.

Abstract: In an approach for enabling multiple users to make e-commerce purchases from interactive advertisements using wearable device gestures, a processor identifies a wearable device attempting to pair with a smart display. A processor verifies a user wearing the wearable device is an authenticated user. A processor detects a gesture made by the user based on a sensor of the wearable device. A processor identifies an action the gesture is mapped to. A processor determines whether the user is authorized to complete the action mapped to the gesture detected. Responsive to determining that the user is authorized to complete the action mapped to the gesture, a processor completes the action the gesture is mapped to.

Abstract: In certain embodiments, a distance threshold may be adjusted, and authentication may be performed based on the adjusted distance threshold. In some embodiments, an authentication request from a first user device associated with a user may be received. First location information of the first user device and second location information of a second user device may be obtained. A distance between the first and second user devices may be determined based on the first and second location information. A distance threshold may be adjusted based on whether such location information is obtained over the same wireless network, whether such information is obtained over a public wireless network, whether an IP address from which such location information is obtained matches a stored IP address, or other criteria. The user may be authenticated based on a comparison of the distance to the adjusted distance threshold.

Abstract: Briefly, example methods, apparatuses, and/or articles of manufacture are disclosed that may be implemented, in whole or in part, using one or more processing devices to facilitate and/or support participation in computing activities by multiple parties having limited mutual trust. In one embodiment, computation may occur in a secure processing environment (SPE) while one or more untrusted parties reside outside of the SPE.

Abstract: Systems and methods are provided for checking many users in to a location using a Bluetooth® low energy (BLE) beacon. The provided systems and methods may allow a BLE beacon to facilitate a check in with a remote server that processes check ins and then disconnect from the device used to check in. The device may be assigned a unique identifier that may be broadcast from the device during the check in so that the BLE beacon can quickly scan for the identifier and connect with the device based on the identifier to provide content and other information to the device.

Abstract: In an aspect of the present disclosure, there is provided a method of transmitting a vehicle-to-pedestrian (V2P) message. The method may comprise checking whether a timer is running, generating and storing an identifier when the timer is not running, encoding a personal safety message (PSM) according to a predetermined method and storing the encoded PSM as a lead V2P message and transmitting the generated identifier and the lead V2P message.

Abstract: In a motor vehicle accident data memory and method of operating it, a reference time is determined by a satellite navigation system, and a system time is synchronized with the reference time. When an accident is detected, accident data and the system time are recorded in a non-volatile memory.

Abstract: The present disclosure discloses a remote login processing method, apparatus, device and storage medium for an unmanned vehicle, and relates to the technical field of remote control. The implementation method of the specific method includes: sending a login request to an unmanned vehicle terminal through a first communication channel in response to a the login request received from an operator, and waiting to receive a reply instruction returned by the unmanned vehicle terminal; returning the reply instruction to the operator through the second communication channel in response to the reply instruction received from the unmanned vehicle terminal, so that the operator logs in the unmanned vehicle terminal according to the reply instruction, where there is a persistent connection state that unidirectionally authenticated between the second communication channel and the unmanned vehicle terminal.

Abstract: The present disclosure relates to a system and method for controlling data interception in a communication network. One or more requests from a user for accessing one or more microservices are received through an Application Programming Interface (API). Information associated with one or more requests is the detected and requests are classified as secured microservice request and non-secured microservice request. The information is detected through predefined rules. Authentication token is then issued for secured microservice based on the detecting. The authentication token stores information detected by the detector in a geo storage system. The one or more requests are then routed according to the authentication token towards one or more corresponding microservices of the one or more microservices.

Abstract: A method for monitoring an unmanned aerial vehicle (UAV) includes a processor generating a datagram based on monitoring data for a UAV-detector communication between the UAV and one or more detectors. The monitoring data indicates at least one of a location of the UAV or a location of a control station in communication with the UAV. The method further includes the processor encrypting working data for a UAV-control station communication between the UAV and the control station using an encryption key known to the control station but now known to the one or more detectors, and a transmitter transmitting the datagram along with encrypted working data. The datagram is to be received by the one or more detectors and the encrypted working data is to be received and deciphered by the control station using the encryption key.

Abstract: To effectively and efficiently provide control information, a broadcast pointer channel (BPCH) may be used to identify the type and perhaps relative location of control information that is being provided in a given frame structure, such as a sub-frame, frame, or superframe. A sub-frame (or like framing entity, such a frame or superframe) may have a BPCH and a corresponding system control information segment in which control information may reside. The system control information segment may have any number of control information blocks, wherein each control information block that is present may correspond to a particular type of control information. The BPCH is used to identify the type of control information that is present in a corresponding system control information segment, and if needed or desired, the relative locations of the various control information.

Abstract: Disclosed are a terminal verification method, an AP device, a terminal and a system, wherein the AP device is an encrypted AP device. The method comprises: receiving a connection request sent by a first terminal, wherein the connection request comprises identification information of the first terminal; querying an authorization list according to the identification information of the first terminal, wherein the authorization list includes identification information of terminals located within a preset password-free range; and returning an authorization response to the first terminal when the authorization list includes the identification information of the first terminal, wherein the authorization response is used for instructing the first terminal to establish a network connection with the AP device.

Abstract: A pay television satellite broadcast includes validation data that can be used to validate authenticity of live global positioning system (GPS) data. The validation data may be included within entitlement messages and encrypted for security and selective reception by authorized receivers. A navigation system may compute checksums of received live GPS data and compare with the validation data for a match. A decision about whether or not to use the live GPS data may be taken based on whether or not the computed checksums match the validation data received via the pay television satellite broadcast signals.

Abstract: According to one embodiment, a method, computer system, and computer program product for managing access to one or more protected web resources based on the location of an approver is provided. The present invention may include granting the requestor access to the protected web resource based on one or more access requirements being met, wherein at least one access requirement comprises a location of one or more authorization devices corresponding with one or more approvers being within a threshold distance of a computing device of a requestor requesting a protected web resource.

Abstract: A storage device for providing an improved security function may include a nonvolatile memory device, a position information generator generating first position information indicating a first geographical position of the nonvolatile memory device when an authentication request is input, a user information storage storing user information for accessing the nonvolatile memory device, the user information including second position information, and an access controller obtaining, in response to an authentication request provided from an external host, the first position information from the position information generator, and disposing of data stored in the nonvolatile memory device depending on whether the second position information included in the user information matches the first position information.

Abstract: An information processing system includes an authentication server, a proxy authentication terminal, and an information processing device. The authentication server is connected to a wide-area line located outside a prescribed area, has an authentication privilege, and issues an authentication code. The proxy authentication terminal is connected to the authentication server through the wide-area line, has a proxy authentication privilege which serves as a proxy for the authentication privilege, and issues a proxy authentication code. The information processing device is connected to the proxy authentication terminal through a local-area line located within the prescribed area, receives the proxy authentication code from the proxy authentication terminal, and instructs processing of a job.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for proximity-based access. In some implementations, a computing device detects an attempt to access the computing device while the computing device is in a secured state. In response to detecting the attempt to access the computing device, the computing device sends a first message to a server system over a network. After sending the message, the computing device receives a second message from the server system over the network, the second message comprising authentication data for the computing device. The computing device determines that a mobile device that was previously designated as an authentication factor for accessing the computing device is located within a predetermined level of proximity of the computing device, and the computing device grants access to the computing device.

Abstract: An antenna direction adjustment apparatus (10) according to the present invention includes: auxiliary unit (14) for an adjustment of a direction of an antenna; acquisition unit (11) configured to acquire first information related to a first radio communication apparatus, and second information related to a second radio communication apparatus configured to perform opposite radio communication with the first radio communication apparatus; determination unit (12) configured to determine whether a use license of the auxiliary unit (14) is valid based on a combination of the first information and the second information; and instruction unit (13) configured to provide an instruction to operate the auxiliary unit (14) when it is determined that the use license is valid. This configuration makes it possible to provide an antenna direction adjustment apparatus capable of appropriately limiting an adjustment of a direction of an antenna by a license.

Abstract: Systems, methods, and computer-readable media for performing a cloud-based authentication of a mesh point are described. A mesh point can send out a probe request that includes information indicating that the mesh point has entered a cloud-based porting mode. Upon receiving the probe request, the mesh portal sends an authentication request to a cloud system. The cloud system returns an authentication response indicating whether the mesh point has been authenticated. If successfully authenticated, the cloud system or a device forming part of the mesh deployment such as a virtual controller pushes the mesh configuration to the mesh point. In this manner, a mesh point can be configured with the correct mesh configuration without having to first push the mesh configuration to the mesh point at a common staging location and then physically move the mesh point to its serving location, as is the case in conventional mesh deployments.

Abstract: Techniques are provided for automated key management for accessing remote devices using single sign-on techniques. One method comprises maintaining a data record identifying target user devices that a given source user device is authorized to access; and initiating storage of a public key of the given source user device in a file of at least one target user device, wherein the given source user device accesses the at least one target user device using a secure remote connection protocol based on the public key of the given source user device stored in the file of the at least one target user device. The data record may further comprise a fingerprint of a key of the at least one target user device, and the method may further comprise comparing a fingerprint of the key returned by the at least one target user device to the fingerprint of the key obtained from the data record.

Abstract: Disclosed embodiments provide for detection of fraudulent electronic security tokens. A compromised private key allows forgery of electronic security tokens, which then allow access to computer resources. Some embodiments track sequence numbers issued by a token issuing authority and are then able to predict sequence numbers issued by the token issuing authority going forward. Some embodiments also determine validity of a token based, at least in part, on a service or client attempting to access resources using the token. For example, some of the disclosed embodiments maintain reputation data for clients or services utilizing electronic tokens, and make determinations on whether a token is likely valid based on the client or services reputation.

Abstract: The technology disclosed herein provides an enhanced cryptographic access control mechanism that uses a cryptographic keys that are based on proximity data. An example method may include: determining proximity data of a computing device; transforming the proximity data in view of conversion data associated with the computing device, wherein the conversion data causes a set of alternate proximity data values to transform to a specific cryptographic value; creating, by a processing device, a cryptographic key in view of the transformed proximity data; and using the cryptographic key to enable access to a protected resource.

Abstract: The proposed technology generally relates to interworking and integration of different radio access networks, and more specifically to carrier aggregation between different radio access networks such as a cellular radio access network, e.g. a 3GPP network, on one hand and a WLAN network such as Wi-Fi, on the other hand. Such tight interworking/aggregation of radio access networks puts new requirements on efficient handling of authentication and security aspects. The proposed technology provides methods, and corresponding network nodes, computer programs, carriers comprising such computer programs, and computer program products as well as arrangements to support carrier aggregation between different radio access networks.

Abstract: A method includes receiving a message comprising a user identification code via a social media messaging channel. In addition, the method includes receiving geo-location information of the device transmitting the message. The method also includes verifying the user identification code by confirming that the geo-location information complies with stored expected geo-location information. The method also includes accessing data associated with a transaction account linked to the user identification code based on the content of the message. The method further includes transmitting a reply to the received message on the social media messaging channel.

Abstract: An infusion system to administer fluid is disclosed. The infusion system includes an infusion pump having a pump processor, a pump memory and a pump radio to enable bi-directional communication. The pump memory stores a plurality of fingerprint tokens and security conditions. The infusion system includes a controller with a processor, a controller memory and a controller radio to transmit and receive communication from the pump radio. The controller includes a fingerprint scanner and a graphical user interface (GUI) and controls to manipulate the GUI. The GUI and fingerprint scanner enable the controller to scan and determine tokens based on scanned fingerprints. Additionally, communication between the infusion pump and the controller establish relative proximity between the infusion pump and the controller such that when the relative proximity exceeds a threshold distance at least one of the plurality of security conditions is automatically matched.

Abstract: The present invention relates to a georeferencing certification method actuated by means of a central unit with one or more GNSS sensors and one or more mobile devices which request the georeferencing. The mobile device will collect the information monitored by the GNSS sensor installed on the mobile device and send it to the central unit, which will compare the information received with that which it has acquired through its relative GNSS sensors. The result of the comparison will authorise, or not, the unit to issue the georeferencing certification.

Abstract: An enterprise key management server operates in association with a location service that maintains information defining at least one physical boundary of the enterprise. Upon receipt at the key management server of a request that requires release of key material, an additional security check is performed. When the request is received from a GPS-enabled storage device, the key management server queries the location service to determine whether that device is within the boundary. If so, the key material is released. If the requesting device does not provide its location, or if the location service determines that the device is not within the boundary, the key management server fails the request so that the key material is not released. In this manner, the disclosure of the key material to a device that is no longer within the confines of the enterprise, e.g., because it has been stolen, is averted.

Abstract: An information processing apparatus includes a presentation unit that gives an importance level to shared information, which is information shared in a group including plural users, and presents the shared information, the importance level becoming higher as an access frequency of the shared information becomes higher a correction unit that, when the plural users in the group are changed and the presentation unit gives the importance level to the shared information, determines a user who has left or joined the group as a reserved user and corrects an access frequency of the shared information by the reserved user to a value calculated using a method different from a method used for the other users.

Abstract: Systems and techniques for sensitive data movement detection are described herein. An attempt to relocate a file that is a member of a monitored data set may be identified. A user account associated with the attempt to relocate the file may be determined. A safe user group may be identified for the user account associated with the attempt to relocate the file. A destination may be obtained for the attempt to relocate the file. A safe zone may be determined for the monitored data set using the user account and the identification of the monitored data set. A notification may be provided based on the destination for the attempt to relocate the file and the safe user group and the safe zone.

Abstract: In some cases, signal attenuation may occur when a mobile device communicates with a vehicle. To accommodate for this, a vehicle may determine a distance between the vehicle and the mobile device by evaluating a signal strength of a wireless signal received from the mobile device. An erroneous distance result may be produced when the wireless signal is attenuated by an intervening object. A wearable device worn by the individual is used to detect the presence of the mobile device. The detection procedure involves measuring a separation distance between the wearable device and the mobile device at different instances in time as the individual swings his/her arm back and forth while moving towards the vehicle.

Abstract: The disclosure relates to interactive and adaptive systems and methods for tracking location-sensitive objects. An example method includes presenting a first set of user interfaces for receiving a visual image of the location-sensitive object, and using the image to determine an identifier and identify a geographic location. The example method also includes transmitting the identifier and the location to a remote computing device, and in response to receiving location-specific requirements. A second set of user interfaces may be generated and presented to guide a user to comply with the location-specific requirements.

Abstract: A system, a method, and a computer program product for selective pairing of wireless devices are provided. A pairing device scans for an advertising packet. The pairing device checks each scanned advertising packet for a shared key. The pairing device responds to the scanned advertising packet only when the advertising packet contains the shared key.

Abstract: A method of multi-factor authentication is performed by an access control device. In response to detecting a voice command, the access control device sends a query to a location server for a current location of a user equipment (UE) included in a list of trusted UEs. The access control device may then receive an indication of the current location from the location server and in response thereto, the access control device may determine whether the current location of the UE is within a threshold distance of the access control device. If so, the access control device may generate an access signal that indicates that a user associated with the UE is authorized to access a protected resource.

Abstract: Centralized monitoring of plural file systems that operate within or in association with an enterprise computing environment is provided. Each of the plural file systems are provided with a security policy, wherein the security policy defines one or more file system access activities to be monitored at the file system. Each file system is instrumented with a software agent that intercepts the relevant file system access activity. A centralized collector component is operative to receive from each of the plural file systems audit trail data, wherein the audit trail data is data that has been generated locally as file system access activity is intercepted at the file system by the local software agent in accordance with the applicable security policy. The collector applies the security policy against the audit trail data received from at least one of the plural file systems and, in response thereto, takes a given action.

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising at least one processing core, at least one memory including computer program code, the at least one memory and the computer program code configured to cause the apparatus to receive an identifier of a function, encrypted input data, an encrypted computation result, encrypted random data and an encrypted output of the function, when nm with the random data, obtain a homomorphic polynomial factorization of the function, comprising obtaining a decomposed representation of the function, the representation comprising a sum of polynomials, and verify that the computation result is correct by checking, whether a difference between the encrypted output and the encrypted computation result equals a value of the decomposed representation, wherein the encrypted random data and the encrypted input data are used as parameter values in the sum of polynomials.

Abstract: A method of multi-factor authentication is performed by an access control device. In response to detecting a beacon signal transmitted by a user equipment (UE) via a short-range radio access technology (RAT) the access control device sends a query to a location server for a current location of the UE. The access control device then determines whether the UE is within a threshold distance of the access control device and, if so, begins monitoring a signal strength of one or more beacon signals transmitted by the UE. If the signal strength of the one or more beacon signals exceeds a signal strength threshold, then the access control device may generate an access signal to indicate that a user associated with the UE is authorized to access a protected resource.

Abstract: Disclosed in the present invention are a method and apparatus for use in information processing. One embodiment of the method comprises acquiring address information and a telephone number of a user; converting the address information of the user into longitude and latitude data; encrypting the longitude and latitude data and the telephone number so as to produce a ciphertext; generating a bar code according to the ciphertext such that a terminal parses the address information and telephone number of the user by the bar code. Said embodiment may conceal personal information of the user so as to prevent the disclosure of the personal information of the user.

Abstract: Systems, methods, and non-transitory computer-readable storage media for using mobile network authentication factors to authenticate a mobile device.

Abstract: System and method are disclosed for providing authentication of a terminal device. One embodiment includes a method implemented by a first terminal device. The method may include receiving first location information and receiving a first predetermined signal. The method may also include transmitting status information and the first location information to a server upon receiving the first predetermined signal to allow the server to compare the first location information with second location information received from a second terminal device and to allow the server to transmit the status information to the second terminal device. The status information may indicate that the first terminal device is authenticated and the first location information may indicate a current location of the first terminal device.

Abstract: A system, a method, and a computer program product for selective pairing of wireless devices are provided. A pairing device scans for an advertising packet. The pairing device checks each scanned advertising packet for a shared key. The pairing device responds to the scanned advertising packet only when the advertising packet contains the shared key.

Abstract: A system for determining whether a velocity event is fake or real is provided. The system accesses a data store of velocity events, each of which specifies a pair of addresses that share the velocity event. For each address of the velocity events, the system sets a score for that address based on the number of addresses that share a velocity event with that address. When the score for that address satisfies an originating address criterion, the system designates that address as an originating address. The system may determine that a velocity event is real when both addresses of the velocity event are originating addresses.

Abstract: The invention relates to a method for detecting an attempt to reroute a communication channel between a port of a security module and a port of a near-field communication router, which are in a telecommunication device, wherein, upon receiving a message in a near-field communication format, the security module verifies from which port of the communication router said message originates.