Abstract: A method includes receiving a message comprising a user identification code via a social media messaging channel. In addition, the method includes receiving geo-location information of the device transmitting the message. The method also includes verifying the user identification code by confirming that the geo-location information complies with stored expected geo-location information. The method also includes accessing data associated with a transaction account linked to the user identification code based on the content of the message. The method further includes transmitting a reply to the received message on the social media messaging channel.

Abstract: An infusion system to administer fluid is disclosed. The infusion system includes an infusion pump having a pump processor, a pump memory and a pump radio to enable bi-directional communication. The pump memory stores a plurality of fingerprint tokens and security conditions. The infusion system includes a controller with a processor, a controller memory and a controller radio to transmit and receive communication from the pump radio. The controller includes a fingerprint scanner and a graphical user interface (GUI) and controls to manipulate the GUI. The GUI and fingerprint scanner enable the controller to scan and determine tokens based on scanned fingerprints. Additionally, communication between the infusion pump and the controller establish relative proximity between the infusion pump and the controller such that when the relative proximity exceeds a threshold distance at least one of the plurality of security conditions is automatically matched.

Abstract: The present invention relates to a georeferencing certification method actuated by means of a central unit with one or more GNSS sensors and one or more mobile devices which request the georeferencing. The mobile device will collect the information monitored by the GNSS sensor installed on the mobile device and send it to the central unit, which will compare the information received with that which it has acquired through its relative GNSS sensors. The result of the comparison will authorise, or not, the unit to issue the georeferencing certification.

Abstract: An enterprise key management server operates in association with a location service that maintains information defining at least one physical boundary of the enterprise. Upon receipt at the key management server of a request that requires release of key material, an additional security check is performed. When the request is received from a GPS-enabled storage device, the key management server queries the location service to determine whether that device is within the boundary. If so, the key material is released. If the requesting device does not provide its location, or if the location service determines that the device is not within the boundary, the key management server fails the request so that the key material is not released. In this manner, the disclosure of the key material to a device that is no longer within the confines of the enterprise, e.g., because it has been stolen, is averted.

Abstract: An information processing apparatus includes a presentation unit that gives an importance level to shared information, which is information shared in a group including plural users, and presents the shared information, the importance level becoming higher as an access frequency of the shared information becomes higher a correction unit that, when the plural users in the group are changed and the presentation unit gives the importance level to the shared information, determines a user who has left or joined the group as a reserved user and corrects an access frequency of the shared information by the reserved user to a value calculated using a method different from a method used for the other users.

Abstract: Systems and techniques for sensitive data movement detection are described herein. An attempt to relocate a file that is a member of a monitored data set may be identified. A user account associated with the attempt to relocate the file may be determined. A safe user group may be identified for the user account associated with the attempt to relocate the file. A destination may be obtained for the attempt to relocate the file. A safe zone may be determined for the monitored data set using the user account and the identification of the monitored data set. A notification may be provided based on the destination for the attempt to relocate the file and the safe user group and the safe zone.

Abstract: In some cases, signal attenuation may occur when a mobile device communicates with a vehicle. To accommodate for this, a vehicle may determine a distance between the vehicle and the mobile device by evaluating a signal strength of a wireless signal received from the mobile device. An erroneous distance result may be produced when the wireless signal is attenuated by an intervening object. A wearable device worn by the individual is used to detect the presence of the mobile device. The detection procedure involves measuring a separation distance between the wearable device and the mobile device at different instances in time as the individual swings his/her arm back and forth while moving towards the vehicle.

Abstract: The disclosure relates to interactive and adaptive systems and methods for tracking location-sensitive objects. An example method includes presenting a first set of user interfaces for receiving a visual image of the location-sensitive object, and using the image to determine an identifier and identify a geographic location. The example method also includes transmitting the identifier and the location to a remote computing device, and in response to receiving location-specific requirements. A second set of user interfaces may be generated and presented to guide a user to comply with the location-specific requirements.

Abstract: A system, a method, and a computer program product for selective pairing of wireless devices are provided. A pairing device scans for an advertising packet. The pairing device checks each scanned advertising packet for a shared key. The pairing device responds to the scanned advertising packet only when the advertising packet contains the shared key.

Abstract: A method of multi-factor authentication is performed by an access control device. In response to detecting a voice command, the access control device sends a query to a location server for a current location of a user equipment (UE) included in a list of trusted UEs. The access control device may then receive an indication of the current location from the location server and in response thereto, the access control device may determine whether the current location of the UE is within a threshold distance of the access control device. If so, the access control device may generate an access signal that indicates that a user associated with the UE is authorized to access a protected resource.

Abstract: Centralized monitoring of plural file systems that operate within or in association with an enterprise computing environment is provided. Each of the plural file systems are provided with a security policy, wherein the security policy defines one or more file system access activities to be monitored at the file system. Each file system is instrumented with a software agent that intercepts the relevant file system access activity. A centralized collector component is operative to receive from each of the plural file systems audit trail data, wherein the audit trail data is data that has been generated locally as file system access activity is intercepted at the file system by the local software agent in accordance with the applicable security policy. The collector applies the security policy against the audit trail data received from at least one of the plural file systems and, in response thereto, takes a given action.

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising at least one processing core, at least one memory including computer program code, the at least one memory and the computer program code configured to cause the apparatus to receive an identifier of a function, encrypted input data, an encrypted computation result, encrypted random data and an encrypted output of the function, when nm with the random data, obtain a homomorphic polynomial factorization of the function, comprising obtaining a decomposed representation of the function, the representation comprising a sum of polynomials, and verify that the computation result is correct by checking, whether a difference between the encrypted output and the encrypted computation result equals a value of the decomposed representation, wherein the encrypted random data and the encrypted input data are used as parameter values in the sum of polynomials.

Abstract: A method of multi-factor authentication is performed by an access control device. In response to detecting a beacon signal transmitted by a user equipment (UE) via a short-range radio access technology (RAT) the access control device sends a query to a location server for a current location of the UE. The access control device then determines whether the UE is within a threshold distance of the access control device and, if so, begins monitoring a signal strength of one or more beacon signals transmitted by the UE. If the signal strength of the one or more beacon signals exceeds a signal strength threshold, then the access control device may generate an access signal to indicate that a user associated with the UE is authorized to access a protected resource.

Abstract: Disclosed in the present invention are a method and apparatus for use in information processing. One embodiment of the method comprises acquiring address information and a telephone number of a user; converting the address information of the user into longitude and latitude data; encrypting the longitude and latitude data and the telephone number so as to produce a ciphertext; generating a bar code according to the ciphertext such that a terminal parses the address information and telephone number of the user by the bar code. Said embodiment may conceal personal information of the user so as to prevent the disclosure of the personal information of the user.

Abstract: Systems, methods, and non-transitory computer-readable storage media for using mobile network authentication factors to authenticate a mobile device.

Abstract: System and method are disclosed for providing authentication of a terminal device. One embodiment includes a method implemented by a first terminal device. The method may include receiving first location information and receiving a first predetermined signal. The method may also include transmitting status information and the first location information to a server upon receiving the first predetermined signal to allow the server to compare the first location information with second location information received from a second terminal device and to allow the server to transmit the status information to the second terminal device. The status information may indicate that the first terminal device is authenticated and the first location information may indicate a current location of the first terminal device.

Abstract: A system, a method, and a computer program product for selective pairing of wireless devices are provided. A pairing device scans for an advertising packet. The pairing device checks each scanned advertising packet for a shared key. The pairing device responds to the scanned advertising packet only when the advertising packet contains the shared key.

Abstract: The invention relates to a method for detecting an attempt to reroute a communication channel between a port of a security module and a port of a near-field communication router, which are in a telecommunication device, wherein, upon receiving a message in a near-field communication format, the security module verifies from which port of the communication router said message originates.

Abstract: A system for determining whether a velocity event is fake or real is provided. The system accesses a data store of velocity events, each of which specifies a pair of addresses that share the velocity event. For each address of the velocity events, the system sets a score for that address based on the number of addresses that share a velocity event with that address. When the score for that address satisfies an originating address criterion, the system designates that address as an originating address. The system may determine that a velocity event is real when both addresses of the velocity event are originating addresses.

Abstract: Application developers can request to have their applications registered for use with a content delivery platform. The operator of the content delivery platform establishes perimeters defining geographic areas, and maintains records reserving particular areas for delivery of content associated with particular sponsors. Registered applications running on mobile devices can request content from the content delivery platform. Based at least in part on the request, the content delivery platform can identify a target location, which may be the location of the mobile device, or some other location indicated in the request. A mobile device can be provided content based on the relationship of the target location to the geographic areas, so that a registered application running on a mobile device with a target location contained within a geographic area assigned to a particular sponsor will receive content related to that sponsor.

Abstract: Provided are a system and method for performing deduplication of web content. In one example, the method includes converting search results of a first website into a first fuzzy index and converting search results of a second website into a second fuzzy index, determining a search result of the first website corresponds to a same item as a search result of the second website based on a comparison of the first fuzzy index and the second fuzzy index, and displaying a comparison of web content associated with the item from the first search result and web content associated with item from the second search result. The deduplication of content according to various embodiments may be performed on the fly without storing web content in a centralized database.

Abstract: A coordinate encryption method includes the steps of encoding a coordinate with an encryption algorithm, testing whether the result of the encoding is within a predefined range, and outputting the result of the encoding in case the result of the encoding is within the predefined range.

Abstract: A system, method and program product for authenticating a device. An authentication service is provided having: a data management system for periodically collecting and storing signature data from each of a set of registered devices, wherein the signature data includes a plurality of data points, and wherein at least one of the data points includes a device usage characteristic; a system for obtaining a temporal signature state (TSS) vector of a device in response to a transaction request from the device, wherein the TSS vector includes values for a selected subset of the data points forming the signature data; and an authenticator for comparing the TSS vector of the device with stored signature data in order to authenticate the device.

Abstract: A system for implementing a virtual machine based on a zero-knowledge proof circuit for general operation verification is disclosed, which includes a general operation verification circuit generator that generates a general operation verification circuit having a base number of commands, a base number of machine steps, and a base system size and generates proof keys and verification keys by using the general operation verification circuit and a zk-SNARK algorithm, a prover terminal that generates a proof by using a proof key included in the general operation verification circuit, coefficients of a polynomial function obtained through the zk-SNARK algorithm, and information required for verifying and proving from the general operation verification circuit; and a verifier terminal that performs verification of whether or not the proof is valid by using the verification key, the information required for verifying and proving from the general operation verification circuit, and the proof.

Abstract: An authentication node (22) in a wireless communication system (10) authenticates a message received by a recipient radio node (16A) (e.g., a user equipment). The authentication node (22) in this regard determines a radio resource that carries the message received by the recipient radio node (16A). The authentication node (22) performs authentication of the message, by checking whether the message is bound to the determined radio resource. The authentication node (22) may, for example, compute an expected authentication or integrity code based on information identifying the determined radio resource and check whether the expected authentication or integrity code matches an authentication or integrity code associated with the message.

Abstract: A method for providing a promotion to a user to do commerce at a physical location includes offering a right to a particular piece of digital content to the user as an incentive to a commercial transaction that occurs at least partly at the physical location, discerning that the user is located at the physical location, and in response to the discerning, interacting with the user to provide the digital content to the user on a mobile device associated with the user.

Abstract: Implementations of the present disclosure include generating, by a consensus node, a certificate signing request (CSR); sending the CSR to a first certificate authority (CA); receiving a first public key certificate of the consensus node from the first CA, and a first one or more public key certificates issued by a first one or more CAs. The consensus nodes also sends the CSR to a second CA, receives a second public key certificate of the consensus node from the second CA, and a second one or more public key certificates issued by a second one or more CAs. The consensus node further configures a first truststore including the first public key certificate and the first one or more public key certificates, and a second truststore including the second public key certificate and the second one or more public key certificates.

Abstract: Systems, methods and computer readable media for providing users with encrypted content data associated with a service are disclosed. A device may receive first content data. The device may encrypt the first content data using a first key to obtain first encrypted data. The device may generate second encrypted data by applying a cipher substitution to the first encrypted data using a second key. The device may cause to send the second encrypted data to a second device.

Abstract: The present disclosure relates to systems and methods for implementing tiered authentication using position based credentials. In one implementation, a system for associating two user interface devices to provide position-based authentication for a user may include one or more memories storing instructions and one or more processors configured to execute the instructions to perform operations. The operations may include receiving a first identity associated with a first user interface device, receiving a second identity associated with a second user interface device, receiving credentials associated with the user, receiving a distance threshold, and establishing a credentialing association between the first identity and the second identity based on the credentials and the distance threshold.

Abstract: A system for secure communications using resonant cryptography includes a resonator that has a random number generator (RNG). The RNG can be at least one of a true random number generator, pseudo-random number generator, and any non-repeating sequence of numbers having a characteristic of a random number stream, and generating a first stream of random numbers. A transmitter, electrically coupled to the random number generator, is also included to transmit the generated first stream of random numbers.

Abstract: Data packets are received by a virtual cloud node from a cloud server. The virtual cloud node is one of a plurality of computing nodes forming part of an on-premise computing environment. Each of the computing nodes include at least one computing device and executed a plurality of servers with one of the servers being a central management server. Thereafter, the virtual cloud node converts the data packets from a first protocol compatible with the cloud server to a second protocol. The central management server routes the converted data packets to another one of the computing nodes for processing or consumption. Related apparatus, systems, techniques and articles are also described.

Abstract: In various example embodiments, systems, methods and media for omni-channel state preservation are provided. In example embodiments, a method comprises identifying a plurality of flow chain elements in a transaction flow of a user session, causing the presentation of a first flow chain element in the transaction flow in an interface of a first user device, causing the presentation of a second flow chain element in the transaction flow in an interface of a second user device, and preserving a state of the user in the session when causing the presentation of the second flow chain element in the second user device.

Abstract: The embodiments of the present disclosure provide a method and an apparatus for controlling a terminal device to access a wireless Local Area Network LAN. When a terminal device needs to connect to the wireless LAN, a smart terminal device firstly acquires first access information of the wireless LAN and validates whether the first access information is correct; and when the first access information is correct, the smart terminal device sends the first access information to the terminal device, such that the terminal device utilizes the first access information to access the wireless LAN. The method can ensure the first access information sent to the terminal device is correct, i.e., the terminal device can successfully access the wireless LAN by utilizing the first access information. Thereby, the method can improve the success rate of accessing the wireless LAN by the terminal device.

Abstract: An example communications apparatus includes a plurality of communicatively-interconnected communication domains and an electronic switch, integrated as part of a first domain of the plurality of communicatively-interconnected communications domains. The electronic switch effects secure communications of data over the one or more channels specific to the first domain, by using a first circuit and a second circuit. The first circuit is used to obtain and process sampled channel properties associated with the one or more channels specific to the first domain. The second circuit is used to generate, in response to the first circuit, a domain-specific code that is generated pseudo-randomly using the processed sampled channel properties, the domain-specific code being used for coding data conveyed over the one or more channels specific to the first domain.

Abstract: Provided are methods and systems for transmission of terrestrial data between aircraft and ground-based systems using broadband over power line (BPL) communication channels. These channels are established based on authentication of biometric data. Specifically, a biometric module, positioned on an aircraft or a gate, receives biometric data from a user and then authenticates this data based on available reference data. The authentication results are used by a BPL module to establish (or not establish) a BPL communication channel. The BPL communication channel is established through an electrical power cable connecting the aircraft to the gate. Furthermore, the BPL communication channel is established through at least a portion of the onboard electrical power distribution system of the aircraft. The terrestrial data, e.g., aircraft control data, in-flight entertainment data, and/or airplane information system data, is then transmitted through this BPL communication channel.

Abstract: In embodiments, an authentication server interfaces between a user device with a self-signed certificate and a verifying computer that accepts a user name and password. The user device generates a self-signed certificate signed by a private key on the user device. The self-signed certificate is transmitted to a verifying party computer over a network. The verifying party stores the self-signed certificate with user identification data, including at least one of a user name, user address, user email, user phone number, user tax identification (ID), user social security number and user financial account number. In subsequent communications, the verifying party receives a certificate chain including the self-signed certificate, and matches that with the user identification data stored in a database.

Abstract: A method of performing an operation on a data storage for storing data being encrypted with a key KD associated with an owner of the data is provided. The method includes deriving, for each authorized client Cj, a first key KCj and a second key KTj, providing the client Cj with the first key KCj, and providing a Trusted Third Party (TTP) with the second key KTj. The method further includes, at a Policy Enforcement Point, receiving a request for performing the operation on the data storage from a client Ck of the authorized clients, acquiring a first key KCk from the client Ck, acquiring a second key KTk from the TTP, deriving the key KD from the first key KCk and the second key KTk, and performing the operation on the data storage using the derived key KD. The disclosed trust model uses two-part secret sharing.

Abstract: A telecommunication device protects data stored in a security module. The device has a near field communication (NFC) router with a plurality of individually assignable gates and a routing table. In response to a request to assign a communication pipe to one of the gates, the device creates and stores a reference signature for the pipe based on at least one of a personal code of an authorized user of the device or an identifier of a radio frequency gate of the router. In response to a request to provide data from the security module to the NFC router, the device creates a current signature corresponding to the request to provide data. The device verifies whether the current signature corresponds to the stored reference signature and prevents a provision of the requested data based on a failure to verify the current signature corresponds to the stored reference signature.

Abstract: Systems and methods are provided for transferring state between devices. In one implementation, a gestural input is detected, and a state of a source application is transferred from a first device to a second device in response to the gestural input. The second device may then generate an instance of a target application that corresponds to a representation of the state of the source application received from the first device. In an additional implementation, a state of the target application is transferred from the second device to the first device. The first device then updates a state of the source application to correspond to a representation of the state of the target application received from the second device.

Abstract: Systems and methods are provided for checking many users in to a location using a Bluetooth® low energy (BLE) beacon. The provided systems and methods may allow a BLE beacon to facilitate a check in with a remote server that processes check ins and then disconnect from the device used to check in. The device may be assigned a unique identifier that may be broadcast from the device during the check in so that the BLE beacon can quickly scan for the identifier and connect with the device based on the identifier to provide content and other information to the device.

Abstract: A mobile storage device includes first and second memory regions in one or more semiconductor memory devices, a positioning system configured to generate positional information indicating a position of the mobile storage device, and a controller. The controller is configured to allow access to the first memory region and prohibit access to the second memory region when the positional information indicates that the position of the mobile storage device is within a first area, and prohibit access to the first memory region and allow access to the second memory region when the positional information indicates that the position of the memory storage device is within a second area, which is different from and does not overlap with the first area.

Abstract: A communication system and a comparison method for securing a communication path for a legitimate user via a terminal apparatus (“TA”). A vehicle-mounted communication device (“VMCD”) transmits a device ID identifying the VMCD to a TA, acquires a terminal ID from the TA, and transmits the device ID and the terminal ID acquired from the TA to a central apparatus. The TA transmits a terminal ID identifying the TA to the VMCD, acquires a device ID from the VMCD, and transmits the terminal ID and the device ID acquired from the VMCD to the central apparatus. The central apparatus receives a device ID and a terminal ID transmitted from the VMCD and a device ID and a terminal ID transmitted from the TA, and compares the device ID and the terminal ID received from the VMCD with the device ID and the terminal ID received from the TA.

Abstract: Various systems and methods for determining whether to allow or continue to allow access to a protected data asset are disclosed herein. For example, one method involves receiving a request to access a protected data asset, wherein the request is received from a first user device; determining whether to grant access to the protected data asset, wherein the determining comprises evaluating one or more criteria associated with the first user device, and the criteria comprises first information associated with a first policy constraint; and in response to a determination that access to the protected data asset is to be granted, granting access to the protected data asset.

Abstract: System and method are disclosed for providing authentication of a terminal device. One embodiment includes a method implemented by a first terminal device. The method may include receiving first location information and receiving a first predetermined signal. The method may also include transmitting status information and the first location information to a server upon receiving the first predetermined signal to allow the server to compare the first location information with second location information received from a second terminal device and to allow the server to transmit the status information to the second terminal device. The status information may indicate that the first terminal device is authenticated and the first location information may indicate a current location of the first terminal device.

Abstract: A processor-implemented method alters a computer resource based on its new geolocation. One or more processors receive a message that a computer resource has moved from a first geolocation to a new geolocation. The processor(s) receive an identifier of the new geolocation for the computer resource. In response to receiving the identifier of the new geolocation for the computer resource, the processor(s) request and receive encrypted data from the new geolocation. The processor(s) apply decryption information to the encrypted data from the new geolocation, where the decryption information is specifically for decrypting encrypted data from the new geolocation. In response to the decryption information failing to decrypt the encrypted data from the new geolocation, the processor(s) determine that the identifier of the new geolocation is false and apply a geolocation based resource policy to alter the computer resource at the new geolocation.

Abstract: Provided are a computer program product, system, and method for providing backup and restore services to network attached appliances in a network. Configuration settings comprising configuration settings used in a network attached appliance are gathered and a unique identifier for the network attached appliance is determined. A backup request is generated including the configuration settings, the unique identifier, and a backup operation code. The backup request is broadcasted on the network to be received by the backup servers to store the configuration settings for the unique identifier.

Abstract: Centralized monitoring of plural file systems that operate within or in association with an enterprise computing environment is provided. Each of the plural file systems are provided with a security policy, wherein the security policy defines one or more file system access activities to be monitored at the file system. Each file system is instrumented with a software agent that intercepts the relevant file system access activity. A centralized collector component is operative to receive from each of the plural file systems audit trail data, wherein the audit trail data is data that has been generated locally as file system access activity is intercepted at the file system by the local software agent in accordance with the applicable security policy. The collector applies the security policy against the audit trail data received from at least one of the plural file systems and, in response thereto, takes a given action.

Abstract: Disclosed is an approach to incorporate geographical access control features for a cloud-based storage platform. This allows, for example, enterprise administrators to define geographical areas (geofences) with arbitrary precision within which content access can be denied for items of data.

Abstract: An apparatus of a communication network system, which routes data packets and stores trusted routes between different communication network systems in a database, detects (S12) that a data packet requires a route with a specific level of trust, determines (S13), from the trusted routes stored in the database, a specific trusted route towards a destination as indicated in the data packet, and sets (S15) the data packet on the specific trusted route towards the destination.

Abstract: Systems and methods are provided that may be implemented to use angle of arrival (AoA) of a signal transmitted between two Bluetooth Low Energy (BLE) wireless devices to initially authenticate a connection between the two BLE devices. In one example, bonding or pairing with a first BLE device may be restricted to only those other BLE devices having an antenna currently positioned to transmit a signal to the first BLE device from an allowed direction and within a predefined permitted range of AoA relative to the first BLE device.