Abstract: A system and method are disclosed herein leveraging financial networks standards with mobile device data and secure processing and storage environment knowledge to authenticate a device. For instance, a party to a transaction may utilize these elements of information, not traditionally associated with wireless transactions, to achieve a lower probability of fraud and/or a higher confidence associated with the transaction.

Abstract: Systems and methods provide for an automated system for analyzing damage to insured property. An enhanced claims processing server may analyze damage associated with the insured item using photos/video transmitted to the server from a mobile device for analysis at the server in real time. Depending on network conditions, the mobile device may transfer images to the server in high definition or low definition. The server may send notifications to the mobile device to remind a user of the mobile device to capture and transfer images to the server. The server may analyze images to provide feedback to the insured user (e.g., insurance estimates).

Abstract: The present invention provides a display apparatus including a storage unit that stores information on electronic tickets; a reading unit that reads the information on electronic tickets stored in the storage unit; a determining unit that determines whether the electronic tickets are in use based on usage information of the electronic tickets included in the information on electronic tickets read by the reading unit; a display order determining unit that determines display order on a screen display of the electronic tickets based on results of the determination made by the determining unit; and a display screen generating unit that generates a display screen showing the electronic tickets according to the display order on the screen display determined by the display order determining unit.

Abstract: A microservice join request is received by a first microservice from a second microservice within a microservices system. The microservice join request includes microservice trust relationship information of the second microservice that defines microservice credentials and service description parameters of the second microservice. Using the microservice trust relationship information, a determination is made as to whether a consensus exists among other microservices within the microservices system that the second microservice is authorized to inter-operate within the microservices system. In response to determining that the consensus exists, validated local run-time inter-operational microservice trust relationship information is created. At least one run-time inter-operation request is received that includes a relationship trust token from the second microservice.

Abstract: The disclosure relates to a method of authenticating a digital credential of a bearer by a validating device, the method including capturing the bearer credential by the validating device and transmitting to a validation service the bearer credential with a validator credential bound to the validating device. The method also includes at the validation service, validating the bearer credential and the validation credential, and if the validator credential is valid, using the bearer credential to access a data item of a digital profile and creating an electronic message for transmission to the validating device, the electronic message indicating the data item and comprising a fresh validator credential generated by the validation service. The method further includes issuing a fresh bearer credential and creating an electronic message to transmit the fresh bearer credential to an address associated with the bearer.

Abstract: Systems, methods, and computer-readable media for priority based routing on an electronic device of data received from a processing subsystem are provided. In some embodiments, a method may include detecting on an electronic device that data received from a remote subsystem includes identifier information that is associated with a match element of an entry of a routing table, routing at least a portion of the data to a first priority destination identified by the entry, and, when the routing of the at least a portion of the data to the first priority destination identified by the entry is not successful, routing the at least a portion of the data to a second priority destination identified by the entry, wherein the second priority destination identified by the entry is different than the first priority destination identified by the entry.

Abstract: Systems and methods for providing optical communication between a vehicle and an external actor include a system provider device that establishes, through communication over a network with at least one vehicle, the at least one vehicle as a communication proxy. Establishing the at least one vehicle as a communication proxy may include pairing the at least one vehicle with a user device. In various embodiments, the system provider also receives a communication trigger. In response to the communication trigger, the system provider may transmit a modulated optical signal via an illumination source of one of the at least one vehicle and an external actor, to the other of the at least one vehicle and the external actor. The system provider detects, at the other of the at least one vehicle and the external actor, the modulated optical signal and demodulates the transmitted optical signal.

Abstract: Disclosed is a method for detecting an abnormal message, comprising: diving a text of a detected message into a plurality of text segments; obtaining one or more account attributes of each text segment, and determining a publication proportion parameter corresponding to the account attributes of each text segment; determining a first factor corresponding to the account attributes of each text segment according to the publication proportion parameter; determining a second factor of the detected message according to the first factor corresponding to the account attributes of each text segment; and determining according to the second factor of the detected message whether the detected message is an abnormal message. Through the combination of publication account attributes of messages with undifferentiated text segmentation and the use of Bayesian algorithm, batches of junk messages of a microblog account are effectively limited, and the flexibility of junk message processing is improved.

Abstract: Block chain-based multifactor personal identity verification may be provided. Verification addresses may be established on a block chain by: associating identifiers with individuals having previously verified personal identities, assigning verification addresses on a block chain to the individuals, and recording identifiers and biometric data associated with the individuals at corresponding verification addresses. Block chain-based multifactor personal identity verification using the verification addresses may be performed by: receiving one or more identifiers in connection with one or more requests to verify an identity of one or more individuals, extracting the biometric data associated with the one or more individuals from the corresponding verification addresses, and verifying the identity of the one or more individuals upon receiving matching biometric data and private keys.

Abstract: A dynamic token having a log function and a working method therefor. After the dynamic token determines that a key interrupt flag is set, a keyboard is scanned to obtain a first key value, and a currently pressed key is judged according to the first key value; if the currently pressed key is a first key, a dynamic password and a log corresponding to the dynamic password are generated; the dynamic password is stored in a display data buffer area, and the log is stored in a log storage area; key interrupt is enabled; and if the currently pressed key is a second key or a combination of a third key and a fourth key, the log is read from the log storage area, and the read log is stored in the display data buffer area.

Abstract: Provided are methods, systems and computer program products for providing remote document execution. Such methods, systems and computer program products may include storing an electronic document as a secure electronic file, identifying a signature space in the electronic document, the signature space, after being executed, includes a signature of a signing party of the electronic document, receiving the signature of the signing party into the electronic document stored as the secure electronic file and responsive to receiving the signature of the signing party, converting the electronic document into a read only electronic document.

Abstract: Presented herein are techniques for enabling delegated access control of an enterprise network. In particular, data representing a trust chain formed between a local domain and a remote domain is stored in an identity management system. The local domain has an associated secure enterprise computing network and wherein the trust chain identifies one or more outside entities associated with the remote domain that are authorized to access the secure enterprise computing network. The identity management system receives a request for access to the secure enterprise computing network by a first outside entity of the one or more outside entities associated with the remote domain. Access by the outside entity to the secure enterprise computing network is controlled/determined based on an analysis of the trust chain.

Abstract: In at least some examples, a control center, which provides remote driving assistance service, may be configured to receive traffic data from sensors and to identify an area of congested traffic, based on the received traffic data, within a predetermined range of the sensors. When the control center receives a request for the remote driving assistance service, from a vehicle within the predetermined range of the sensor, the control center may generate and transmit remote driving commands to the vehicle.

Abstract: There is provided a method for detecting a malicious attempt to access a service providing server using credentials of a client terminal in a network, the method performed by a malicious event detection server analyzing packets transmitted over the network, comprising: analyzing at least one login-credential associated with an attempt to obtain authentication to access the service providing server to determine whether the login-credential matches an invalid login-credential included in a set of honeytoken-credentials, wherein the set of honeytoken-credentials is stored on a local memory of the client terminal, wherein the set of honeytoken-credentials includes the invalid login-credential and a valid login-credential, wherein the invalid login-credential is invalid for authentication of the client terminal to access the service providing server and the valid login-credential is valid for authentication of the client terminal to access the service providing server; and identifying a malicious event when the lo

Abstract: A virtual business mobile device can be provisioned on a personal mobile device, by binding a mobile application for provisioning the business mobile device to a privileged component of a host operating system of the personal mobile device, wherein the binding enables a software virtualization layer and a management service component of the mobile application to execute in a privileged mode. The mobile application is then able to download a virtual phone image for the business mobile device and security-related policy settings relating to use of the business mobile device from a mobile management server, wherein the software virtualization layer is able to launch a virtual machine for the business mobile device based on the virtual phone image. Once the virtual phone image has been downloaded, the management service component initiates a periodic attempt to establish a connection with the mobile management server to comply with the downloaded security-related policy settings.

Abstract: Methods and systems for efficiently logging in or onto a computer system or other restricted system are described. An enterprise device may detect that a user device is within a detectable range of the user device. A user profile associated with the user device may be identified. The user and/or the user device may provide authentication information to the enterprise device, and the user may be granted access when the authentication information has been verified.

Abstract: A business environment on a mobile device can be controlled by an enterprise server by receiving identifying information transmitted from a mobile device, wherein the identifying information identifies a user of the mobile device to the enterprise server. A virtual phone template is transmitted to the mobile device, wherein the virtual phone template (i) corresponds to the identifying information, and (ii) is configured to provide the business environment on the mobile device as a virtual machine running on a hypervisor installed on top of a host operating system of the mobile device. The enterprise server then receives a periodic transmission from the mobile device to indicate that the mobile device remains in periodic communication with the enterprise server.

Abstract: A digital image of an item, created by a creator, can be received at an authentication server from a collector. The creator and collector can have profiles on the authentication server. The item can have an associated with the creator. The association can be a mark placed on the item. The co-location of the creator and the collector can be verified at the time of creation of the item. The digital image of the item can be transferred to the collector for verification of its authenticity. A record of ownership can be generated and stored in electronic storage with the digital image. The record of ownership can indicate that the collector owns the item.

Abstract: Improved document processing workflows provide a secure electronic signature framework by reducing attack vectors that could be used to gain unauthorized access to digital assets. In one embodiment an electronically signed document is removed from an electronic signature server after signed copies of the document are distributed to all signatories. The electronic signature server optionally retains an encrypted copy of the signed document, but does not retain the decryption password. This limits the amount of data retained by the electronic signature server, making it a less attractive target for hackers. However, the electronic signature server still maintains audit data that can be used to identify a signed document and validate an electronic signature. For example, a hash of the document (or other document metadata) can be used to validate the authenticity of an electronically signed document based on a logical association between an electronic signature and the signed document.

Abstract: A method is disclosed for a domain name registrar or a website hosting provider to authenticate a user as having authority to manage an account. The user may enter a selected messaging system for receiving and sending messages. The domain name registrar or the website hosting provider may monitor one or more events (such as an expiration of a domain name or a usage of a resource permitted by a website). When one or more events occur, a notice with various options may be sent to the user via the selected messaging system. The selected action may be received and performed by the domain name registrar or the website hosting provider. A confirmation message may be sent to the user regarding the results of the domain name registrar or the website hosting provider performing the selected action.

Abstract: A novel code signing system, computer readable media, and method are provided. The code signing method includes receiving a code signing request from a requestor in order to gain access to one or more specific application programming interfaces (APIs). A digital signature is provided to the requestor. The digital signature indicates authorization by a code signing authority for code of the requestor to access the one or more specific APIs. In one example, the digital signature is provided by the code signing authority or a delegate thereof. In another example, the code signing request may include one or more of the following: code, an application, a hash of an application, an abridged version of the application, a transformed version of an application, a command, a command argument, and a library.

Abstract: Architecture for generating a temporary account (e.g., an email address) with a user-supplied friendly name and a secret used to the sign the temporary account. For example, when a user wishes to create a temporary email address to use with an online organization, a friendly name is provided and the system generates a temporary email address including the friendly name. A signing component signs the temporary email address with a secret. One or more of these secrets can be provisioned prior to the user's creation of a friendly name, which eliminates propagation delay. During use, only incoming email messages having the temporary email address signed with the secret are validated. When the user revokes the temporary email address, the secret is revoked and the revocation is propagated to network gateways, rejecting any email sent to that address.

Abstract: The present invention relates to a method and system for managing profiles for use with touch systems. A user logs into a communal device using a pointer paired with a mobile device. The communal device is authenticated and retrieves the user's profile. The user profile is used to setup a workspace on the communal device. The workspace is granted access to the user's content on a content server. When the communal device has multiple users, each workspace may be shared or not depending on the user's requirements. Each pointer is individually identified to a particular user and workspace.

Abstract: A control method of an in-vehicle multimedia terminal, the method includes performing communication connection to a mobile terminal. A type of the communication connected mobile terminal and an operating system (OS) installed in the mobile terminal are recognized. A function for automatically searching for a first function is enabled or disabled when the mobile terminal provides the first function. The first function is performed by the in-vehicle multimedia terminal when the automatic search function is enabled. A second function is performed by the in-vehicle multimedia terminal when the automatic search function is disabled.

Abstract: A device may receive information associated with a particular entity and trigger, based on the information, a status for the particular entity. The device may transmit, based on triggering the status, a list of a plurality of mobile devices and may receive an identified set of mobile devices from the list of the plurality of mobile devices. The device may further receive, from a selected mobile device, a request to perform an action and receive a string of characters from the selected mobile device. The device may further transmit, based on receiving the string of characters, an instruction command to the selected mobile device when the string of characters matches a verification string of characters.

Abstract: An email payment system and method to provide users with the ability to initiate and send payments to one more recipients via email messaging. A user interface is provided in an email client that allows a user to insert payment with the email. Payment details are collected through one or more payment modals displayed in the email client. A payment object is inserted into the body of the email and is displayed to both the sender and recipient. The payment details captured in the payment object are communicated to a payment processor. The payment processor uses electronic payment accounts associated with the corresponding sender and recipient email addresses to identify the relevant electronic payment accounts and transfer the payment between said accounts. A status of the payment transaction is tracked and displayed within the payment object of the emails residing in both the sender and recipient email client.

Abstract: The disclosure relates to a method of authenticating a digital credential of a bearer by a validating device, the method including capturing the bearer credential by the validating device and transmitting to a validation service the bearer credential with a validator credential bound to the validating device. The method also includes at the validation service, validating the bearer credential and the validation credential, and if the validator credential is valid, using the bearer credential to access a data item of a digital profile and creating an electronic message for transmission to the validating device, the electronic message indicating the data item and comprising a fresh validator credential generated by the validation service. The method further includes issuing a fresh bearer credential and creating an electronic message to transmit the fresh bearer credential to an address associated with the bearer.

Abstract: In a cybersecurity network, a system identifies and classifies non-malicious messages by receiving a user notification indicating that the user has reported a received message as potentially malicious message, and determining whether the received message is legitimate or potentially malicious. When the system determines that the message is a legitimate, it further analyzes the message to assign a class that may include trusted internal sender, trusted external sender, or training a simulated phishing message. It will then cause the user's device to provide the user with information corresponding to the assigned class. The system may also quarantine a received message and release the message from the quarantine only after determining that the message is legitimate and receiving a user acknowledgment.

Abstract: In an embodiment, a system includes at least one processor having at least one core including a reservation control logic to receive a request from a user device for access at a future time to an enterprise device. The reservation control logic may grant a reservation to the user device to enable the access and schedule delivery of an authentication message to the user device including a credential to enable the user device to set up an ad hoc wireless connection with the enterprise device at the future time, without involvement of a user of the user device. Other embodiments are described and claimed.

Abstract: The present disclosure provides an exemplary system, method, and computer program product. The exemplary system includes at least one non-transitory memory storing user account information, wherein the information comprises a digital receipt associated with a user purchase and one or more conditions for delivering the digital receipt. The system further includes one or more hardware processors coupled to the at least one memory and operable to read instructions from the at least one memory to perform the steps of: receiving a payment request from a user; receiving at least one condition from the user for delivering a digital receipt associated with the payment request to at least one recipient; determining whether the at least one condition is satisfied; and delivering the digital receipt to the at least one recipient.

Abstract: Methods and systems are disclosed for quickly providing Whois services to a new top level domain after it is provisioned in a registry. In one embodiment, domain data is received at a first system regarding a top level domain (TLD). The domain data is assigned an authoritative port of a Whois server and is provisioned in a registry database. In certain embodiments, the Whois server provides information relating to domain name registrations of the TLD in the database, according to the authoritative port. The Whois server determines that a Whois query is received at the authoritative port for the queried TLD and responds with the queried information. To the requester, the responses appear as if they are sent from a unique Whois server for each TLD, but the Whois server is actually shared among the TLDs.

Abstract: There is provided a method and apparatus for resetting a password for a device or managing the device, the device having an encryption perimeter. A device shares a public/private key pair with a server, the public key being on the device and the private key being on the server. An intermediate value is encrypted on the mobile device using the public key. If the password is lost or the device needs to be managed, the server can request the encrypted intermediate value, decrypt it, and send the decrypted value to the mobile device which may then resume operations. A new password may be provided by the server or the user may set a new password once the encryption key is recreated from the decrypted intermediate value.

Abstract: An information distribution apparatus includes an acquiring unit that acquires individual identification information, product identification information, and user identification information. The information distribution apparatus includes a storing unit that stores the authentication information and the user identification information in an associated manner in a predetermined storing device. The information distribution apparatus includes a deciding unit that decides, whether the received authentication information and the received user identification information are stored in an associated manner in the predetermined storing device.

Abstract: A system and method is illustrated for providing secure credential using a secure credential package stored on a client device and at least one key stored in a corporate network. In embodiments, an access connector receives credentials and a device unique identifier from the client device over a secure link, obtain the at least one key from the corporate network, apply the at least one key to the credentials and the device unique identifier to generate the secure credential package including the encrypted credential and the device unique identifier, send the secure credential package to the client device over the secure link, upon receiving the secure credential package from the client device, retrieve the at least one key via the key manager, decrypting the secure credential package using the at least one key to obtain the credentials, and validate the credentials against a user directory located in the corporate network.

Abstract: A system and method are disclosed herein leveraging financial networks standards with mobile device data and SIM card chip knowledge to authenticate a device. For instance, a party to a transaction may utilize these elements of information, not traditionally associated with wireless transactions, to achieve a lower probability of fraud and/or a higher confidence associated with the transaction.

Abstract: A method for providing secret delegation may comprise receiving a credential secret applied to an algorithm associated with a distributed application in a trusted execution environment, causing delegation of the credential secret from one communication device to at least one other communication device, and modifying the credential secret prior to transfer of a modified version of the credential secret to the at least one other communication device in a manner that enables a generation of the credential secret to be determined. An apparatus and computer program product corresponding to the method are also provided.

Abstract: The invention relates to an RFID tag, which comprises a receiving means, a first and a second verification means, and a transmitting means. The receiving means is designed to receive a challenge message sent by an RFID reading device. Said challenge message comprises a challenge data set, which has a digital certificate issued for the RFID reading device by a certification authority and signed by means of a private key of the certification authority and which has a request message, and a digital signature at least of the request message, which digital signature is generated by means of a private key of the RFID reading device. The first verification means is designed to verify the digital certificate by means of a public key of the certification authority. The second verification means is designed to verify the digital signature by means of a public key of the RFID reading device.

Abstract: A system and method for suggesting to a first user about a second user who is available to have social interactions with the first user at a specific time based at least in part on user context for activities associated with habits of users. A habit engine determines habits of the first user and the second user to identify when each user is available for the social interactions. A context engine determines user context for a group of activities performed by the first user and the second user. A suggestion module identifies a time when the first user and the second user are available for the social interactions associated with a first activity having a matching context. The suggestion module provides a first suggestion that the first user join the second user in the first activity in a social network.

Abstract: A method includes issuing a digital certificate to a licensee, the digital certificate identifying a licensed product and the licensee to enable the licensee to enable the licensed product. The method involves receiving a request to enable the licensed product from an entity, the request including the digital certificate and determining whether the entity is the licensee of the licensed product based on the digital certificate. A system includes a relational structure having associations among authorized entities and digital certificates within an organization. Each to digital certificate identifies a licensed product licensed to the organization. A certificate distribution module distributes the digital certificates to associated authorized entities.

Abstract: An apparatus, computer-readable medium, and computer-implemented method for integrating and sharing patient-related information among members of a medical team in real-time via an authenticated Application Programming Interface (API), includes receiving preliminary patient data corresponding to the patient from a first member of a medical team comprising a plurality of members, the preliminary patient data being received via the authenticated API, generating a patient profile for the patient, the patient profile being accessible to each member of the medical team via the authenticated API, receiving input relating to the patient from a second member of the medical team, the input being received via the authenticated API, and updating the patient profile based at least in part on the received input, with each of the plurality of members of the medical team being able to access the updated patient profile via the authenticated API.

Abstract: A system and method for implementing an interoperable credential management protocol for processing online transactions. The protocol, referred to as the Partner Key Management (PKM) protocol provides an improved alternative to traditional public key infrastructure (PKI), particularly for use in high-value commercial transactions which require additional controls on the use of credentials for authentication and authorization. According to the PKM protocol, a user may take advantage of credential interoperability by using the same credential at a plurality of different financial institutions for authentication or digital signatures. Additionally, the credential interoperability achieved according to the PKM protocol allows the user to employ the same credential at a plurality of financial institutions for the purpose of digital or electronic signatures.

Abstract: A working method of a sound transmission-based dynamic token comprises: a dynamic token waiting for disconnection of a key; and when the disconnection of the key is detected, judging the type of a pressed key, and performing a corresponding operation according to different types of keys.

Abstract: A network device and method may provide secure fallback operations. The device includes a port allowing the device to communicate with a network and a processor to generate a security credential, provide the security credential to a call manager during initialization, and provide the security credential to a secondary device during fallback operations. The network device may include a memory to store the security credential and routing information for fallback operations.

Abstract: A virtual business mobile device can be provisioned on a personal mobile device, by binding a mobile application for provisioning the business mobile device to a privileged component of a host operating system of the personal mobile device, wherein the binding enables a software virtualization layer and a management service component of the mobile application to execute in a privileged mode. The mobile application is then able to download a virtual phone image for the business mobile device and security-related policy settings relating to use of the business mobile device from a mobile management server, wherein the software virtualization layer is able to launch a virtual machine for the business mobile device based on the virtual phone image. Once the virtual phone image has been downloaded, the management service component initiates a periodic attempt to establish a connection with the mobile management server to comply with the downloaded security-related policy settings.

Abstract: Registering a client computing device for online communication sessions. A registration server receives a message that has a push token that is unique to the client computing device and a phone number of the client computing device from an SMS (Short Message Service) transit device, which received an SMS message having the push token from the client computing device and determined the phone number of the client computing device from that SMS message. The registration server associates the push token and the phone number and stores it in a registration data store, which is used for inviting users for online communication sessions.

Abstract: The invention relates to a method or system for unambiguous marking of an object (1), wherein unique features (3) are digitized and signed with a private key (9) and the unique features (3) themselves, in addition to the signature (8) of the digitized features (6), are arranged on the object (1) or a packaging (2) of the object (1), or are formed by at least a part of the object (1) or the packaging (2) thereof, and the authenticity of the object (1) is determined by comparison of the unique features (3) with the decrypted signature (8) of the digitized features (6), which signature is arranged on the object (1) or the packaging (2) thereof and decrypted with a public key (11).

Abstract: A sever receives data from a sender to be dispatched to a recipient. Before dispatching the data to the recipient the server sends a message to the sender's email address requesting a response which will confirm the sender's authorship of the data. Upon receiving the confirmation about sender's authorship of the data, the server transmits the data together with an identification of the sender to the recipient.

Abstract: The method herein teaches encrypting a Private Key using a Passkey from an RSA generated private key/public key pair; the encrypted Private Key is split and then the portions are stored in two different databases. To encrypt data a new AES key is created that encrypts the data that is stored in another database. All users have their AES key encrypted using their associated public encryption keys such that the encrypted AES keys are stored in another database. To decrypt data the user enters his PassKey that is used to decrypt a rejoined split private key from portions that were retrieved from their respective databases. Next the encrypted AES key is retrieved and decrypted using the decrypted Private Key. Finally the AES encrypted data is retrieved from a database and decrypted using the decrypted AES key.

Abstract: Techniques are disclosed for validating input on a handheld device. In response to receiving an input and a request to access a computing resource, an application running on the handheld device may collect data from one or more sensors of the handheld device. The application may then determine, based on the collected sensor data, if an individual is interacting with the device and recognize the input as valid if such is the case. In one embodiment, the application may present a challenge to a user which is difficult for computer programs to perform, and determine whether an individual is interacting with the device based on successful completion of the challenge. In an alternative embodiment, the application may collect data and determine whether an individual is interacting with the device without presenting an explicit challenge to the user.

Abstract: Embodiments of the invention provide a process for displaying a graphical indicator on an Internet enabled device which conveys relationships between an entity associated with a website and third party entities with respect to the website entity. One example method may include obtaining the relationship data from a credential service provider, using a portion of a uniform resource identifier as a key to access the relationship data on the credential service provider, and rendering a representation of the relationship data, wherein the rendering of the relationship data is performed in a graphical user interface of a web browser, and wherein the web browser displays a rendering of the representation of the relationship data such that there is a relationship between an entity associated with the uniform resource identifier and a third party entity.