Abstract: A robotic process automation (RPA) system provides bots that interact with and provide user credentials to applications, such as for multi-factor authentication (MFA). First user credentials associated with MFA are retrieved by the bots from credential storage. Second user credentials that correspond to questions posed to a user of an application are retrieved from credential storage. Second user credentials that correspond to a one-time password are generated by the RPA system. The second user credentials may also be generated by a third-party authentication service that provides the credentials via a secondary channel such as email or SMS, which are then retrieved for presentation to the application.

Abstract: This disclosure describes example techniques for automatically configuring domain name system (DNS) servers to handle custom hostnames assigned to hosted zones. The techniques monitor DNS record sets of the hosted zones for special DNS records registering new hostnames. When such a special DNS record is detected, the central DNS server checks a database to see if that hostname is already assigned to another hosted zone. If the hostname is not assigned to another hosted zone, the central DNS server automatically updates its own DNS configuration data pair the new hostname with the Internet Protocol (IP) address of the hosted zone requesting the hostname. This allows the central DNS server to resolve future DNS queries for the new hostname by routing requests to the proper zone.

Abstract: There are provided systems and methods for detecting malicious email addresses using email metadata indicators. Digital accounts may be attacked by malicious computing processes or other actions that attempt to compromise the security of accounts and/or perform account takeovers. To increase security of the accounts and account data, the service provider may interface with a digital address and/or identifier provider, such as an email provider to request metadata indications of addresses. The metadata indicator may include a score associated with whether the address is compromised or being used for fraudulent purposes. This score may be based on usages of the address over a period of time, connections of the address, and other activities. The indicator may be used to determine whether to allow data changes to the account's data.

Abstract: Systems and methods for telemetry collection auto-tuning for workspaces are described. In an illustrative, non-limiting embodiment, a client Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the client IHS to: collect telemetry during execution of a workspace using a telemetry collection setting specified in a file or policy received from a workspace orchestration service, where the file or policy implements a workspace definition usable by a local management agent to instantiate the workspace; in response to a comparison between a security risk score and a threshold risk level, modify the telemetry collection setting; and collect telemetry using the modified telemetry collection setting.

Abstract: In one embodiment, network node-to-node connectivity verification is performed in a network including data path processing of packets within a packet switching device. In one embodiment, an echo request connectivity test packet, emulating an echo request connectivity test packet received from a first connected network node, is inserted by the packet switching device prior in its data processing path prior to ingress processing performed for packets received from the first connected network node. A correspondingly received echo reply connectivity test packet is intercepted by the packet switching device during data path egress processing performed for packets to be forwarded to the first connected network node.

Abstract: One system for safeguarding a critical computing device is connected to an external communication network. The critical computing device stores critical data or is connected to a memory device storing critical data. The system includes a memory unit and a filtering module. The memory unit stores an entropy table having entropy values related to data packets regarding disorders in the data packets. The filtering module is connected to the external communication network and the critical computing device, receives a set of data packets through the external communication network, processes the data packets based on a set of rules, determines a processed entropy value related to each of the data packets received, fetches the entropy table and compares it with the processed entropy value, and determines if the data packets received are malicious or non-malicious and if the data packets are determined to be non-malicious data packets.

Abstract: A device, system, and method are provided. In one example, a method for polling for server events is described that includes storing, on a server, a list of events. The method also includes polling, by a client, the server for the list of events. The method includes receiving the list of events stored on the server. The method further includes broadcasting each event in the list of events received to an associated component; and requesting, by each component that receives at least one associated event, component related event data for each associated event.

Abstract: A system maintains values for secure connection settings for multiple registered users and restricts data resets. Upon receiving a reset request to reset the value of a particular secure connection setting for a specific user, trials are conducted each by: receiving the requested new value from the requesting device; and sending a validation request to a validation system, the validation request including, at least in part, the requested new value for the particular secure connection setting. If a reply from the validation system is deemed a repudiation of the requested new value, a trial count is tolled. If the trial count reaches a predetermined condition, trials are suspended, a denial message is sent to the requesting device, and the specific user is alerted of a attempt to alter their data.

Abstract: Embodiments provide methods and systems for verifying digital data. A method performed by server system to verify the digital data is disclosed. A request is received to verify information associated with a user. The request includes the credentials of the user for a digital platform. It is determined whether the information is present in a database associated with the digital platform. The information is verified by comparing the information with datasets stored in the database upon determining that the information is present in the database. Thereafter, a report is generated based on the verification. The report includes an output of the verification.

Abstract: A method for running an identity and access management system includes providing at least one layer, and a master computer that communicates with at least one slave computer. The master computer has at least one component which is designed as a computing device and/or as a memory device and/or as a further working component respectively. Units of the functionality of the computing device and/or of the memory device and/or of the further working component of the master computer, respectively, are generated. The respective units of the functionality of the computing device and/or of the memory device and/or of the functionality of the further working component, respectively, are converted into a code and are transmitted in coded form from the master computer to the slave computer. The master computer is controlled with the aid of the computing device and a software program.

Abstract: Proactive caching, at a client device (e.g., a feature phone), of transient assistant action suggestions for selective rendering by an assistant client application of the client device. A transient assistant action suggestion, when rendered via an assistant client application and selected, causes the assistant client application to initiate performance of a corresponding assistant action. In various implementations, a prefetched transient action suggestion can be a time-constrained suggestion that includes at least associated rendering restriction metadata that defines one or more temporal windows to which rendering of the time-constrained suggestion is restricted. Proactive cache refresh rate metadata can also be associated with transient action suggestion(s) and defines a duration during which the assistant client application is to refrain from interfacing with a remote system to prefetch updated transient assistant action suggestions.

Abstract: A method comprises receiving data from a device over at least a first network and analyzing the data to identify one or more parameters for transmission of the data to a computing site. Based, at least in part, on the one or more parameters, at least a second network to be utilized for transmission of the data to the computing site is determined, wherein the second network is different from the first network. In the method, the data is configured for transmission over at least the second network, and is sent to at least the second network for transmission to the computing site.

Abstract: Computing systems and methods are described in which video calls or other online communications are established or enhanced among two or more live participants. In some variants one or more preferences are gleaned from a first participant's behavior so as to streamline a call establishment with one or more qualified recipients. Alternatively or additionally, enriched auditory message data may be received privately from a sender without leaving a shared space.

Abstract: This disclosure provides methods and techniques of performing source network address translation (SNAT) at a packet sender (e.g., a client device) instead of a gateway device (e.g., a proxy device). The present disclosure performs a SNAT operation at the packet sender, relieving the gateway device from the SNAT operation to perform other duties (e.g., policy enforcement). An example method of network address translation includes modifying, by a processing device at a data packet origination device (e.g., a client device), network address information in an internet protocol (IP) header of a packet using a public IP address. The method further includes sending the packet to a public network based on the public IP address.

Abstract: Methods, devices, and systems are provided for user authentication on a gateway device to perform steps of, receiving a user request communicated via a local area network (LAN) from a user system or device connected to the LAN, checking whether the gateway device is operating in a disconnected operational mode in response to the user request, selectively initiating a user authentication protocol when the gateway device is operating in the disconnected operational mode, wherein the user authentication protocol uses secret information stored in a user hardware token uniquely assigned to a particular user, authenticating the administrator user using the user authentication protocol that requires administrator secret information stored in a master hardware token connected to a system or device operated by the administrator user, and selectively authenticating the particular user based at least in part on results of the user authentication protocol.

Abstract: A non-healthcare setting kit for diagnosing a biological sample from a user is disclosed. The kit includes a mobile application that may run on a mobile device, a collection container for the biological sample, a cartridge that docks with the collection container and a reader that docks with the cartridge and that optically reads the biological sample.

Abstract: A system includes a memory associated with a first virtual environment that stores digital assets associated with a user. The memory is coupled to a processor that is configured to receive a user credential associated with the user and authorize the user to access the first virtual environment. The processor receives a request from the user to enter a second virtual environment accessible through the first virtual environment and generates a virtual pass for a first avatar of the user to enter the second virtual environment. The processor receives a request to perform in the second environment a data interaction associated with a digital asset and provides the first avatar access from the second environment to the digital asset. The processor receives an indication that the data interaction is completed and updates the digital asset in the memory to reflect the data interaction.

Abstract: User authentication and validation for performing transactions may be performed by a validation server of a service provider. For example, when a login request or purchase request is received, the request may be authenticated or validated before permitting the requested transaction. In some arrangements, the validation may be delegated to one or more devices or users external to the service provider. Multiple validation users may be consulted for each transaction request to determine a consensus validation decision. A consensus may be reached based on unanimous responses or based on a specified threshold level (e.g., more than 50% responding positively or negatively). The service provider may use this consensus determination to authorize or reject a transaction request.

Abstract: A method includes: receiving selection of a document; correlating sequences of words, in the document, with a set of language signals; generating a set of document tags representing the set of language signals; and retrieving a first data access policy: associated with a particular document tag in the set of document tags; and including a set of identities permitted to access a document associated with the particular document tag; receiving selection of a recipient account of the document; and in response to detecting the set of identities excluding the recipient account, restricting access to the document by the recipient account.

Abstract: A system for intelligent managing whitelists and blacklist provides options and/or suggestions to the administrators and/or information technology team to allow administration of whitelists and/or blacklists based upon history and rules. For example, if permission to run a certain program is requested by several people in a group or organization and the program is not believed to have a virus, then, the administrator if presented with an option to enable (e.g., add to the whitelist) that program for the entire group or organization.

Abstract: The disclosed computer-implemented method for protecting user data privacy against web tracking on Wi-Fi captive portals may include (i) detecting telemetry data generated from establishing a connection with a network access device associated with a captive portal, (ii) determining, based on the telemetry data, a target set of domains associated with a service set identifier assigned to the network access device, (iii) analyzing web tracking behavior data associated with the target set of domains to identify web trackers on the captive portal for a dataset of potential users, (iv) calculating a privacy risk score associated with the web trackers on the captive portal, and (v) performing a security action that protects against a potential invasion of user data privacy by presenting a privacy risk score notification associated with the web trackers on the captive portal. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Apparatuses, systems, and methods for verifying fingerprints associated with components to be installed on printed circuit boards (PCBs). In at least one embodiment, one or more processors determine whether a component fingerprint associated with a component to be installed on the PCB corresponds to an expected fingerprint, the component fingerprint based, at least in part, on a firmware version associated with the component.

Abstract: A packet-spreading data transmission system with anonymized endpoints facilitates enhanced fortified private communications between a plurality of arbitrary devices via a plurality of communication channels or networks. The data transmission system receives at a source endpoint device a message of arbitrary length. The message includes a destination address associated with a destination endpoint device. Both source endpoint device and the destination endpoint device are selected from a plurality of arbitrary devices. The received message are fragmented and agilely transmitted, via a plurality of communication channels, from the source endpoint device to the destination endpoint device.

Abstract: Techniques are described for providing customizable sign-on functionality, such as via an access manager system that provides single sign-on functionality and other functionality to other services for use with those services' users. The access manager system may maintain various sign-on and other account information for various users, and provide single sign-on functionality for those users using that maintained information on behalf of multiple unrelated services with which those users interact. The access manager may allow a variety of types of customizations to single sign-on functionality and/or other functionality available from the access manager, such as on a per-service basis via configuration by an operator of the service, such as co-branding customizations, customizations of information to be gathered from users, customizations of authority that may be delegated to other services to act on behalf of users, etc.

Abstract: Various embodiments herein each include at least one of systems, methods, and software for biometric authentication of pre-staged self-service terminal transactions. One embodiment in the form of a method includes connecting, wirelessly via a wireless communication device of a mobile device, to a Self-Service Terminal (SST), such as an ATM or self-service checkout terminal. The mobile device then receives, via the wireless communication device from the SST, biometric authentication data to authenticate an account holder. The received biometric data is then compared on the mobile device with biometric data stored on or read by a biometric reader of the mobile device. When the comparing identifies a match between the received biometric data and the biometric data read by or stored on the mobile device, the method then transmits an authentication message via the wireless communication device to the SST indicating the match.

Abstract: Systems and methods are provided for use in implementing a common domain to provide recognition of users. One example computer-implemented method includes receiving a recognition token associated with a profile and setting, via a browser accessing a common domain, a cookie in the browser where the cookie includes a recognition token. The method also includes, in response to a request for a service, via a user, through the browser accessing an entity domain associated with an entity, accessing the common domain and accessing, via the browser accessing the common domain, the cookie and submitting the cookie to a common domain server. The method further includes receiving, from the common domain server, a federated ID token associated with the recognition token for the service and retrieving, via the browser, the profile associated with the user based on the federated ID token.

Abstract: Methods and systems for sending data are described. A computing device may send data to one or more requesting devices via one or more communication sessions. The computing device may update a state of a token(s) based on requests received and/or data sent. The computing device may manage the one or more sessions according to the state of the token(s).

Abstract: Disclosed methods and systems for managing on-premises information handling resources establish, by an in-cloud web portal, an agentless connection to an on-premises information handling resource and perform, via the agentless connection, a configuration management operation to modify a configuration of the on-premises handling resource. Establishing the agentless connection and performing the configuration management operation may include one or more appropriate API calls. Disclosed teachings enable a web-accessible, public cloud portal to perform active configuration management of on-premises resources scattered across any number of distinct and potentially isolated customer sites without deploying and maintaining management agent software within the customer's private cloud. The on-premises resources may include a multi-node cluster provided by a node or nodes of one or more HCI appliances.

Abstract: Intelligent access redirection is provided. An access request to access a secure website with user information and secure website details is relaunched utilizing an alternative access approach to access the secure website. Successful access to the secure website utilizing the alternative access approach is detected. The alternative access approach to access the secure website is saved in a user profile along with a reason to perform access redirection in response to detecting the successful access.

Abstract: Techniques for packet classification for network routing are disclosed. In some embodiments, packet classification for network routing includes receiving packets associated with a new flow at a security controller from a network device, in which the network device performs packet forwarding; classifying the flow; and determining an action for the flow based on a policy (e.g., a security policy). In some embodiments, the network device is a Software Defined Network (SDN) network device (e.g., a packet forwarding device that supports the OpenFlow protocol or another protocol).

Abstract: Various methods, apparatuses/systems, and media for programmatically generating and rotating secrets for applications to read them to connect to various services are disclosed. A processor determines, in a preconfigured time interval, whether secrets/credentials corresponding to a service provider has been changed; calls a first API to retrieve the changed secrets/credentials from the corresponding service provider; stores the changed secrets/credentials to a corresponding predefined location; causes an application to call a second API to retrieve the changed secret or the credential from the corresponding predefined location; and automatically establishes a connection between the application and the corresponding service provider based on a determination that the changed secrets/credentials retrieved from the predefined location matches with the changed secrets/credentials retrieved from the corresponding service provider during the preconfigured time interval.

Abstract: A system includes a memory device and a processor, operatively coupled to the memory device, to perform operations including receiving a request to provide a post-secrets-provisioning service with respect to a device having a supply chain state corresponding to a supply chain associated with the device, in response to receiving the request, determining whether to authorize the request, in response to authorizing the request, obtaining a set of secrets data corresponding to the supply chain state of the device, and providing the post-secrets-provisioning service by emulating, utilizing the set of secrets data, the device having the supply chain state.

Abstract: Methods and devices that manage the secure distribution of credentials from a group of autonomous specialized nodes to a requesting node. The secure distribution of credentials may uses secret share and a group private key that none of the nodes reconstructs or possesses. The credentials include an identifier for the requesting node and a secret point that the node assembles from portions of the secret point provided by each of a plurality of the specialized nodes, where the secret point is based on the group private key and a map-to-point hash of the requesting node's identifier.

Abstract: A first appliance receives from a second controllable appliance a command for causing the first controllable appliance to be placed into a state and, in response, determines a trust level of the second controllable appliance. When it is determined that the second controllable appliance is trustworthy, the first controllable appliance executes the command. When it is determined that the second controllable appliance is untrustworthy, the first controllable appliance ignores the command. Otherwise, the first controllable appliance enters into a state in which the first controllable appliance waits for at least a predetermined period of time for a user to confirm whether or not the first controllable appliance should be caused to execute the command.

Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.

Abstract: In some implementations, a system may receive a request to facilitate a service interaction involving a user. The system may determine, based on receiving the request, a priority factor associated with facilitating the service interaction for the user. The priority factor may be determined based on account activity information associated with a user account of the user. The system may determine, based on the priority factor and service information, a priority score associated with facilitating the service interaction. The system may select, based on the priority score, a queue location of a queue. The queue may be associated with a provider system that is configured to facilitate the service interaction. The system may perform an action associated with causing the provider system to facilitate the service interaction according to the queue location.

Abstract: The present disclosure is directed to systems and methods for providing interactive services to a device. For example, a method may include determining service authorization information for a device, the service authorization information being associated with an interactive service on a wireless network. The method may also include determining device policies for the device based on the service authorization information. The method may also include transmitting the device policies to the device, wherein the device policies cause the device to select a cloud rendering server for the interactive service.

Abstract: A device determines that a policy is to be executed. The device retrieves rules, resource identifiers, and data provider identifiers associated with the policy, generates a pending rules data structure and populates the pending rules data structure with identifiers of the retrieved rules and their respective necessary resources as indicated by the resource identifiers. The device generates a pending resources data structure with the resource identifiers and their respective data providers, collects, asynchronously, each resource, and, as each respective resource is collected, deletes the respective resource from the pending resources data structure and populates a collected resources data structure with an identifier of the respective resource.

Abstract: A middleware system and corresponding methods are described whereby data communications, either inter-device or intra-device, are coordinated using a set of cryptographic identifiers that correspond to computing elements, such as interfaces, methods, parameters, classes, among others. The cryptographic identifiers are coupled to data messages being sent across the middleware system and processed to indicate adherence to protocol standards and/or to cause transformation of the data messages such that the receiver receives a data message adhering to their acceptable protocol standards.

Abstract: A method allowing execution of transmission functions hosted in intermediate pieces of equipment of a path established between two pieces of communication equipment. End-to-end encryption systems are designed to resist any surveillance or tampering attempt, as no third party can decrypt or modify the communicated data. There is a solution which, depending on the connection opening requests of the applications, allows to select and assemble the transport protocols necessary for the operation of the application. However, this method is local: this protocol stack is only assembled at the pieces of communication equipment constituting the ends of the connections. Consequently, the requests emitted by these applications are not transmitted to the intermediate pieces of equipment which host the desired functions.

Abstract: Methods and apparatuses for authentication and/or provisioning of wireless network devices, and in particular, methods and apparatuses for authentication and/or provisioning of wireless network devices that are communicating with and may be monitored and/or controlled by a remote (e.g., cloud) server.

Abstract: A management section 122 allows a user A to sign in to a server. A user data acquiring section 136 acquires, from the server, data regarding a user B who is associated with the user A in the server but who is not yet registered in an information processing device 10. A user data holding section 138 holds data regarding the user A and the data regarding the user B that has been acquired. A login screen generation section 124 uses data held by the user data holding section 138 and displays a login screen including information regarding the user A and information regarding the user B.

Abstract: Systems, methods, and software described herein provide enhancements for managing permissions in a shared graph. In one implementation, a graph management system identifies a request to classify a first subgraph in the graph for access by a tenant of a plurality of tenants, wherein the request indicates one or more vertex types and/or one or more edge types for the first subgraph. The graph management system further identifies one or more vertices and/or one or more edges in the graph that qualify for the first subgraph based on the indicated one or more vertex types and/or one or more edge types, and allocates permissions to at least one user associated with the tenant to access the first subgraph.

Abstract: A system for processing video files includes receiving the video files, transcoding each of the video files, and making available each of the transcoded video files to a target platform. A predictive analysis process estimates the respective end times that each of the video files will be available for the target platform. Each of the respective end times are compared against a licensing window associated with the respective video file.

Abstract: A computer-implemented method, operable on a device in a content delivery network (CDN), wherein the CDN delivers content on behalf of at least one content provider, the device implementing a content delivery (CD) service, the method includes, by the service on the device: receiving a request for a particular resource from a client; determining whether the client includes an optimization support mechanism; when the client includes an optimization support mechanism, providing the client with a first version of the particular resource, optimized, at least in part, for the capabilities of the client in combination with the optimization support mechanism; otherwise providing the client with either (i) an un-optimized version of the particular resource, or (ii) a version of the particular resource optimized, at least in part, for the capabilities of the client without the capabilities of the optimization support mechanism.

Abstract: Examples described herein relate to a network device apparatus that includes a packet processing circuitry configured to determine if target data associated with a memory access request is stored in a different device than that identified in the memory access request and based on the target data associated with the memory access request identified as stored in a different device than that identified in the memory access request, cause transmission of the memory access request to the different device. In some examples, the memory access request comprises an identifier of a requester of the memory access request and the identifier comprises a Process Address Space identifier (PASID) and wherein the configuration that a redirection operation is permitted to be performed for a memory access request is based at least on the identifier.

Abstract: Generally discussed herein are devices, systems, and methods for adaptive authorization using a local route as a named location. A method can include defining a local route and a corresponding local route endpoint, associating a compute resource as a destination of the local route endpoint, defining an adaptive authorization policy that limits access to the compute resource to be through the local route endpoint, and enforcing access to the compute resource based on the defined adaptive authorization policy.

Abstract: Disclosed are various examples for configuring network security based on device management characteristics. In one example, a specification of a set of network resources on an internal network is received from an administrator client. The set of network resources are those network resources that a particular application executed in client devices on an external network should be authorized to access. A gateway from the external network to the internal network is then configured to permit the particular application to have access to the set of network resources.

Abstract: A wireless device enterprise management system and a method for operating the management system in a controlled environment is disclosed. The enterprise management system includes implementing a container-based file system on wireless devices within the controlled environment. Enterprise management system manages and controls the organization of files into one or more containers on each wireless device. Each container is associated with one or more execution rules that allow or restrict execution of files that are located in the container.

Abstract: The exemplary embodiments include a method to perform, based on at least one of hypertext transport protocol and non-hypertext transport protocol traffic tests failing, sending an hypertext transport protocol message to a subscription remediation server URI that carries a package1 message, receiving an hypertext transport protocol response from the subscription mediation server with a package2 message, and automatically replacing a password with a new value, automatically initiating creation of a new client certificate, or launching a browser to a URI provided in the response to enable user intervention. In addition, to receive an access request from a device, determining whether credentials are valid, and if the credentials are determined valid, sending an access-accept message with a success indication, and if the credentials are determined not valid, sending an access-accept message with a success indication and an indication that access by the device is limited to only a subscription remediation server.