Abstract: Techniques for securing a device for use in or with a process plant include provisioning the device with a key generated at least in part from data indicative of necessary conditions and/or attributes that must be met before the device is allowed access to a network of the process plant. Upon initialization, the device determines, based on the key, whether or not the necessary conditions are met, and the device isolates itself or accesses the process control network accordingly. Keys and the necessary conditions/attributes indicated therein may be based on, for example, location, time, context, customer, supplier, particular plant, manufacturer, user, data type, device type, and/or other criteria. Additionally, sub-keys associated with a key may be generated from another set of necessary conditions/attributes. Sub-keys may be provided by a different entity than the key provider entity.

Abstract: Embodiments disclosed herein provide systems and methods for allowing non-compliant communication devices to receive multimedia messages. In a particular embodiment, a method provides receiving, from a multimedia messaging system, a content identifier that a destination communication device will use to access content of a multimedia message transferred from a first communication device. The method further provides determining a device identifier for the destination communication device and inserting the device identifier into the content identifier. After inserting the device identifier, the method provides transferring the content identifier to the destination communication device.

Abstract: Systems and methods of determining image characteristics are provided. More particularly, a first image having an unknown characteristic can be obtained. The first image can be provided to a plurality of user devices in a verification challenge. The verification challenge can include one or more instructions to be presented to a user of each user device. The instructions being determined based at least in part on the first image. User responses can be received, and an unknown characteristic of the first image can be determined based at least in part on the received responses. Subsequent to determining the unknown characteristic of the first image, one or more machine learning models can be trained based at least in part on the determined characteristic.

Abstract: A method is used in managing knowledge-based authentication systems. Questions are created from organization based information. The questions are evaluated based on a set of parameters. Based on the evaluation, a set of questions is selected from the questions and a set of responses is selected for each question of the set of questions for a scenario. A user is authenticated in the scenario using the set of questions.

Abstract: The present disclosure relates to systems and methods for enabling execution of encrypted managed programs in common managed execution environments. In particular the disclosure relates to method of loading and associating an extension module to the managed execution environment configured to receive execution event notifications. The events corresponding to the execution of encrypted methods are intercepted and passed on to a decryption module operable to execute within an hypervisor environment, such that the managed encrypted program is decrypted, executed in a secured location, preventing access of untrusted party. The decryption module is further configured to discard decrypted instruction if cooperation of the extension module is required, or upon program termination.

Abstract: Authorization decisions can be made in a resource environment using authorization functions which can be provided by customers, third parties, or other such entities. The functions can be implemented using virtual machine instances with one or more transient compute containers. This compute capacity can be preconfigured with certain software and provided using existing compute capacity assigned to a customer, or capacity invoked from a warming pool, to execute the appropriate authorization function. The authorization function can be a lambda function that takes in context and generates the appropriate security functionality inline. The utilization of ephemeral compute capacity enables the functionality to be provided on demand, without requiring explicit naming or identification, and can enable cause state information to be maintained for a customer.

Abstract: The present disclosure relates systems and methods for executing an encrypted code section in a shieldable CPU memory cache. Functional characteristics of the software product of a vendor, such as gaming or video, may be partially encrypted to allow for protected and functional operability and avoid hacking and malicious usage of non-licensed user. The encrypted instructions may be written to the CPU memory cache and decrypted only once the CPU memory cache is switched into a shielded state. The decrypted code instructions may be executed from a designated cache-line of said CPU memory cache still in the shielded state.

Abstract: According to one embodiment, an apparatus includes a memory and a processor. The memory is configured to store a plurality of phishing scores, each phishing score of the plurality of phishing scores indicating a likelihood that a user will delete a phishing email. The processor is configured to determine that a plurality of phishing campaigns are occurring. For each phishing campaign of the plurality of phishing campaigns, the processor is configured to determine that a plurality of users deleted a phishing email of the phishing campaign and to determine a priority score for the phishing campaign based on the phishing score of each user of the plurality of users. The processor is further configured to rank the plurality of phishing campaigns based on the priority score of each phishing campaign, wherein the phishing campaign of the plurality of phishing campaigns with the highest rank is presented first.

Abstract: A method for authentication of a user to a device by a remote server comprises a remote server initiates a local procedure on the device that causes the user to perform an act, wherein the act is observed by the device, and further wherein the act involves relative movement between the user and a camera, where fiducial marks are captured, and information transmitted to the server for the server to make a determination of whether to authorize the user to the device.

Abstract: A server coupled to wireless transceivers wirelessly communicating user data on corresponding ones of a plurality of wireless local area networks (WLAN) is disclosed. The server comprises: a memory, and a processor. The memory to store executable instructions. The processor is coupled with the memory, wherein the processor, responsive to executing the executable instructions, performs operations comprising: identifying wireless transceivers and access privileges requested by each of a plurality of WiFi service vendors; opening a control portal between each WiFi service vendor and the corresponding wireless transceivers identified in the identifying act; and arbitrating access by each WiFi service vendor to the corresponding identified wireless transceivers to avoid interruption of the wireless user data communications on corresponding ones of the WLANs.

Abstract: The disclosed computer-implemented method for securely authenticating users via facial recognition may include (1) identifying a request from a user to complete an authentication process on the computing device via a facial-recognition system, (2) sending the user a randomized unique identifier to display to a camera on the computing device, (3) simultaneously observing, via the camera on the computing device, both the user and the randomized unique identifier that was sent to the user, and (4) authenticating the observed user in response to determining both that the observed user's facial characteristics match facial characteristics of the user stored in the facial-recognition system and that the observed randomized unique identifier matches the randomized unique identifier sent to the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system and method for authentication policy orchestration may include a user device, a client device, and a server. The server may include a network interface configured to be communicatively coupled to a network. The server may further include a processor configured to obtain, from a client device via the network, a transaction request for a transaction, determine an authorization requirement for the transaction request based, at least in part, on a plurality of authorization policies, individual ones of the plurality of authorization policies being separately configurable by at least one of a relying party and an authorizing party, and complete the transaction based on the authorization requirement having been met.

Abstract: A monitoring device and method for identifying the identity of users requesting database accesses. The data request from application servers to an application server are monitored and parsed. The SQL statements associated with the data request from the application server are also monitored and parsed, so are the SQL responses from the database server. The SQL responses are sent back to the user as data responses. The data responses are also monitored and parsed. The monitoring device matches the parsed data request with the parsed SQL statements, the parsed SQL responses, and the parsed data responses. By matching the string portion of these parsed data, the monitoring device can then identity the identity of the user making such data base request.

Abstract: In a method of approving access to a server network from any terminal requesting access, a communication request is sent from the terminal to a server on a first communication path. An image containing a series of symbols is communicated to the user on a communication path different from the first path. From the image the user calculates a response based upon a particular pattern in the image defining certain symbols which are then used in an operation to determine from the symbols a response which is different from the symbols. A comparison is made between the response received and a previously stored response to assess whether access should be allowed.

Abstract: According to one embodiment, an apparatus is configured to store a plurality of phishing scores, each phishing score of the plurality of phishing scores indicating a likelihood that a user will respond to a phishing email The apparatus is communicatively coupled to the memory and is configured to determine that a plurality of phishing campaigns are occurring. For each phishing campaign of the plurality of phishing campaigns, the apparatus is configured to determine that a plurality of users responded to the phishing campaign and to determine a priority score for the phishing campaign based on the phishing score of each user of the plurality of users. The apparatus is further configured to rank the plurality of phishing campaigns based on the priority score of each phishing campaign, wherein the phishing campaign of the plurality of phishing campaigns with the highest rank is reviewed first.

Abstract: In a wireless docking system a dockee device (120) communicates with a host device (100) that is coupled to at least one peripheral (110, 111, 112). The host device has a host communication unit (102) and a docking processor (101) arranged for docking at least one dockee device. The dockee device has a dockee communication unit (121), and a dockee processor (122) for docking to the host device. The dockee processor is arranged for providing at least one virtual peripheral device in a virtual docking environment, the virtual peripheral device having a privacy level. When docking, the virtual peripherals are mapped on actual peripherals so as to apply the privacy level to the actual peripheral. When docked, data transfer with the actual peripheral is controlled according to the respective peripheral privacy level.

Abstract: There is provided a system and method for human verification by a contextually iconic visual public Turing test. There is provided a method comprising receiving a request to verify whether a client is human controlled, selecting, by contextual criteria, a plurality of images each having one or more associated tags from a database, generating a challenge question and a corresponding answer set based on associated tags of a subset of the plurality of images, presenting the plurality of images and the challenge question to the client, receiving a submission to the challenge question from the client, and responding to the request by verifying whether the submission is contained in the answer set to determine whether the client is human controlled. The contextual criteria may comprise subject matter, branding, or intended audience of a content provider sending the request, thereby facilitating human responses while deterring automated systems.

Abstract: A touch device with fingerprint identification function includes a glass substrate having a first and a second face, a first electrode layer having multiple first electrodes, an insulation layer, a second electrode layer having multiple second electrodes, a wiring layer, a film layer covering the second electrode layer and the wiring layer, and a fingerprint identification sensation layer having multiple fingerprint identification chips and multiple transmission leads. The first face is defined with a touch section and a non-touch section. The first electrode layer is disposed on the second face. One face of the insulation layer covers the first electrode layer. The second electrode layer is disposed on the other face of the insulation layer. The wiring layer is disposed at the non-touch section and selectively electrically connected to the first and second electrode layers. The touch device is able to lower manufacturing cost and enhance fingerprint identification precision.

Abstract: Access to a user profile of a user device at a location may be provided to a destination device upon detecting that the location is within a proximity of a destination location. An expiring token may be generated, associated with the user profile, and communicated to the second device. Access to the user profile provided to the destination device may be terminated upon an expiration of the expiring token.

Abstract: Access to a user profile of a user device at a location may be provided to a destination device upon detecting that the location is within a proximity of a destination location. An expiring token may be generated, associated with the user profile, and communicated to the second device. Access to the user profile provided to the destination device may be terminated upon an expiration of the expiring token.

Abstract: Systems and methods for real-time user verification in online education are disclosed. In certain example embodiments, user identifying information associated with a user and a request to access online education content may be received from a user device. A face template including historical facial image data for the user can be identified. Current facial image data can be compared to the face template to determine if a match exists. Biometric sensor data, such as heart rate data, may also be received for the user. The biometric sensor data may be evaluated to determine if the user is currently located at the user device. If the user is currently located at the user device and the current facial image data matches the face template, access to the online education content may be provided to the user at the user device.

Abstract: Systems and methods are provided for social networks that can verify that enrolled users are not misrepresenting facts about themselves such as age and gender. Verification can be performed, for example, by reference to biometric templates stored during the user enrollment process. The biometric templates can also be used to authenticate users logging into the social network to prevent user impersonation. The ability of some users to communicate to other users of the social network can be limited to only certified users, and even to those certified users that match a criterion, such as gender or age.

Abstract: The present invention discloses methods and systems for managing a node through a management server. The management server verifies whether a management confirmation has been received and allows a second user group to manage the node if the management confirmation is received. If the management confirmation is not received by the management server, the second user group is not allowed to manage the node through the management server.

Abstract: Methods for providing a privacy setting for a target user in a social network utilizing an electronic computing device are presented, the method including: causing the electronic computing device to retrieve a current privacy setting for a common profile item, where the common profile item corresponds with the target user and each of a number of users, and where the common profile item is one of a number of common profile items; causing the electronic computing device to calculate a common profile item sensitivity value for the common profile item based on the current privacy setting; causing the electronic computing device to calculate a common profile item visibility value for the common profile item based on the a current privacy setting and the sensitivity value for the common profile item; and causing the electronic computing device to calculate the privacy score of the target user.

Abstract: Implementations of the disclosure describe systems and methods for triggering user notifications of media content items. It is determined that a plurality of media content items has a value of an interest metric exceeding a defined threshold value. The plurality of media content items are represented by a list of media content items compiled based on a pre-defined criterion. The interest metric reflects interest of a user to the plurality of media content items. The plurality of media content items is provided by a content channel that has not been subscribed to by the user. Among the plurality of media content items, a media content item that has not been consumed by the user is selected. A notification is provided to a device employed by the user to notify the user of the media content item.

Abstract: A virtual basic input output system can be selected from different virtual basic input output systems. The selection of the virtual basic input output system is by a controller and the selection can be based on information about a software stack.

Abstract: A container that manages access to protected resources using rules to intelligently manage them includes an environment having a set of software and configurations that are to be managed. A rule engine, which executes the rules, may be called reactively when software accesses protected resources. The engine uses a combination of embedded and configurable rules. It may be desirable to assign and manage rules per process, per resource (e.g. file, registry, etc.), and per user. Access rules may be altitude-specific access rules.

Abstract: The management of credentials subject to a lockout policy can include dynamically determining appropriate lockout thresholds and other such values appropriate for a current situation. For example, the number of incorrect password attempts allowed before an account lockout can be based at least in part upon the amount of time that has passed since a most recent password change. There might be an unlimited number of attempts allowed for a short period after a password change, followed by a decreasing number of permissible attempts over a subsequent period of time. In some embodiments the number of correct attempts received after a password change can affect the number of incorrect attempts allowed. Further, if an incorrect attempt matches a previously correct password then that attempt might not count toward the number of incorrect attempts compared against the threshold, at least for a determined period of time after a password change.

Abstract: A system that incorporates the subject disclosure may perform, for example, generating parental control information for each of a plurality of users according to options selected from a plurality of media program tags retrieved from a library, detecting a first user of the plurality of users according to biometric information of the first user, identifying the parental control information associated with the first user, tuning to a first media channel responsive to receiving a first request, receiving in the first media channel a first media program tag associated with a first media program, and enabling presentation of the first media program at a presentation device responsive to detecting from the parental control information associated with the first user that the first media program tag is included in a first list of unrestricted media program presentations. Other embodiments are disclosed.

Abstract: The present invention relates to the technical field of computer technologies. Disclosed are a verification method, apparatus and system. The method comprises: responding to a verification request sent by a terminal, and randomly selecting an image combination from pre-generated multiple image combinations; merging images in the image combination according to a preset merging mode, processing a merged image according to a second processing mode, and generating a verification code; sending the verification code and a verification question associated with the image combination to the terminal; and receiving a verification result returned by the terminal, and performing verification according to the verification result, the terminal performing image cutting on the verification code, the verification result being generated by the terminal according to a received verification answer, and the verification answer being selected from the cut verification code. The present invention improves the security.

Abstract: An apparatus includes a memory of a mobile compute device, and a hardware processor of the mobile compute device. The hardware processor is configured to implement an operating system and an authentication module. The operating system is configured to receive a first authentication identifier, and is also configured to authorize use of the mobile compute device based on the first authentication identifier meeting a first criterion. The authentication module is configured to, in response to the operating system authorizing use of the mobile compute device, disable at least one function of the mobile compute device and request a second authentication identifier. The authentication module is also configured to receive the second authentication identifier. The authentication module is also configured to enable the at least one function in response to the second authentication identifier meeting a second criterion.

Abstract: Systems and methods are disclosed which may allow a merchant to wirelessly transmit accepted forms of payment using a beacon installed in the merchant location or near the merchant location. A consumer having a device capable of receiving the wireless transmission may receive the accepted forms of payment and have them displayed on a screen of the device. The device may also send the accepted forms of payment to a remote server that has issued the consumer a programmable credit card such that the remote server can program the credit card based on the forms of payment accepted by the merchant.

Abstract: Methods and systems for verifying the identity and trustworthiness of a user of an online system are disclosed. In one embodiment, the method comprises receiving online and offline identity information for a user and comparing them to a user profile information provided by the user. Furthermore, the user's online activity in a third party online system and the user's offline activity are received. Based on the online activity and the offline activity a trustworthiness score may be calculated.

Abstract: A method/system for removing redundancy in packets is disclosed. In one embodiment, for each of the sets of one or more consecutive bytes within the packet, the method divides the one or more consecutive bytes into a plurality of non-overlapping, consecutive segments; generates a segment feature for each of the plurality of non-overlapping, consecutive segments through application of a plurality of cryptographic hash functions with different random seeds; generates a single duplication feature based on a combination of the segment features for the plurality of non-overlapping, consecutive segments; and generates a single compressed string when a predetermined condition is met, based on a comparison of the single duplication feature and a set of stored duplication features. The method continues with sending the resulting strings in place of the packet toward the packet's destination.

Abstract: There is provided a client device including a storage section which stores content data, a control section which acquires content identification information for identifying the content data stored in the storage section, and a transmission section which transmits, to a server device, a registration request including user identification information for identifying a user who uses the client device and the content identification information acquired by the control section, and which, when the server device holds the content data identified by the content identification information, causes the server device to hold information obtained by associating the user identification information with the content identification information as user-specific registration information.

Abstract: A system and integration infrastructure to provide a distributed matrix or neural network of connected real-time decision support modules designed to perform business intelligence evaluations in real time. The system and integration infrastructure provide a network of intelligence superimposed upon any company's existing IT data centers, and cloud computing connections. The system is highly customizable to the unique business model deployed by the client company within the best practices of the client company's industry. Whether or not the client company has integrated their diverse enterprise systems, the elements of the matrix are annealed to the various data sources, transaction logs and client software installations currently deployed. These matrix elements or neurons are designed to house critical operational data, determined by the operational model of the client company to be of critical importance.

Abstract: Techniques for improving security on a device are disclosed. In an aspect, a multi-factor password comprising a plurality of factors may be used to improve security. Each factor may correspond to a different type of information that may be used for authentication and/or other purposes. For example, the plurality of factors may include an alpha-numeric string, a fingerprint of a user, a voice clip, a picture, a video, etc. The device may authenticate the user based on the multi-factor password. In another aspect, a dynamic password that varies with at least one parameter (e.g., time, location, etc.) may be used to improve security. The dynamic password may have a plurality of values for a plurality of scenarios defined by at least one parameter. The device may authenticate a user in a given scenario based on a value of the dynamic password applicable for that scenario.

Abstract: Authentication objects are usable to generate other authentication objects. A user associated with a first authentication object has access to a system. The first authentication object is usable to generate a second authentication object that is usable by a second user for access to the system in accordance with access granted to the second user via the second authentication object. The second authentication object may have various restrictions so that the second user does not obtain all access available to the first user.

Abstract: Provided are an apparatus and method for managing security contents using a virtual folder.

Abstract: Authenticating users comprises a computing device that receives a manual authentication input of a user and initiates a first user session between the user and the user computing device. The device communicates a request for a first user authorization data from an authentication technology associated with the one or more computing devices and receives the first user authentication data. The user or the device terminates the first user session and subsequently receives an input of the user to initiate a second user session. The device communicates a request for second user authentication data from the authentication technology and compares the first user authentication data and the second user authentication data. The device identifies a match of one or more features of the first user authentication data and one or more features of the second user authentication data and authorizes the user to conduct the second user session.

Abstract: Technology is described for enabling passive enforcement of security at computing systems. A component of a computing system can passively authenticate or authorize a user based on observations of the user's interactions with the computing system. The technology may increase or decrease an authentication or authorization level based on the observations. The level can indicate what level of access the user should be granted. When the user or a component of the computing device initiates a request, an application or service can determine whether the level is sufficient to satisfy the request. If the level is insufficient, the application or service can prompt the user for credentials so that the user is actively authenticated. The technology may enable computing systems to “trust” authentication so that two proximate devices can share authentication levels.

Abstract: Systems and techniques are provided for gesture-based password entry to unlock an encrypted device. A gesture input from a user to a gesture interface may be received. The gesture input may be converted to gesture data which may be hashed using a hashing algorithm to obtain a table key. A table including a master key may be encrypted using the table key. The master key may include a key for decrypting a primary storage that is at least partially encrypted. A second gesture input may be receive. The second gesture input may be an input from a user to the gesture interface. The second gesture input may be converted to second gesture data which may be hashed using the hashing algorithm to obtain a key equivalent to the table key. The table including the master key may be decrypted using the key equivalent to the table key.

Abstract: A keying infrastructure may generate and/or manage cryptographic keys. The cryptographic keys may include identity keys, encryption keys, and a variety of other types of keys. The cryptographic keys may be derived or created with a key derivation function (KDF) or other one-way function. The cryptographic keys may include keys that are accessible to a boot loader, keys that are accessible to particular components of a Trusted Execution Environment (TrEE), and so on. In some examples, a key may be derived from a preceding key in a sequence of keys. The preceding key may be deleted when the key is derived.

Abstract: A system may be configured to allow for network-based authentication of a user device, which may reduce or eliminate the need for a user to provide credentials. The authentication may be performed when the user device attempts to access content provided by a third party content provider. The network-based authentication may be performed by, or in conjunction with, a device that (a) is associated with the same telecommunications network as the user device, and (b) can authenticate the identity of the user device.

Abstract: A method of and an apparatus for managing authentication in an electronic apparatus are provided. The method includes obtaining authentication information using an authentication module; pairing the authentication information with an object to which access is controlled; and displaying an image related to the object together with the authentication information. The electronic apparatus includes an authentication module configured to obtain authentication information; a control module configured to pair the authentication information with an object to which access is controlled; and a display module configured to display an image related to the object together with the authentication information.

Abstract: A method, system or computer usable program product for managing access to an electronic system through a touchscreen device including presenting a display of a first and a second scrolling stream of icons; responsive to user input, detecting contemporaneous selection of a first icon from the first scrolling stream and a second icon from the second scrolling stream; and responsive to the selection of the first and second icon matching an established unlock pattern, unlocking the electronic system.

Abstract: The disclosure relates to a trust heuristic model for reducing a control load in an IoT resource access network. For example, an authenticating node may challenge a client node that requests access to a resource and grant the access if the client node correctly responds to the challenge or alternatively deny the access if the client node incorrectly responds to the challenge. Furthermore, based on the response to the challenge, the client node may be assigned a trust level, which may be dynamically updated based on successive challenge-and-response exchanges and/or interactions with other IoT network nodes. For example, to reduce the resource access control load, subsequent challenge-and-response intervals may be increased or eliminated if the client node correctly responds to successive challenges over time, while client nodes that incorrectly respond to successive challenges over time may be blocked from accessing the resource or banned from the IoT network.

Abstract: In accordance with embodiments of the present disclosure, a method may include receiving a unique identifier associated with a host information handling system. The method may also include, responsive to receiving the unique identifier, communicating a signed unique identifier to the host information handling system, the signed unique identifier comprising the unique identifier signed with a private key. The method may further include enabling at least one of pre-boot access and root access by a client information handling system to an access controller responsive to the access controller decrypting the signed unique identifier with a public key corresponding to the private key and determining that the decrypted signed unique identifier and the unique identifier match.

Abstract: The first authentication unit of an authentication apparatus decides whether first authentication data exists in a received message, and performs, if it is decided that the first authentication data exists, authentication based on the first authentication data. The second authentication unit of the authentication apparatus decides whether second authentication data exists in the received message, and performs, if it is decided that the second authentication data exists, authentication based on the second authentication data. If the second authentication unit decides that no second authentication data exists in the received message, and the first authentication unit decides that authentication has succeeded, it is decided that authentication for the received message has succeeded.

Abstract: In accordance with embodiments, there are provided mechanisms and methods for displaying one or more data sets to a user. These mechanisms and methods for displaying one or more data sets to a user can enable enhanced data security, more relevant data display, reduced processing, etc.