Abstract: An authentication method for authenticating a client with a service over a network of peers, comprises: storing encrypted enrolled authentication data for the client in a storage that is accessible by means of an access privilege; storing a decryption clue for the encrypted enrolled authentication data in a client data block chain; receiving, by the network, authentication information from the client; generating, by a server connected to the client, a decryption key according to a contract involving the decryption clue stored in the client data block chain; receiving, by the network, the encrypted enrolled authentication data from the storage; decrypting, by the network, the encrypted enrolled authentication data using the decryption key to obtain decrypted enrolled authentication data; comparing, by the network, the decrypted enrolled authentication data with the authentication information received from the client for obtaining a match score based on a consensus of the peers of the network; and storing the m

Abstract: Systems and methods for network security are provided. Various embodiments issue single use certificates for validating remote endpoints access to the private network. Some embodiments use a triage zone (or triage gateway) to which remote device can calls into using a static issued certificate. However, instead of granting complete access to the virtual private network, the use of this static certificate only grants access to the triage zone where further validation of the endpoint without any access to sensitive content on the private network. The endpoint can be connected to an ID manager within the triage zone. The endpoint can then send the username and password to the ID manager that can create a single use certificate (e.g., valid for a limited period of time). While valid, the single use certificate can be used by the remote device to gain access to the production zone using a VPN tunnel.

Abstract: The present invention relates to a financial payment method using biometric information, in which biometric information of an individual collected in a mobile device of an affiliated member is transmitted to a mobile device of the individual to allow the biometric information to be authenticated in the mobile device of the individual, and after the authentication of the biometric information, a substitute key that corresponds to a card password preset by the individual is inputted, and a financial payment is requested based on the payment content.

Abstract: A method, an apparatus and a device for sharing a password between a BIOS and an operating system are provided, which are applied to a Legacy boot mode. In the method, a user is prompted to input a password of the BIOS. The password inputted by the logon user is received and verified. The verified password is stored in a predetermined target memory and E820H information is created if the received password is verified as correct, where address data in the E820H information points to an address of the target memory. The address of the target memory is determined based on the created E820H information and memory contents are obtained if a password is set for the operating system. The logon user is permitted to log on the operating system if the acquired memory contents are verified as correct.

Abstract: A system and method for executing queries on an indexed view are presented. The method includes processing an input query directed to data maintained by the indexed view to generate a plurality of statements responsive to the input query, wherein the indexed view includes index information and a plurality data chunks; verifying a global index to locate segments of the indexed view; verifying a plurality of local indexes to locate data chunks containing values related to the plurality of statements, wherein the index information includes at least one local index per data chunk and at least one global index per the entire indexed view; processing the plurality of statements by accessing the data chunks containing values related to the plurality of statements; and responding to the input query based on the accessed data chunks.

Abstract: This disclosure relates to identity verification. In one aspect, a method includes obtaining verification information during a user application session of a user with an application component subsequent to a verification triggering request to perform identity verification on the user. A determination is made whether the verification information satisfies a first identity verification-free condition. When the verification information satisfies the first identity verification-free condition, an identity verification-free operation that does not include identity verification of the user is performed. When the verification information fails to satisfy the first identity verification-free condition, an identity verification process is performed to verify an identity of the user.

Abstract: A method includes receiving, by a computing entity, a transaction for fraud evaluation. The method further includes generating, by the computing entity, evidence vectors regarding the transaction, wherein an evidence vector is a piece of information regarding a topic, or portion thereof, of a list of topics. The method further includes engaging, by the computing entity, tools to generate risk analysis responses based on the evidence vectors. The method further includes discarding, by the computing entity, indeterminate responses of the risk analysis responses to produce a group of risk analysis responses. The method further includes interpreting, by the computing entity, the group of risk analysis responses to produce a fraud evaluation answer of low risk of fraud, high risk of fraud, or further analysis is required.

Abstract: A printing apparatus includes: a transporter; a print device; a communication interface performing a wireless communication with a plurality of external devices; a storage; and a controller performing: registering device information of specific external device in the storage; determining whether the device information of one external device newly connected to the printing apparatus is registered in the storage; when it is determined that the device information is not registered, making connection to the one external device a suspension state; prompting the external device registered in the storage to confirm whether to release the suspension state of the one external device; receiving a notification from the external device registered; and in a case the received notification indicates releasing permission of the suspension state, releasing the suspension state in the one external device.

Abstract: An intermediation method used in an intermediation system that includes an intermediation device determining a permission for application services requiring user authentication on a network, where in response to a user request, a first account used for a first service and a second account used for a second service, and a registration request for using the linking service linking the first application service and the second application service are associated with each other, when the two accounts are valid, as accounts usable in a linking service, an association between the first and second services is stored in the intermediation device, and when the user makes a request to use the linked services, that use is controlled by a query to the intermediation device regarding whether the account is associated as able to use the linking service.

Abstract: There are provided systems and methods for a sentence based automated Turing test for detecting scripted computing attacks. A computing may request access to a service or data from a service provider, where the service provider may be required to determine that the device is used by a user and not a bot executing a scripted or automated process/attack against the service provider. To authenticate that the device is used by a user, the service provider may determine and output a challenge that queries the user to fill in one or more missing words from a sentence. Acceptable answers may be based on past messages and internal data that is specific to the service provider, as well as an external corpus of documents. The service provider may also further authenticate the user based on the user's response and a likely user response for that user.

Abstract: A system is described that secures application data being maintained in transient data buffers that are located in a memory that is freely accessible to other components of the system, regardless as to whether those components have permission to access the application data. The system includes an application processor, a memory having a portion configured as a transient data buffer, a hardware unit, and a secure processor. The hardware unit accesses the transient data buffer during execution of an application at the application processor. The secure processor is configured to manage encryption of the transient data buffer as part of giving the hardware unit access to the transient data buffer.

Abstract: A cash handling device having at least one processor, a communication interface, an item accepting device, an item dispensing device, an internal currency scanning system, an internal currency transport system, one or more currency storage cartridges, and a memory may receive, from a user, a request to perform a deposit transaction. Based on receiving the request to perform the deposit transaction, the cash handling device may receive at least one deposit item for deposit. Subsequently, the cash handling device may validate the at least one deposit item received for deposit. Based on validating the at least one deposit item received for deposit, the cash handling device may generate a deposit transaction record that includes information directing a banking server to apply a provisional credit to a treasury account associated with the user. Subsequently, the cash handling device may send the deposit transaction record to the banking server.

Abstract: Aspects of the disclosure relate to preventing unauthorized access to secured information systems. A computing platform may receive, from an end user desktop computing device, a request to login to a user account associated with a user account portal. In response to receiving the request, the computing platform may generate an authentication token in an authentication database and may send a notification to at least one registered device linked to the user account. After sending the notification, the computing platform may receive, from the at least one registered device, an authentication response message. If the authentication response message indicates that valid authentication input was received, the computing platform may update the authentication token to indicate that the request to login to the user account has been approved. After updating the authentication token, the computing platform may provide, to the end user desktop computing device, access to a portal interface.

Abstract: In one embodiment, a method of programming an implantable medical device (IMD) to provide therapeutic operations for a patient, comprises: conducting a first communication session between the IMD with an external programming device when network connectivity for a remote server for medical device management is not available for the external programming device; receiving programming data by the IMD from the external programming device to provide therapeutic operations according to at least one instance of settings data during the first communication session, wherein the at least one instance of settings data is validated by a temporary key; conducting a second communication session between the IMD with an external device when network connectivity to the remote server for medical device management is available for the external device; and replacing validation data signed using the temporary key with the received validation data.

Abstract: A method for generating transaction credentials for a user in a transaction, comprising: storing in a mobile device, an encrypted session key, and an encrypted user authentication credential; receiving an authorisation request; initiating a user authorisation process wherein in the event that the user is an authenticated user, the method comprises: decrypting the encrypted session key and encrypted user authentication credential; generating a transaction cryptogram in dependence on the user authentication credential and the session key; transmitting the transaction cryptogram and a user authentication status to a transaction processing entity for use in a transaction.

Abstract: According to various aspects and embodiments, a system including a programmable device is provided. The programmable device includes a memory storing an identifier of an authentication session and at least one processor coupled to the memory. The at least one processor is configured to receive an authentication credential, decode the authentication credential to access a session identifier and information associated with a requestor of the authentication credential, determine whether the session identifier matches the identifier of the authentication session, and grant the requestor access to protected functionality of the programmable device if the session identifier matches the identifier of the authentication session.

Abstract: In one embodiment, a method is provided. The method includes determining that a network device should use an underlay multicast group associated with an overlay multicast group for multicast traffic. The underlay multicast group carries multicast traffic for the overlay multicast group. The overlay multicast group is associated with a virtual private network. The method also includes determining an underlay multicast group address for the underlay multicast group. The overlay multicast group is associated with an overlay multicast group address. A first portion of the underlay multicast group address is a function of the overlay multicast group address. The method further includes forwarding one or more multicast packets to one or more multicast receivers via the underlay multicast group using the underlay multicast group address.

Abstract: Creating and managing linked decentralized identifiers for an entity. A parent decentralized identifier of an entity has an associated parent private key. A determination is made that a child decentralized identifier is to be created for the parent decentralized identifier. In response to the determination, the parent private key is used to generate a child private key, and a child decentralized identifier is created by at least assigning the generated child private key as the private key for the child decentralized identifier. Each of the decentralized identifiers may be associated with a permission to another entity. The permission associated with the child decentralized identifier may not be broader than the permission granted to the parent decentralized identifier.

Abstract: A method for operating an attribute assertion device having a processor and memory to create an unlinkable digital signature-equivalent of an assertion message that is verifiable—by a service provider receiving the unlinkable digital signature-equivalent—as being generated from a digital signature of a known attribute provider having a public key PKAP. Operating the processor of the attribute assertion device to transform a digital signature of the attribute message into an unlinkable digital signature-equivalent using a one-way transformation of the signature, with the transformation process using a random value generated by the attribute assertion device and a challenge provided by the service provider.

Abstract: The present invention is a system and method for the repeated, dynamic, and automated transformation and manipulation of strings of printable or typeable characters that are commonly used for passwords, PINs, keys, tokens, keys, encryption, and filenames forming a class of printable strings. The system and method described makes use of secured password “Hopping” to maximize data security and user's ease of implementation. “Hopping” refers to a method of automated random-password construction and serial substitution. The process of Hopping as described herein is based upon a set of user-selected transformation rules that employ, among other variables, easily accessible, time-variable, data as sources of randomized inputs. Use of randomized inputs and automated serial substitution at time intervals heightens the security of resulting generated passwords.

Abstract: The disclosed computer-implemented method for protecting geolocation information may include (i) receiving, by a computing device, a geolocation security policy that defines an area in which access to geolocation information by applications will be at least partially limited to protect the privacy of a user, (ii) detecting, by the computing device, a geolocation of the computing device, (iii) applying, by the computing device, the geolocation security policy to the detected geolocation to determine whether the detected geolocation matches the area in which access to geolocation information by the applications will be at least partially limited, and (iv) performing, by the computing device, a security action to protect the privacy of the user based on determining that the detected geolocation matches the area. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: This invention relates to a process for detecting and mitigating risk generated when a customer's log-in credentials are compromised. A significant majority of stolen credentials and customer's personally identifiable information data eventually make their way to the dark web. By dynamically monitoring the dark web and combining the analysis with related information about the user and their credentials on the deep web and the surface web, through a machine learning model, a service provider pre-emptively or otherwise can act to mitigate the risk arising from such compromise of said customer log-in credentials.

Abstract: A method, mobile device, and PKI are provided for enrolling a mobile device into a PKI domain for certificate management is provided. A first asymmetric key pair and a unique identifier is established in a device. The first asymmetric key pair includes a public key and a private key. The public key and the unique identifier are transferred to the PKI domain. The public key and the unique identifier are imported into the PKI domain. The device generates a second asymmetric kay pair and sends a certificate signing request (CSR) that is protected with the digital signature of the first asymmetric key pair. The CSR is transferred to the PKI domain. The PKI domain authenticates the CSR using the first public key and the unique identifier. Upon validation, the PKI domain issues a certificate to the device.

Abstract: An apparatus, method and computer program product provide a simplified method for unlocking an electronic device that uses soft keys, such as capacitive touch keys, or proximity detection areas and patterns. The keys may be implemented in the form of areas of a sensor, and a processing circuit observes a touch pattern (or proximity pattern, or characteristic pattern such as a capacitance pattern of a user's finger) and compares the same with the registered pattern to determine if there is a likeness. In doing so, the electronic device is operated at a low power state, and in that low power state observes whether a predetermined pattern is observed and when it is, unlocks the electronic device for interaction with a user at a fully operational state. By operating in the low power state while waiting to observe a predetermined pattern before unlocking the user interface, the device does not waste power on false positive detections, and allows for convenient wakeup and accessibility by a user.

Abstract: There are provided systems and methods for authentication through multiple pathways depending on device capabilities and user requests. A user may wish to utilize some device process, such as unlocking and accessing the device to utilize the device's operating system or access and use of a device application or other module (e.g., a camera). The device may be protected by an authentication profile that includes one or more authentication pathways in order to authenticate the user to use those processes. The device may collect user data using device components, such as biometrics, user movements, environmental factors, or other information. The device may attempt to authenticate the user through one of the authentication pathways. If the collected user data is insufficient for one pathway, another pathway may be used. If the user is authenticated under any pathway, the device may provide access to the correspond process.

Abstract: Systems, methods, and devices are disclosed for authenticating a product. An internal component of a product is identified by identifying an intrinsic attribute of the internal component, where the intrinsic attribute is received at a time subsequent to independently storing the intrinsic attribute in a database. A match is determined between the intrinsic attribute and the stored intrinsic attribute. The product is confirmed to be authentic when the match is verified.

Abstract: A system and method are disclosed that leverage multi-factor authentication features of a service provider and intelligent call routing to increase security and efficiency at a customer call center. Pre-authentication of customer support requests reduces the potential for misappropriation of sensitive customer data during call handling. A contactless card uniquely associated with a client may provide a second factor of authentication via a backchannel to reduce the potential for malicious third-party impersonation of the client prior to transfer of the call to the customer call center. Pre-authorized customer support calls may be intelligently and efficiently routed directly to call center agents, without incurring further delay. During call handling, call center agents may initiate further client authentication processes, including contactless card authentication requests, over one or more different communication channels for authorizing access to sensitive information or to allay suspicion.

Abstract: An application programming interface (API) that enables installation of an application as one or more key-value objects on a data storage drive such as a hard disk drive, a solid state drive or a hybrid drive. The API also enables execution of the application within a controlled environment of the data storage drive.

Abstract: A network interface device capable of communication with a data processing system supporting an operating system and at least one application, the network interface device supporting communication with the operating system by means of: two or more data channels, each data channel being individually addressable by the network interface device and being capable of carrying application-level data between the network interface device and the data processing device; and a control channel individually addressable by the network interface device and capable of carrying control data between the network interface device, the control data defining commands and the network interface being responsive to at least one command sent over the control channel to establish at least one additional data channel.

Abstract: In an image processing apparatus, a controller determines using setting specification information whether all of a plurality of users is permitted to use all of a plurality of setting values for a setting category in response to receiving a registration instruction. The setting specification information specifies for each user at least one setting value that is permitted to use for an image process by the user. In response to determining that any of the plurality of users is not permitted to use all of the setting values for the setting category, the controller transmits to the server a registration request not including the plurality of setting values for the setting category. The controller controls, in response to receiving a function execution instruction from the server, an image processing unit to execute the image process in accordance with a setting including a setting value for the setting category.

Abstract: Various methods are provided for facilitating a reduction in the number of required search operations during account creation. One example method may comprise causing creation of a user account object configured for storage in a database, the user account object comprising user personal information, causing creation of a user linked account object configured for storage in the database, the user linked account object comprising user credential information, the user linked account object linked the user account object, generating, via processor, an identification field of the user linked account object, generation of the identification field comprising: receiving at least identification information and an account type; accessing a realm; and utilizing a hash function to generate a composite key as a function of the identification information, the account type, and the realm.

Abstract: An approach is disclosed that presents, to a user of a device, content items accessible from the device with the content items being identified as familiar to an actual user of the device. In addition, one or more comparable items are also presented with the comparable items being identified as unfamiliar to the actual user of the device. A response is received from the user at the device that differentiates the content items the comparable items with the user being authenticated, or not, based on the response.

Abstract: A system for fast secured searching may include a user interface, a web layer configured for executing application logic and configured for interacting with a user via the user interface and configured to perform user authentication, and a database layer in communication with and accessible by the web layer and comprising a database configured for storing data, and a search engine configured for searching the database, wherein, communication to and from the database layer from and to the web layer is controlled by secure socket layer certificate authorization. The database layer may also include an inverted index in communication with the database and the search engine and configured for maintaining updated snapshots relating to the data in the database and an encryption/decryption layer for selective encryption of the data and configurable for field level, document level, and/or chunk level encryption.

Abstract: A computer-implemented method of processing a video stream comprises: feeding the at least one video stream to at least two video processing detectors, each comprising a respective deep convolutional neural network trained to detect one or more of the object or a property of the object; for each of said at least two video processing detectors, receiving a respective stream of object lightweight data records from the respective video processing detector, the stream of object lightweight data records generated based on the respective detection, and representing a property of the object; and feeding at least one stream of object lightweight data records to at least one context detector configured to perform a secondary detection based on object lightweight data of the stream of object lightweight data records, wherein the detections of the at least two video processing detectors are scheduled by a task-graph scheduler.

Abstract: One embodiment provides a method, including: receiving, at a remote device and from a user, a request to generate a one-time password for accessing a default account of a device, wherein the remote device comprises a device public key corresponding to the device and an account public/private key pair corresponding to the default account; generating, at the remote device, the one-time password utilizing the account private key and the device public key; and providing, from the remote device, the one-time password to the user. Other aspects are described and claimed.

Abstract: An information output device includes first and second acquirers and a setter. The first acquirer acquires attribute information concerning an attribute of a user having accessed an area where access control is performed. The second acquirer acquires a setting condition for setting an authenticated output function. The authenticated output function is a function for demanding authentication for outputting information. The setter enables or disables the authenticated output function, based on the attribute information acquired by the first acquirer and the setting condition acquired by the second acquirer.

Abstract: One embodiment is a method including extending a policy server to provide per subscriber policies to a cable modem (CM) and a cable modem termination system (CMTS), receiving, at the policy server, a request for a policy profile from a cable modem termination system (CMTS), accessing a subscriber database to determine the policy profile, and communicating the policy profile to the CMTS. In an example, the policy server is a packet cable multimedia policy server of a cable network.

Abstract: Systems and methods for multifactor authentication are disclosed. One illustrative system described herein includes: a network interface; and a processor coupled to the network interface and configured to: begin a transaction to allow a user to access a secure resource; receive, via the network interface, user data from a mobile device, the user data comprising behavior data associated with the user; compare one or more parameters of the behavior data to expected parameters; and if the parameters are within a required range, allow access to the secure resource; or if the parameters are outside of the required range, restrict access to the secure resource.

Abstract: A technique for securely rendering content downloaded over a network includes parsing a downloaded web page into a DOM (Document Object Model) tree and splitting the DOM tree into multiple DOM instances, where each DOM instance is dedicated to a respective type of web content. The technique processes each DOM instance using a respective render engine, which implements the security policy on the respective type of web content by blocking or altering content, and/or by limiting functionality that may be used in connection with the content.

Abstract: Methods and apparatus for the deployment of financial instruments and other assets are disclosed. In one embodiment, a security software protocol is disclosed that guarantees that the asset is always securely encrypted, that one and only one copy of an asset exists, and the asset is delivered to an authenticated and/or authorized customer. Additionally, exemplary embodiments of provisioning systems are disclosed that are capable of, among other things, handling large bursts of traffic (such as can occur on a so-called “launch day” of a device).

Abstract: A system and method for increasing the proximity sensing distance of a touch and proximity sensitive touch sensor to thereby enable greater distance of detectability of a user in a proximity sensing mode of a touch sensor by driving a time varying voltage or drive signal onto a user who is also holding a touch sensor with at least one hand, and then sensing the drive signal from the user's fingers or thumb on sense electrodes that are on the touch sensor when the fingers are within a proximity sensing distance of sense electrodes in the touch sensor.

Abstract: A method and system for victim notification functions by receiving a report from an accuser regarding conduct of an accused that is believed to constitute harassment, bullying and/or discrimination, the reporting being composed of structured data. The severity of conduct in the report is scored and ranked and the pervasiveness of conduct in the report is scored and ranked by comparing the reported conduct against prior reports regarding the accused. Other reports by the accuser are also analyzed.

Abstract: Embodiments disclosed herein generally related to a system and method of authenticating a user with a third party server. In one embodiment, a method is disclosed herein. A computing system receives, from a remote client device of the user, a token. The token includes personal identification information and a digitized file of a biometric captured by a biometric scanner. The computing system identifies via the personal identification information that the user has a user account. The computing system queries a database with the personal identification information and the digitized file to determine whether the biometric matches a stored biometric in the user account. Upon determining that the biometric matches the stored biometric, the computing system generates a message to be transmitted to the third party server that authenticates the user. The computing system transmits the message to the third party server.

Abstract: In one embodiment, a network interface operable to receive a communication request over a communication link of a radio access network. A processor determines one or more characteristics based on the communication request and communicates a message to a networked device to determine a status of the network device identified based on at least one of the characteristics. The processor then terminates the communication request based in part on the status of the networked device.

Abstract: An endpoint executes a deflection service that detects failed connection attempts (TCP RST packets) and evaluates whether they are likely the result of a reconnaissance attack. If an inbound connection fails, a connection request packet (TCP SYN) is sent to a decoy server that includes data from the TCP RST packet. The decoy server then completes a connection handshake with a destination of the TCP RST packet and engages a process at the destination. If an outbound connection fails, the deflection service facilitates a connection between a process executing on the endpoint and the decoy server and associated with a destination port referenced by the TCP RST packet.

Abstract: The present invention discloses methods and systems for configuring a second system. The system of the present invention determines at least one configuration and the identity information of the second system. The at least one configuration is then sent to the second system. The second system is configured with the at least one configuration. The at least one configuration can be sent through an SMS message, a USB modem plugged in the second system, or NFC. Additionally, the at least one configuration may comprise an APN. The at least one configuration may also be used to configure the second system to establish one or more VPN connections.

Abstract: A system and method for selecting tailored information to present to a subscriber, including receiving subscriber data, determining an analysis set based on the subscriber data, extracting abstract parameters from the subscriber data, selecting an analysis from the analysis set based on a general model and the abstract parameters, and presenting the selected analysis to the subscriber.

Abstract: According to an embodiment, an image processing apparatus includes a display unit, an operation unit, a processing unit, a storage unit, and a control unit. The display unit is configured to display an operation screen on which a processing mode and setting information may be selected. The operation unit is configured to receive an operation instruction from the operation screen displayed on the display unit and to transmit a processing job based on the operation instruction. The processing unit is configured to execute a process based on the processing job received from the operation unit. The storage unit is configured to store use history information indicating the processing jobs. The control unit is configured to customize the operation screen according to the use history information stored by the storage unit and cause the display unit to display the customized operation screen.

Abstract: A first user device may receive, from a second user device, a request to communicatively couple to the first user device, and may establish a communication session with the second user device after receiving the request. The first user device may identify, after establishing the communication session, an inappropriate activity of the second user device relating to the communication session, and perform a set of actions based on identifying the inappropriate activity. The set of actions may include causing the communication session to be restricted, and providing, to a trust platform, a score for the second user device. The score may permit the trust platform to derive a composite score, indicative of a level of trustworthiness of the second user device, that enables other user devices, associated with the trust platform, to determine whether to grant access requests submitted by the second user device.

Abstract: An architecture for a multimedia search system is described. To perform similarity matching of multimedia query frames against reference content, reference database comprising of a cluster index using cluster keys to perform similarity matching and a multimedia index to perform sequence matching is built. Methods to update and maintain the reference database that enables addition and removal of the multimedia contents, including portions of multimedia content, from the reference database in a running system are described. Hierarchical multi-level partitioning methods to organize the reference database are presented. Smart partitioning of the reference multimedia content according to the nature of the multimedia content, and according to the popularity among the social media, that supports scalable fast multimedia identification is also presented.