Abstract: A system is disclosed for storage, processing, and accessing of data. The system includes a front end system and a back end system communicatively connected to the front end system. A front end system is configured to provide one or more user interfaces configured to store, process, and access data in a first data server, in response to user input, by sending messages to the back end system. The back end system includes the first data server and one or more processing servers. The one or more processing servers are configured to process messages received from the front end system by accessing in the first data server to perform one or more operations specified by the messages. The back end system also includes a blockchain server configured to maintain a record of changes made to data in the first data server by the one or more processing servers.

Abstract: The disclosure relates to a method of transmitting and receiving control information in a wireless communication system, and an apparatus therefor. According to an embodiment of the disclosure, the method may include receiving interruption configuration information via upper signaling from a base station (BS), when a format of an interruption indicator transmitted from the BS to a user equipment is determined based on the received interruption configuration information, searching for the interruption indicator, and identifying, based on the format of the interruption indicator, information included in the interruption indicator detected as a result of the searching.

Abstract: Systems and methods for cyber risk analysis and remediation using network monitored sensors are provided herein. An example system includes one or more data collecting devices deployed within a network that collect entity information and monitor network traffic of the network that is related to security information. The network includes computing systems that are subject to a cyber risk policy having breach parameters defining one or more events that are indicative of a cyber security breach. A cyber security risk assessment and management system is used to automatically detect occurrence of one or more of the events that are indicative of a cyber security breach, automatically determine the breach parameters that apply for the one or more events that occurred, and generates a remediation of cyber security parameters for the network.

Abstract: Threads of a process require a shared resource to perform their work. The threads have a shared object, which might include a lock and an expiration time. When the resource has not been acquired and any one of the threads attempts to access the shared resource, that thread locks the lock, acquires the shared resource, sets the expiration time, releases the lock, and then uses the shared resource to perform its work. When any one of the threads requires the resource and the resource has been acquired but the expiration time is within a time threshold, only that thread refreshes the resource, resets the expiration time, and uses the resource to perform its work. When any of the threads require the resource and the resource is available and not expired, the thread uses the shared resource.

Abstract: There is provided mechanisms for verifying a log entry in a communications system. A method is performed by a host server. The method comprises obtaining a log entry of a service access tracker. The log entry indicates access to a service during a client session, the service being tracked by the service 5 access tracker. The method comprises providing the log entry to a trusted third party for digital signing thereof using a digital trusted timestamping scheme. The method comprises verifying that the log entry has been digitally signed by the trusted third party. The method comprises providing a new aggregate comprising the digitally signed log entry and a previous aggregate 10 of previously digitally signed and aggregated log entries to the trusted third party for digital signing thereof using the digital trusted timestamping scheme. The method comprises verifying that the new aggregate has been digitally signed by the trusted third party.

Abstract: A decoding apparatus includes a plurality-of-bits decoding part configured to receive an input vector obtained by adding a message encrypted by a trapdoor function and an error vector including an element(s) conforming with a discrete Gaussian distribution, and decode a plurality of bits from a lower bit of the message based on the input vector in correctness with a predetermined probability; and a confirmation calculation part configured to determine in parallel whether the decoded plurality of bits are correct or not, wherein the message is encrypted by taking an inner product with a vector including a power of two as an element(s).

Abstract: A homomorphic encryption scheme, such as Paillier encryption in combination with a bit packing process allows biometric matching at a terminal without exposing a biometric template stored at a user's device. Because such encryption schemes are data intensive, the bit packing process allows reductions in data being sent and processed so that the biometric matching process can be accomplished in near real time. The high speed of this optimized process allows the technique to be applied to many real world processes such as access control and transaction processing.

Abstract: The present disclosure is directed to systems and methods associated with a communication infrastructure. The communication infrastructure includes a vehicle integration platform that includes a plurality of application programming interfaces configured to facilitate message communication among clients. The communication infrastructure includes a registration authority system configured to receive certificate signing requests from the clients and to generate client-specific credentials for establishing a predetermined time period of ability for client authentication within the vehicle integration platform. The communication infrastructure includes a certificate authority system configured to normalize requests received from the clients via the registration authority system such that the client-specific credentials are established according to an approved hierarchy of licensing certificates.

Abstract: A method of establishing a communications path between devices comprising: receiving, at a first device, data, the data comprising: a first resource having a first identifier for a second device remote from the first device; a second resource having a second identifier for the second device; addressing the second device with the first identifier; generating, at the first device, first connection data based on the second identifier; transmitting, from the first device to the second device, the first connection data; receiving, at the first device, second connection data; validating, at the first device, the second connection data; establishing the communications path between the first device and second device responsive to valid second connection data.

Abstract: Method and apparatus for authentication of a user to a server that involves the user performing a requested act and that further involves relative movement between the user and a camera wherein fiducial marks are captured.

Abstract: A method for remotely verifying a non-resident alien's identity, includes: receiving a request to establish a communication session from a user device; analyzing the request to determine whether the user device is compromised; in response to determining that the user device is not compromised, providing a page flow to the user device to solicit information from the non-resident alien, the information including identity information associated with a local foreign government identification document (ID), and other information not shown on the local foreign government ID; querying one or more foreign governmental data stores to identify foreign data associated with the non-resident alien based on a unique identifier associated with the local foreign government ID; comparing the information with the foreign data; and verifying an identity of the non-resident alien based on the comparing, wherein the verifying includes determining that at least one of the other information matches the foreign data.

Abstract: An authentication method for authenticating a client with a service over a network of peers, comprises: storing encrypted enrolled authentication data for the client in a storage that is accessible by means of an access privilege; storing a decryption clue for the encrypted enrolled authentication data in a client data block chain; receiving, by the network, authentication information from the client; generating, by a server connected to the client, a decryption key according to a contract involving the decryption clue stored in the client data block chain; receiving, by the network, the encrypted enrolled authentication data from the storage; decrypting, by the network, the encrypted enrolled authentication data using the decryption key to obtain decrypted enrolled authentication data; comparing, by the network, the decrypted enrolled authentication data with the authentication information received from the client for obtaining a match score based on a consensus of the peers of the network; and storing the m

Abstract: The present invention relates to a financial payment method using biometric information, in which biometric information of an individual collected in a mobile device of an affiliated member is transmitted to a mobile device of the individual to allow the biometric information to be authenticated in the mobile device of the individual, and after the authentication of the biometric information, a substitute key that corresponds to a card password preset by the individual is inputted, and a financial payment is requested based on the payment content.

Abstract: Systems and methods for network security are provided. Various embodiments issue single use certificates for validating remote endpoints access to the private network. Some embodiments use a triage zone (or triage gateway) to which remote device can calls into using a static issued certificate. However, instead of granting complete access to the virtual private network, the use of this static certificate only grants access to the triage zone where further validation of the endpoint without any access to sensitive content on the private network. The endpoint can be connected to an ID manager within the triage zone. The endpoint can then send the username and password to the ID manager that can create a single use certificate (e.g., valid for a limited period of time). While valid, the single use certificate can be used by the remote device to gain access to the production zone using a VPN tunnel.

Abstract: A method, an apparatus and a device for sharing a password between a BIOS and an operating system are provided, which are applied to a Legacy boot mode. In the method, a user is prompted to input a password of the BIOS. The password inputted by the logon user is received and verified. The verified password is stored in a predetermined target memory and E820H information is created if the received password is verified as correct, where address data in the E820H information points to an address of the target memory. The address of the target memory is determined based on the created E820H information and memory contents are obtained if a password is set for the operating system. The logon user is permitted to log on the operating system if the acquired memory contents are verified as correct.

Abstract: A system and method for executing queries on an indexed view are presented. The method includes processing an input query directed to data maintained by the indexed view to generate a plurality of statements responsive to the input query, wherein the indexed view includes index information and a plurality data chunks; verifying a global index to locate segments of the indexed view; verifying a plurality of local indexes to locate data chunks containing values related to the plurality of statements, wherein the index information includes at least one local index per data chunk and at least one global index per the entire indexed view; processing the plurality of statements by accessing the data chunks containing values related to the plurality of statements; and responding to the input query based on the accessed data chunks.

Abstract: A method includes receiving, by a computing entity, a transaction for fraud evaluation. The method further includes generating, by the computing entity, evidence vectors regarding the transaction, wherein an evidence vector is a piece of information regarding a topic, or portion thereof, of a list of topics. The method further includes engaging, by the computing entity, tools to generate risk analysis responses based on the evidence vectors. The method further includes discarding, by the computing entity, indeterminate responses of the risk analysis responses to produce a group of risk analysis responses. The method further includes interpreting, by the computing entity, the group of risk analysis responses to produce a fraud evaluation answer of low risk of fraud, high risk of fraud, or further analysis is required.

Abstract: This disclosure relates to identity verification. In one aspect, a method includes obtaining verification information during a user application session of a user with an application component subsequent to a verification triggering request to perform identity verification on the user. A determination is made whether the verification information satisfies a first identity verification-free condition. When the verification information satisfies the first identity verification-free condition, an identity verification-free operation that does not include identity verification of the user is performed. When the verification information fails to satisfy the first identity verification-free condition, an identity verification process is performed to verify an identity of the user.

Abstract: A printing apparatus includes: a transporter; a print device; a communication interface performing a wireless communication with a plurality of external devices; a storage; and a controller performing: registering device information of specific external device in the storage; determining whether the device information of one external device newly connected to the printing apparatus is registered in the storage; when it is determined that the device information is not registered, making connection to the one external device a suspension state; prompting the external device registered in the storage to confirm whether to release the suspension state of the one external device; receiving a notification from the external device registered; and in a case the received notification indicates releasing permission of the suspension state, releasing the suspension state in the one external device.

Abstract: An intermediation method used in an intermediation system that includes an intermediation device determining a permission for application services requiring user authentication on a network, where in response to a user request, a first account used for a first service and a second account used for a second service, and a registration request for using the linking service linking the first application service and the second application service are associated with each other, when the two accounts are valid, as accounts usable in a linking service, an association between the first and second services is stored in the intermediation device, and when the user makes a request to use the linked services, that use is controlled by a query to the intermediation device regarding whether the account is associated as able to use the linking service.

Abstract: There are provided systems and methods for a sentence based automated Turing test for detecting scripted computing attacks. A computing may request access to a service or data from a service provider, where the service provider may be required to determine that the device is used by a user and not a bot executing a scripted or automated process/attack against the service provider. To authenticate that the device is used by a user, the service provider may determine and output a challenge that queries the user to fill in one or more missing words from a sentence. Acceptable answers may be based on past messages and internal data that is specific to the service provider, as well as an external corpus of documents. The service provider may also further authenticate the user based on the user's response and a likely user response for that user.

Abstract: A system is described that secures application data being maintained in transient data buffers that are located in a memory that is freely accessible to other components of the system, regardless as to whether those components have permission to access the application data. The system includes an application processor, a memory having a portion configured as a transient data buffer, a hardware unit, and a secure processor. The hardware unit accesses the transient data buffer during execution of an application at the application processor. The secure processor is configured to manage encryption of the transient data buffer as part of giving the hardware unit access to the transient data buffer.

Abstract: Aspects of the disclosure relate to preventing unauthorized access to secured information systems. A computing platform may receive, from an end user desktop computing device, a request to login to a user account associated with a user account portal. In response to receiving the request, the computing platform may generate an authentication token in an authentication database and may send a notification to at least one registered device linked to the user account. After sending the notification, the computing platform may receive, from the at least one registered device, an authentication response message. If the authentication response message indicates that valid authentication input was received, the computing platform may update the authentication token to indicate that the request to login to the user account has been approved. After updating the authentication token, the computing platform may provide, to the end user desktop computing device, access to a portal interface.

Abstract: A cash handling device having at least one processor, a communication interface, an item accepting device, an item dispensing device, an internal currency scanning system, an internal currency transport system, one or more currency storage cartridges, and a memory may receive, from a user, a request to perform a deposit transaction. Based on receiving the request to perform the deposit transaction, the cash handling device may receive at least one deposit item for deposit. Subsequently, the cash handling device may validate the at least one deposit item received for deposit. Based on validating the at least one deposit item received for deposit, the cash handling device may generate a deposit transaction record that includes information directing a banking server to apply a provisional credit to a treasury account associated with the user. Subsequently, the cash handling device may send the deposit transaction record to the banking server.

Abstract: A method for generating transaction credentials for a user in a transaction, comprising: storing in a mobile device, an encrypted session key, and an encrypted user authentication credential; receiving an authorisation request; initiating a user authorisation process wherein in the event that the user is an authenticated user, the method comprises: decrypting the encrypted session key and encrypted user authentication credential; generating a transaction cryptogram in dependence on the user authentication credential and the session key; transmitting the transaction cryptogram and a user authentication status to a transaction processing entity for use in a transaction.

Abstract: In one embodiment, a method of programming an implantable medical device (IMD) to provide therapeutic operations for a patient, comprises: conducting a first communication session between the IMD with an external programming device when network connectivity for a remote server for medical device management is not available for the external programming device; receiving programming data by the IMD from the external programming device to provide therapeutic operations according to at least one instance of settings data during the first communication session, wherein the at least one instance of settings data is validated by a temporary key; conducting a second communication session between the IMD with an external device when network connectivity to the remote server for medical device management is available for the external device; and replacing validation data signed using the temporary key with the received validation data.

Abstract: According to various aspects and embodiments, a system including a programmable device is provided. The programmable device includes a memory storing an identifier of an authentication session and at least one processor coupled to the memory. The at least one processor is configured to receive an authentication credential, decode the authentication credential to access a session identifier and information associated with a requestor of the authentication credential, determine whether the session identifier matches the identifier of the authentication session, and grant the requestor access to protected functionality of the programmable device if the session identifier matches the identifier of the authentication session.

Abstract: In one embodiment, a method is provided. The method includes determining that a network device should use an underlay multicast group associated with an overlay multicast group for multicast traffic. The underlay multicast group carries multicast traffic for the overlay multicast group. The overlay multicast group is associated with a virtual private network. The method also includes determining an underlay multicast group address for the underlay multicast group. The overlay multicast group is associated with an overlay multicast group address. A first portion of the underlay multicast group address is a function of the overlay multicast group address. The method further includes forwarding one or more multicast packets to one or more multicast receivers via the underlay multicast group using the underlay multicast group address.

Abstract: Creating and managing linked decentralized identifiers for an entity. A parent decentralized identifier of an entity has an associated parent private key. A determination is made that a child decentralized identifier is to be created for the parent decentralized identifier. In response to the determination, the parent private key is used to generate a child private key, and a child decentralized identifier is created by at least assigning the generated child private key as the private key for the child decentralized identifier. Each of the decentralized identifiers may be associated with a permission to another entity. The permission associated with the child decentralized identifier may not be broader than the permission granted to the parent decentralized identifier.

Abstract: A method for operating an attribute assertion device having a processor and memory to create an unlinkable digital signature-equivalent of an assertion message that is verifiable—by a service provider receiving the unlinkable digital signature-equivalent—as being generated from a digital signature of a known attribute provider having a public key PKAP. Operating the processor of the attribute assertion device to transform a digital signature of the attribute message into an unlinkable digital signature-equivalent using a one-way transformation of the signature, with the transformation process using a random value generated by the attribute assertion device and a challenge provided by the service provider.

Abstract: The present invention is a system and method for the repeated, dynamic, and automated transformation and manipulation of strings of printable or typeable characters that are commonly used for passwords, PINs, keys, tokens, keys, encryption, and filenames forming a class of printable strings. The system and method described makes use of secured password “Hopping” to maximize data security and user's ease of implementation. “Hopping” refers to a method of automated random-password construction and serial substitution. The process of Hopping as described herein is based upon a set of user-selected transformation rules that employ, among other variables, easily accessible, time-variable, data as sources of randomized inputs. Use of randomized inputs and automated serial substitution at time intervals heightens the security of resulting generated passwords.

Abstract: The disclosed computer-implemented method for protecting geolocation information may include (i) receiving, by a computing device, a geolocation security policy that defines an area in which access to geolocation information by applications will be at least partially limited to protect the privacy of a user, (ii) detecting, by the computing device, a geolocation of the computing device, (iii) applying, by the computing device, the geolocation security policy to the detected geolocation to determine whether the detected geolocation matches the area in which access to geolocation information by the applications will be at least partially limited, and (iv) performing, by the computing device, a security action to protect the privacy of the user based on determining that the detected geolocation matches the area. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method, mobile device, and PKI are provided for enrolling a mobile device into a PKI domain for certificate management is provided. A first asymmetric key pair and a unique identifier is established in a device. The first asymmetric key pair includes a public key and a private key. The public key and the unique identifier are transferred to the PKI domain. The public key and the unique identifier are imported into the PKI domain. The device generates a second asymmetric kay pair and sends a certificate signing request (CSR) that is protected with the digital signature of the first asymmetric key pair. The CSR is transferred to the PKI domain. The PKI domain authenticates the CSR using the first public key and the unique identifier. Upon validation, the PKI domain issues a certificate to the device.

Abstract: This invention relates to a process for detecting and mitigating risk generated when a customer's log-in credentials are compromised. A significant majority of stolen credentials and customer's personally identifiable information data eventually make their way to the dark web. By dynamically monitoring the dark web and combining the analysis with related information about the user and their credentials on the deep web and the surface web, through a machine learning model, a service provider pre-emptively or otherwise can act to mitigate the risk arising from such compromise of said customer log-in credentials.

Abstract: An apparatus, method and computer program product provide a simplified method for unlocking an electronic device that uses soft keys, such as capacitive touch keys, or proximity detection areas and patterns. The keys may be implemented in the form of areas of a sensor, and a processing circuit observes a touch pattern (or proximity pattern, or characteristic pattern such as a capacitance pattern of a user's finger) and compares the same with the registered pattern to determine if there is a likeness. In doing so, the electronic device is operated at a low power state, and in that low power state observes whether a predetermined pattern is observed and when it is, unlocks the electronic device for interaction with a user at a fully operational state. By operating in the low power state while waiting to observe a predetermined pattern before unlocking the user interface, the device does not waste power on false positive detections, and allows for convenient wakeup and accessibility by a user.

Abstract: There are provided systems and methods for authentication through multiple pathways depending on device capabilities and user requests. A user may wish to utilize some device process, such as unlocking and accessing the device to utilize the device's operating system or access and use of a device application or other module (e.g., a camera). The device may be protected by an authentication profile that includes one or more authentication pathways in order to authenticate the user to use those processes. The device may collect user data using device components, such as biometrics, user movements, environmental factors, or other information. The device may attempt to authenticate the user through one of the authentication pathways. If the collected user data is insufficient for one pathway, another pathway may be used. If the user is authenticated under any pathway, the device may provide access to the correspond process.

Abstract: A system and method are disclosed that leverage multi-factor authentication features of a service provider and intelligent call routing to increase security and efficiency at a customer call center. Pre-authentication of customer support requests reduces the potential for misappropriation of sensitive customer data during call handling. A contactless card uniquely associated with a client may provide a second factor of authentication via a backchannel to reduce the potential for malicious third-party impersonation of the client prior to transfer of the call to the customer call center. Pre-authorized customer support calls may be intelligently and efficiently routed directly to call center agents, without incurring further delay. During call handling, call center agents may initiate further client authentication processes, including contactless card authentication requests, over one or more different communication channels for authorizing access to sensitive information or to allay suspicion.

Abstract: A network interface device capable of communication with a data processing system supporting an operating system and at least one application, the network interface device supporting communication with the operating system by means of: two or more data channels, each data channel being individually addressable by the network interface device and being capable of carrying application-level data between the network interface device and the data processing device; and a control channel individually addressable by the network interface device and capable of carrying control data between the network interface device, the control data defining commands and the network interface being responsive to at least one command sent over the control channel to establish at least one additional data channel.

Abstract: Systems, methods, and devices are disclosed for authenticating a product. An internal component of a product is identified by identifying an intrinsic attribute of the internal component, where the intrinsic attribute is received at a time subsequent to independently storing the intrinsic attribute in a database. A match is determined between the intrinsic attribute and the stored intrinsic attribute. The product is confirmed to be authentic when the match is verified.

Abstract: In an image processing apparatus, a controller determines using setting specification information whether all of a plurality of users is permitted to use all of a plurality of setting values for a setting category in response to receiving a registration instruction. The setting specification information specifies for each user at least one setting value that is permitted to use for an image process by the user. In response to determining that any of the plurality of users is not permitted to use all of the setting values for the setting category, the controller transmits to the server a registration request not including the plurality of setting values for the setting category. The controller controls, in response to receiving a function execution instruction from the server, an image processing unit to execute the image process in accordance with a setting including a setting value for the setting category.

Abstract: An application programming interface (API) that enables installation of an application as one or more key-value objects on a data storage drive such as a hard disk drive, a solid state drive or a hybrid drive. The API also enables execution of the application within a controlled environment of the data storage drive.

Abstract: Various methods are provided for facilitating a reduction in the number of required search operations during account creation. One example method may comprise causing creation of a user account object configured for storage in a database, the user account object comprising user personal information, causing creation of a user linked account object configured for storage in the database, the user linked account object comprising user credential information, the user linked account object linked the user account object, generating, via processor, an identification field of the user linked account object, generation of the identification field comprising: receiving at least identification information and an account type; accessing a realm; and utilizing a hash function to generate a composite key as a function of the identification information, the account type, and the realm.

Abstract: An approach is disclosed that presents, to a user of a device, content items accessible from the device with the content items being identified as familiar to an actual user of the device. In addition, one or more comparable items are also presented with the comparable items being identified as unfamiliar to the actual user of the device. A response is received from the user at the device that differentiates the content items the comparable items with the user being authenticated, or not, based on the response.

Abstract: A system for fast secured searching may include a user interface, a web layer configured for executing application logic and configured for interacting with a user via the user interface and configured to perform user authentication, and a database layer in communication with and accessible by the web layer and comprising a database configured for storing data, and a search engine configured for searching the database, wherein, communication to and from the database layer from and to the web layer is controlled by secure socket layer certificate authorization. The database layer may also include an inverted index in communication with the database and the search engine and configured for maintaining updated snapshots relating to the data in the database and an encryption/decryption layer for selective encryption of the data and configurable for field level, document level, and/or chunk level encryption.

Abstract: A computer-implemented method of processing a video stream comprises: feeding the at least one video stream to at least two video processing detectors, each comprising a respective deep convolutional neural network trained to detect one or more of the object or a property of the object; for each of said at least two video processing detectors, receiving a respective stream of object lightweight data records from the respective video processing detector, the stream of object lightweight data records generated based on the respective detection, and representing a property of the object; and feeding at least one stream of object lightweight data records to at least one context detector configured to perform a secondary detection based on object lightweight data of the stream of object lightweight data records, wherein the detections of the at least two video processing detectors are scheduled by a task-graph scheduler.

Abstract: One embodiment provides a method, including: receiving, at a remote device and from a user, a request to generate a one-time password for accessing a default account of a device, wherein the remote device comprises a device public key corresponding to the device and an account public/private key pair corresponding to the default account; generating, at the remote device, the one-time password utilizing the account private key and the device public key; and providing, from the remote device, the one-time password to the user. Other aspects are described and claimed.

Abstract: An information output device includes first and second acquirers and a setter. The first acquirer acquires attribute information concerning an attribute of a user having accessed an area where access control is performed. The second acquirer acquires a setting condition for setting an authenticated output function. The authenticated output function is a function for demanding authentication for outputting information. The setter enables or disables the authenticated output function, based on the attribute information acquired by the first acquirer and the setting condition acquired by the second acquirer.

Abstract: One embodiment is a method including extending a policy server to provide per subscriber policies to a cable modem (CM) and a cable modem termination system (CMTS), receiving, at the policy server, a request for a policy profile from a cable modem termination system (CMTS), accessing a subscriber database to determine the policy profile, and communicating the policy profile to the CMTS. In an example, the policy server is a packet cable multimedia policy server of a cable network.

Abstract: Systems and methods for multifactor authentication are disclosed. One illustrative system described herein includes: a network interface; and a processor coupled to the network interface and configured to: begin a transaction to allow a user to access a secure resource; receive, via the network interface, user data from a mobile device, the user data comprising behavior data associated with the user; compare one or more parameters of the behavior data to expected parameters; and if the parameters are within a required range, allow access to the secure resource; or if the parameters are outside of the required range, restrict access to the secure resource.

Abstract: An architecture for a multimedia search system is described. To perform similarity matching of multimedia query frames against reference content, reference database comprising of a cluster index using cluster keys to perform similarity matching and a multimedia index to perform sequence matching is built. Methods to update and maintain the reference database that enables addition and removal of the multimedia contents, including portions of multimedia content, from the reference database in a running system are described. Hierarchical multi-level partitioning methods to organize the reference database are presented. Smart partitioning of the reference multimedia content according to the nature of the multimedia content, and according to the popularity among the social media, that supports scalable fast multimedia identification is also presented.