Abstract: Aspects of the disclosure relate to preventing unauthorized access to secured information systems. A computing platform may receive, from an end user desktop computing device, a request to login to a user account associated with a user account portal. In response to receiving the request, the computing platform may generate an authentication token in an authentication database and may send a notification to at least one registered device linked to the user account. After sending the notification, the computing platform may receive, from the at least one registered device, an authentication response message. If the authentication response message indicates that valid authentication input was received, the computing platform may update the authentication token to indicate that the request to login to the user account has been approved. After updating the authentication token, the computing platform may provide, to the end user desktop computing device, access to a portal interface.

Abstract: An embodiment of the system for publishing events of a telephony application to a client includes a call router that generates events from the telephony application and an event router that manages the publication of events generated by the call router and that manages the subscription to events by clients. The system can be used with a telephony application that interfaces with a telephony device and an application server.

Abstract: Methods and systems for encrypting sensitive information are disclosed comprising hashing sensitive information by a hash function and selecting a salt or key salt based, at least in part, on the hashed sensitive information. If a salt is selected, the selected salt is combined with the hashed sensitive information to yield combined sensitive information, which is encrypted and stored. If a key is selected, such as an AES key, for example, the sensitive information is encrypted by the selected encryption key, and stored. The keys and salts may be encrypted by a cryptographic processing system that generates and stores keys, such as a key management system and/or a hardware security module, for further protection. The salts may be concatenated into a binary large object prior to encryption. Methods and systems for updating of stored records comprising encrypted sensitive information are also described.

Abstract: The present invention relates to a method and system for tracking the movement of data elements as they are shared and moved between authorized and unauthorized devices and among authorized and unauthorized users.

Abstract: An electronic disclosed herein may include a band formed from metal that combines with a bottom wall formed from a non-metal to form an enclosure that carries internal components. The electronic device may include a transparent cover and a display assembly partially covered by a border having a uniform dimension. The electronic device may include a vision system designed for facial recognition of a user of the electronic device. A bracket assembly may hold the vision system. The bracket assembly may not be affixed to the enclosure and may move relative to the enclosure. The electronic device may include a battery assembly having multiple battery components coupled together. The electronic device may further include a receiver coil for wireless charging of the battery assembly. The electronic device may include a circuit board assembly having stacked circuit boards. The electronic device may further include a dual camera assembly.

Abstract: An update change request that is made against attributes of a directory object causes automatically collection of customized information for an initiator of the request. A correlation identifier for the change request is generated. The changes to the attributes are processed to update the directory object and the customized information is updated to an extension attribute for the directory object. A unique audit event is raised for each changed attribute including the extension attribute and each audit event includes the correlation identifier.

Abstract: Proxied multi-factor authentication using credential and authentication management in scalable data networks is described, including initiating a request by an extension to authenticate a browser to access a data network, the request being associated with an address and transmitted over HTTP, receiving at a proxy browser a first message from the data network in response to the request, the first message comprising authentication data, the authentication data being forwarded to a server in data communication with the proxy browser and the browser, sending a second message from the server to the extension, the second message comprising the authentication data, and transferring authentication data to the data network from the browser and the extension in response to an query from the data network.

Abstract: In some examples, a first user equipment (UE) sends an indication to an application server that the first UE is to use a relay UE to access a network. The first UE receives, from the application server, a first identity different from a second identity of the first UE. The first UE uses the first identity to register with the network to authenticate the first UE.

Abstract: This disclosure relates to identity verification. In one aspect, a method includes obtaining verification information during a user application session of a user with an application component subsequent to a verification triggering request to perform identity verification on the user. A determination is made whether the verification information satisfies a first identity verification-free condition. When the verification information satisfies the first identity verification-free condition, an identity verification-free operation that does not include identity verification of the user is performed. When the verification information fails to satisfy the first identity verification-free condition, an identity verification process is performed to verify an identity of the user.

Abstract: Techniques for processing voice commands from a locked device are described. A voice command received by a locked device is stored, a prompt requesting that the device be unlocked is generated, and the voice command is processed automatically after the device is unlocked. Thus, the system processes the voice command without the user repeating the voice command. In addition, the system may process certain voice commands even when the device is locked. For example, a whitelist filter compares an intent associated with the voice command to whitelisted intents from a whitelist database before the intent is dispatched to a speechlet, and intents included in the whitelist database are processed normally. Thus, the system performs certain voice commands while the device is locked, while other voice commands may be automatically processed after the device is unlocked without the user repeating the voice command.

Abstract: Methods, apparatus, systems and articles of manufacture are described to manage password security. An example apparatus includes a hardware processor to implement a transmission delay manager to invoke a provisional transmission block of a candidate password in response to detecting entry of the candidate password and a vault hash manager to determine hash values of a set of passwords of a list of passwords. The hardware processor further implements a parity verifier to compare the determined hash values to a hash value of the candidate password to determine a count of a number of instances the hash value of the candidate password matches one of the hash values and an alarm action engine to identify a service category type associated with the candidate password, the service category type associated with a threshold and release the provisional transmission block of the candidate password when the count satisfies the threshold.

Abstract: A system to provide an integrated advertising platform includes a sensor unit, communication module, telecom server unit, consent database, database unit, application server unit, and retailer computing unit. The sensor unit is installed within a premise to detect the presence of a consented user equipment (UE) in proximity and retrieves an identification number associated with the consented UE. The communication module transmits the retrieved identification number and sensor identification number to the telecom server unit that matches the identification number with an MSISDN. The consent database stores the consent status of the MSISDN. The database unit receives a sensor identification number, system identification number, and MSISDN from the consent database. The application server unit customizes the offer corresponding to the user through a machine learning module and transmits the customized offer to the consented user equipment UE.

Abstract: A file receiver receives an electronic structure file that includes structure-file data associated with a spatial arrangement and detects a content object for processing that includes content-object data. A file transformation engine transforms the structure-file data from the structure file into an electronic record. A rendering engine renders an image of the transformed structure-file data arranged in the spatial arrangement. An interface engine detects an input corresponding to specification of a position of a data segment. A parsing engine defines a segment-position specification indicative of the position. A template engine generates an electronic template that associates an identifier of the data segment with the segment-position specification and associates the electronic template with a template identifier. A record classifier determines that the content object corresponds to the template identifier.

Abstract: The invention provides a handset that includes a finger-image sensor that provides finger-image-related signals or data for authentication purposes and functions as a telephone handset for use with a computer terminal. A system, including handsets and computer terminals, enables the terminal and/or the handset to access or otherwise participate in at least one network-related function and voice communication in response to authentication of finger-image data provided by the handset.

Abstract: A touch-panel control apparatus and an operation method thereof are provided. The touch-panel control apparatus includes a fingerprint sensing circuit, a touch detection circuit, and an application processor. The fingerprint sensing circuit is coupled to a touch panel to sense a fingerprint of an object. The touch detection circuit is coupled to the touch panel to detect a touch behavior of the object on the touch panel. The application processor is coupled to the fingerprint sensing circuit and the touch detection circuit. The application processor is configured to enter an encryption mode to sense the fingerprint via the fingerprint sensing circuit. The application processor detects the touch behavior via the touch detection circuit in the encryption mode. When the touch behavior changes in the encryption mode, the application processor ends the encryption mode early.

Abstract: Systems and methods are described to validate user connections to one or more application servers within a multi-tenant application system. A domain-level cookie at the client identifies any active connections for that client. As the client requests a connection to a particular application, the cookie is provided to a validation server that determines if any previously-established sessions with the multi-tenant system exist, and/or if such sessions remain active. If an active session already exists, then the client can be redirected to a particular server to continue the previously-established session. If no valid prior sessions are available, then the client can be validated and a new connection to an appropriate server can be established, as appropriate.

Abstract: A user device implements a certificate authority for issuing digital certificates that extend to other computing devices a level of trust to a particular user paired with the user device. The user device may obtain user persona information, generate a user key, and combine the user key with a device key for the generation of a digital certificate. The computing device may further transmit the digital certificate to a certificate management system, which manages interactions between other computing devices and the user device or authorizes operation of other computing devices by the particular user based on the digital certificate.

Abstract: Techniques are provided to generate a secure communication for use in a transaction. In some embodiments, a user device is provided a first set of encryption keys associated with one or more authorizing entities. The user device may, prior to or during a transaction, receive one or more second encryption keys related to a second party to the transaction. In some embodiments, the one or more second encryption keys may be provided to the user device via a local communication means. Once the user device has been provided with transaction details, it may generate a transaction request using the multiple encryption keys that it has been provided, such that portions of the message are encrypted using different encryption keys.

Abstract: The present disclosure is directed to supervising displayed content. In particular, the methods and systems of the present disclosure may: generate data representing a plurality of images of interfaces displayed by a computing device configured to supervise content displayed to a user; determine, based at least in part on one or more machine learning (ML) models and the data representing the plurality of images, whether the interfaces displayed by the computing device include content of a type designated by a content supervisor of the user for identification; and generate data representing a graphical user interface (GUI) for presentation to the content supervisor, the GUI indicating whether the interfaces displayed by the computing device include content of the type designated for identification.

Abstract: The present disclosure relates to a sensor network, machine type communication (MTC), machine-to-machine (M2M) communication, and technology for Internet of things (IoT). The present disclosure may be applied to intelligent services based on the above technologies, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. A method and an authenticating system for authenticating users in an IoT environment are provided.

Abstract: Methods for system component pairing and authentication are described. A first system component may pair with a second system component in response to receiving a unique identifier from the second system component. The first system component may store the received unique identifier and, thereafter, may authenticate that it is, in fact, communicating with the second system component. The first component may communicate a challenge message directed to the second system component and if the contents of the reply message and the time taken to receive the reply message do not correspond to expected values, the first component may determine that it may not be communicating with the intended second component and may cease communications with the second component.

Abstract: A public operator processes data streams from multiple operators in different streaming applications to reduce resource costs and increase efficiency in a streaming system. The public operator uses tuple level security with a unique key for each streaming application to securely process the data streams. A stream security module (SSM) manages encryption to and from the public operators to insure other streaming applications with access to the shared public operator don't have access to data of other applications that may belong to other customers or users. The stream security module may be incorporated into the streams manager of a streaming system.

Abstract: A system performs mobile biometric identification system enrollment using a known biometric. The system receives a digital representation of a first biometric for a person. Prior to using the digital representation of the first biometric to identify the person, the system compares a received digital representation of a second biometric for the person to known biometric data for the person. When the digital representation of the first biometric has been thus verified, the system is operative to identify the person using the digital representation of the first biometric.

Abstract: Aspects of a privileged identity management system and method provide users with the ability to request elevated privileges to perform tasks on computing systems and software applications. The privileged identity management system and method also provides users with the ability to extend the elevated privileges to access privileged features or perform tasks using elevated privileges. The privileged identity management system and method utilize a different device that is readily available to the user in order to provide communications relating to the elevated privileges.

Abstract: According to an embodiment, an information processing apparatus includes processing circuitry. The processing circuitry is configured to detect writing on a first file and register, in a restriction target storage, file information on the first file and perform, when processing on a second file is requested and file information on the second file coincides with the file information stored in the restriction target storage, first restriction to restrict the processing on the second file.

Abstract: A computerized system provides a set of terminal devices accessible to physicians allowing for the electronic exchange of information through a display and data input device and the server system communicating between the anonymous medical record database and the terminal devices to: (1) allow a searching by a given physician of the anonymous medical record database according to search criteria entered by the given physician to provide a search result of patients; and (2) allow communication by the given physician with at least one patient's physician for a patient in the search result using the anonymous identifier to the patient's physician.

Abstract: Various embodiments are directed to a password security warning system. An artificial neural network or other types of models may be used to determine whether a password that is created, input, or proposed by a user via an interface includes one or more predictable or typical transformations or combinations of characters derived from user-specific information. Based on the determination, a warning may be provided to the user.

Abstract: A method, implemented by a computer-implemented authentication system, for authenticating a user attempting to access a target component of a computer system, the method comprising: a) receiving, from a first user system via a computer network, user authentication information and a network address identifying the first user system within the computer network; b) obtaining at least one data item of contextual information indicative of a property of an environment of a wireless communications device associated with the user authentication information; c) authenticating the user based on at least the user authentication information; and d) subject to successful authentication, granting access to the target component and storing a data record comprising the received network address and the received contextual information.

Abstract: Techniques for multifactor authentication as a network service are disclosed. In some embodiments, a system, process, and/or computer program product for multifactor authentication as a network service includes monitoring a session at a firewall, applying an authentication profile based on the new session, and performing an action based on the authentication profile.

Abstract: Techniques for enhancing the security of storing sensitive information or a token on a communication device may include sending a request for the sensitive information or token. The communication device may receive a session key encrypted with a hash value derived from user authentication data that authenticates the user of the communication device, and the sensitive information or token encrypted with the session key. The session key encrypted with the hash value, and the sensitive information or token encrypted with the session key can be stored in a memory of the communication device.

Abstract: Techniques for performing hash validation are provided. In one technique, a signature request that includes a first hash and a data identifier is received from a client. In response, the data identifier is identified and sent to a data repository, data that is associated with the data identifier is received from the data repository, a second hash is generated based on the data, and a determination is made whether the second hash matches the first hash. If the two hashes match, then the first hash is sent to a cryptographic device that generates a digital signature, which is eventually transmitted to the client. Alternatively, the digital signature is transmitted to the client prior to the first hash being validated. In a related technique, a server receives the signature request and sends the data identifier to a hash validator, which interacts with the data repository and generates the second hash.

Abstract: Described herein are systems and methods that allow for secure wireless communication between a contact lens system and an accessory device to protect sensitive data and prevent unauthorized access to confidential information. In certain embodiments, tampering attempts by potential attackers are thwarted by using a Physically Unclonable Functions (PUF) circuit that is immune to reverse engineering. In addition, sensors monitor a to-be-protected electronic device to detect tampering attempts and physical attacks to ensure the physical integrity of the communication system.

Abstract: An image recognition based interactive control system and method for a smart television. The system comprises: an image acquisition module for acquiring a card image; a gesture recognition module for recognizing a gesture of a user holding a card and outputting a gesture recognition result, wherein the gesture recognition result is channel switching, program selecting or content searching; a card recognition module for recognizing the content of the card image and outputting a card recognition result; and an interactive control module for performing a relevant interactive operation according to the gesture recognition result and the card recognition result.

Abstract: A method of managing servers of a distributed computer system by using an intent-based CLI (command line interface) executing by one or more processors of a remote computing device, the servers hosting a virtual cluster comprising one or more virtual machines. The method includes receiving, by a first server of the servers, a connection-request from the intent-based CLI to establish an encrypted connection between the first server and the remote computing device. The method includes authenticating the connection-request and establishing, in response to authenticating the connection-request, a first encrypted communication channel between the first server and the remote computing device. The method includes receiving, via the first encrypted communication channel, an operation-request for a list of intent-based operations supported by the first server.

Abstract: Embodiments of the present invention disclose a privacy protection method, a mode switching apparatus, and a terminal device. The method includes: receiving an input operation of a user; identifying the input operation and extracting an action feature; performing matching in an instruction library according to the action feature, and when the matching succeeds, generating instruction information corresponding to the action feature; determining a protection mode of the terminal device according to the instruction information, and determining an application that subscribes to the protection mode in the terminal device; and controlling display of the application according to the protection mode of the terminal device.

Abstract: A method and system automatically and dynamically creates routes between message dropboxes in separate data center infrastructures. The method and system determines that a first message dropbox in a first data center infrastructure is routable to a second message dropbox in a second data center infrastructure based on the names or policies of the first and second message dropboxes. After routability is determined, the method and system automatically creates and implements a route between the first and second message dropboxes in real time.

Abstract: Abstraction programming models of enclave security platforms are described, including receiving a request from an enclave according to an enclave abstraction protocol, converting the request into a native enclave protocol, and sending the converted request to a native platform. The request may be, for example: to create an attestation report, to seal data to the enclave, a request to call a function in a client of the enclave, read a monotonic counter, to take a trusted time measurement, or to allocate memory that is shared with both the enclave and the enclave client.

Abstract: A method for activating an electronic subassembly includes receiving at least one activation signal using a reception module of the electronic subassembly. The electronic subassembly is transferred from an idle state to an active state using the at least one activation signal. The electronic subassembly is intermittently supplied with electric power via the at least one activation signal.

Abstract: A device transmits or receives a packet in a memory network including one or more processors and/or one or more memory devices. The device includes a key storage unit configured to store a one-time password (OTP) key that is shared with a target node, an encryption unit configured to encrypt a transmission packet with the OTP key stored in the key storage unit and to transmit the encrypted transmission packet to the target node, and a decryption unit configured to decrypt a receiving packet from the target node with the OTP key stored in the key storage unit. The device is a processor or a memory device in the memory network.

Abstract: A system and method is provided for a cryptographic primitive and authentication protocol comprised of micro-cavity resonators at optical wavelengths. A micro-cavity resonator is illuminated with an optical challenge signal and the cavity returns an output response that is dependent on the input signal. Digital signal processing is performed on the output signal to generate a corresponding digital representation. This process is repeated for variations of the input signal with its digital output being stored in a database. A user or object claiming an identity presents a token to the system. The system selects a subset of the available challenge-response pairs and presents the challenges to the token. The system compares the digitized responses with the original responses expected for that token. The system will approve or deny the claimed identity corresponding to the presented token.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for a virtual intercom. In some implementations, a request from a visitor device to communicate with an occupant of a particular unit of the facility is received. A location of the visitor device is received. Based on the received location, it is determined that the visitor device is within a predetermined bounded area. An occupant profile is identified based on the received request. Information associated with the occupant profile is obtained. Based on the obtained information, it is determined the occupant has registered a profile. Based on the obtained information, a communication path to an occupant device is identified. The request from the visitor device is sent, using the communication path, to an occupant device belonging to the occupant. A response from the occupant device is received. Based on the response, an action is performed.

Abstract: Embodiments of the present disclosure include systems and methods for securely entering, receiving, and storing sensitive data. A server system may determine if a request received from a user computing device communicatively coupled to the server triggers a requirement to receive sensitive data from the user computing device, generate a data structure for the sensitive data, designate a plurality of contact methods, determine a communication protocol for each of the designated plurality of contact methods, transmit a request for data unit information to the corresponding designated contact methods via the determined communication protocol for each data unit of the data structure, receive from each of the designated contact methods, the data unit information corresponding to the respective single data unit, and generate sensitive data by aggregating the received data unit information received from each of the designated contact methods.

Abstract: Embodiments of the invention provide methods and systems for password management using public-private key cryptography. A user device generates a public-private key pair including a public key and a private key and registers the public key with a remote password management server. Account names and passwords can be stored at the password management server in association with the public key. To retrieve the passwords, the user device sends a request to the password management server including the public key. The password management server determines the password from the stored passwords and encrypts it using the public key. The encrypted password is sent to the user device, which can decrypt the encrypted password using the private key corresponding to the public key. The user device can then use the account name and password can to obtain account information from an account provider.

Abstract: A communication device may receive a target IP address from a target device; after the target IP address which is a global IP address has been received from the target device, send a request signal including the target IP address to a server, the request signal being for causing the server to send a specific signal, the specific signal including the target IP address as a destination IP address; determine whether first information is received from the server, wherein the first information is received from the server in a case where the server receives a response signal including the target IP address as a source IP address in response to the server having sent the specific signal; and in a case where it is determined that the first information is received, execute a security process.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for controlling access to physical areas. One of the methods includes receiving first data, determining, using the first data, whether each of the passengers for a vehicle is authorized to cross a border, storing second data in a data set of pre-registered border crossers, receiving third data identifying the vehicle and indicating entry of the vehicle into a border crossing station, comparing the third data with data from the data set of pre-registered border crossers, determining that the third data and the second data both identify the vehicle, collecting, for each current passenger in the vehicle, fourth data representing the current passenger, determining whether the current passengers in the vehicle and the passengers identified in the second data are the same people, and providing instructions to guide the vehicle to a lane at the border crossing station.

Abstract: For responding to a notification displayed in an Always on Display (“AoD”) mode with a voice command, a method displays notifications in at least one of a full power mode or an AoD mode, parses a notification to determine a notification type. The method also determines, while in the AoD mode, if the notification supports voice responses. If the notification supports voice response, the method receives a voice command from a user and authorizes the user based on the voice command, bypasses a screen lock, in response to the user being authorized, and executes the voice command.

Abstract: The present disclosure provides a system for managing computer resources for detection of malicious files based on machine learning model. In one aspect, the system may comprise: a hardware processor configured to: form at least one behavior pattern on the basis of commands and parameters, calculate the convolution of the formed behavior pattern, calculate the degree of harmfulness the convolution and a model for detection of malicious files, manage the computing resources used to ensure the security of that computing device, based on the degree of harmfulness, wherein the degree of harmfulness is within a predetermined range of values and if the obtained degree of harmfulness of applications exceeds the predetermined threshold value, send a request to allocate additional resources of the computing device, otherwise send a request to free up previously allocated resources of the computing device.

Abstract: An apparatus for providing controlled access to a plurality of devices in a computer network (104), wherein the plurality of devices are accessible by users external to the computer network (102) by logging in to a privileged account, to which access is controlled by an authentication server (106); the apparatus comprises a receiver configured to receive user password data from a user requesting access to the privileged account via a device, a password determiner configured to determine account password data based on user password data, and to control a transmitter to transmit to the device account password data for allowing the user to access the privileged account, the receiver also configured to receive a request from the device to update account password data, and a password manager configured to update account password data and store updated account password data associated with the privileged account.

Abstract: In certain embodiments, a web services system receives a request to provision a device, such as a telephone, as an authentication device. The web services system initiates display of an image communicating a key to allow the telephone to capture the image and to send key information associated with the key. The web services system receives the key and determines that the key information is valid. In response to the determination, the web services system sends a seed to the telephone to provision the telephone to be an authentication device. The telephone can use the seed to generate one-time passcodes to access a service of the web services system.

Abstract: Systems and methods are described that include generating a virtual reality experience in a virtual reality environment, detecting, a first gesture from a first user accessing the virtual reality environment, the first gesture being configured as a command to initiate a privacy mode with a second user accessing the virtual reality environment, and generating a prompt for display to the second user, the prompt corresponding to the command. In response to detecting a second gesture from the second user, the second gesture determined to substantially match the first gesture, initiating the privacy mode between the first user and the second user in the virtual reality environment, and sharing communications occurring in the virtual environment from the first user to the second user and from the second user to the first user while modifying, for users other than the first user and the second user, the communications occurring between the first user and the second user.