Abstract: A method and system for victim notification functions by receiving a report from an accuser regarding conduct of an accused that is believed to constitute harassment, bullying and/or discrimination, the reporting being composed of structured data. The severity of conduct in the report is scored and ranked and the pervasiveness of conduct in the report is scored and ranked by comparing the reported conduct against prior reports regarding the accused. Other reports by the accuser are also analyzed.

Abstract: In one embodiment, a network interface operable to receive a communication request over a communication link of a radio access network. A processor determines one or more characteristics based on the communication request and communicates a message to a networked device to determine a status of the network device identified based on at least one of the characteristics. The processor then terminates the communication request based in part on the status of the networked device.

Abstract: Embodiments disclosed herein generally related to a system and method of authenticating a user with a third party server. In one embodiment, a method is disclosed herein. A computing system receives, from a remote client device of the user, a token. The token includes personal identification information and a digitized file of a biometric captured by a biometric scanner. The computing system identifies via the personal identification information that the user has a user account. The computing system queries a database with the personal identification information and the digitized file to determine whether the biometric matches a stored biometric in the user account. Upon determining that the biometric matches the stored biometric, the computing system generates a message to be transmitted to the third party server that authenticates the user. The computing system transmits the message to the third party server.

Abstract: An endpoint executes a deflection service that detects failed connection attempts (TCP RST packets) and evaluates whether they are likely the result of a reconnaissance attack. If an inbound connection fails, a connection request packet (TCP SYN) is sent to a decoy server that includes data from the TCP RST packet. The decoy server then completes a connection handshake with a destination of the TCP RST packet and engages a process at the destination. If an outbound connection fails, the deflection service facilitates a connection between a process executing on the endpoint and the decoy server and associated with a destination port referenced by the TCP RST packet.

Abstract: The present invention discloses methods and systems for configuring a second system. The system of the present invention determines at least one configuration and the identity information of the second system. The at least one configuration is then sent to the second system. The second system is configured with the at least one configuration. The at least one configuration can be sent through an SMS message, a USB modem plugged in the second system, or NFC. Additionally, the at least one configuration may comprise an APN. The at least one configuration may also be used to configure the second system to establish one or more VPN connections.

Abstract: A system and method for selecting tailored information to present to a subscriber, including receiving subscriber data, determining an analysis set based on the subscriber data, extracting abstract parameters from the subscriber data, selecting an analysis from the analysis set based on a general model and the abstract parameters, and presenting the selected analysis to the subscriber.

Abstract: According to an embodiment, an image processing apparatus includes a display unit, an operation unit, a processing unit, a storage unit, and a control unit. The display unit is configured to display an operation screen on which a processing mode and setting information may be selected. The operation unit is configured to receive an operation instruction from the operation screen displayed on the display unit and to transmit a processing job based on the operation instruction. The processing unit is configured to execute a process based on the processing job received from the operation unit. The storage unit is configured to store use history information indicating the processing jobs. The control unit is configured to customize the operation screen according to the use history information stored by the storage unit and cause the display unit to display the customized operation screen.

Abstract: An embodiment of the system for publishing events of a telephony application to a client includes a call router that generates events from the telephony application and an event router that manages the publication of events generated by the call router and that manages the subscription to events by clients. The system can be used with a telephony application that interfaces with a telephony device and an application server.

Abstract: A first user device may receive, from a second user device, a request to communicatively couple to the first user device, and may establish a communication session with the second user device after receiving the request. The first user device may identify, after establishing the communication session, an inappropriate activity of the second user device relating to the communication session, and perform a set of actions based on identifying the inappropriate activity. The set of actions may include causing the communication session to be restricted, and providing, to a trust platform, a score for the second user device. The score may permit the trust platform to derive a composite score, indicative of a level of trustworthiness of the second user device, that enables other user devices, associated with the trust platform, to determine whether to grant access requests submitted by the second user device.

Abstract: Methods and systems for encrypting sensitive information are disclosed comprising hashing sensitive information by a hash function and selecting a salt or key salt based, at least in part, on the hashed sensitive information. If a salt is selected, the selected salt is combined with the hashed sensitive information to yield combined sensitive information, which is encrypted and stored. If a key is selected, such as an AES key, for example, the sensitive information is encrypted by the selected encryption key, and stored. The keys and salts may be encrypted by a cryptographic processing system that generates and stores keys, such as a key management system and/or a hardware security module, for further protection. The salts may be concatenated into a binary large object prior to encryption. Methods and systems for updating of stored records comprising encrypted sensitive information are also described.

Abstract: Aspects of the disclosure relate to preventing unauthorized access to secured information systems. A computing platform may receive, from an end user desktop computing device, a request to login to a user account associated with a user account portal. In response to receiving the request, the computing platform may generate an authentication token in an authentication database and may send a notification to at least one registered device linked to the user account. After sending the notification, the computing platform may receive, from the at least one registered device, an authentication response message. If the authentication response message indicates that valid authentication input was received, the computing platform may update the authentication token to indicate that the request to login to the user account has been approved. After updating the authentication token, the computing platform may provide, to the end user desktop computing device, access to a portal interface.

Abstract: An electronic disclosed herein may include a band formed from metal that combines with a bottom wall formed from a non-metal to form an enclosure that carries internal components. The electronic device may include a transparent cover and a display assembly partially covered by a border having a uniform dimension. The electronic device may include a vision system designed for facial recognition of a user of the electronic device. A bracket assembly may hold the vision system. The bracket assembly may not be affixed to the enclosure and may move relative to the enclosure. The electronic device may include a battery assembly having multiple battery components coupled together. The electronic device may further include a receiver coil for wireless charging of the battery assembly. The electronic device may include a circuit board assembly having stacked circuit boards. The electronic device may further include a dual camera assembly.

Abstract: Proxied multi-factor authentication using credential and authentication management in scalable data networks is described, including initiating a request by an extension to authenticate a browser to access a data network, the request being associated with an address and transmitted over HTTP, receiving at a proxy browser a first message from the data network in response to the request, the first message comprising authentication data, the authentication data being forwarded to a server in data communication with the proxy browser and the browser, sending a second message from the server to the extension, the second message comprising the authentication data, and transferring authentication data to the data network from the browser and the extension in response to an query from the data network.

Abstract: An update change request that is made against attributes of a directory object causes automatically collection of customized information for an initiator of the request. A correlation identifier for the change request is generated. The changes to the attributes are processed to update the directory object and the customized information is updated to an extension attribute for the directory object. A unique audit event is raised for each changed attribute including the extension attribute and each audit event includes the correlation identifier.

Abstract: The present invention relates to a method and system for tracking the movement of data elements as they are shared and moved between authorized and unauthorized devices and among authorized and unauthorized users.

Abstract: In some examples, a first user equipment (UE) sends an indication to an application server that the first UE is to use a relay UE to access a network. The first UE receives, from the application server, a first identity different from a second identity of the first UE. The first UE uses the first identity to register with the network to authenticate the first UE.

Abstract: This disclosure relates to identity verification. In one aspect, a method includes obtaining verification information during a user application session of a user with an application component subsequent to a verification triggering request to perform identity verification on the user. A determination is made whether the verification information satisfies a first identity verification-free condition. When the verification information satisfies the first identity verification-free condition, an identity verification-free operation that does not include identity verification of the user is performed. When the verification information fails to satisfy the first identity verification-free condition, an identity verification process is performed to verify an identity of the user.

Abstract: Techniques for processing voice commands from a locked device are described. A voice command received by a locked device is stored, a prompt requesting that the device be unlocked is generated, and the voice command is processed automatically after the device is unlocked. Thus, the system processes the voice command without the user repeating the voice command. In addition, the system may process certain voice commands even when the device is locked. For example, a whitelist filter compares an intent associated with the voice command to whitelisted intents from a whitelist database before the intent is dispatched to a speechlet, and intents included in the whitelist database are processed normally. Thus, the system performs certain voice commands while the device is locked, while other voice commands may be automatically processed after the device is unlocked without the user repeating the voice command.

Abstract: A system to provide an integrated advertising platform includes a sensor unit, communication module, telecom server unit, consent database, database unit, application server unit, and retailer computing unit. The sensor unit is installed within a premise to detect the presence of a consented user equipment (UE) in proximity and retrieves an identification number associated with the consented UE. The communication module transmits the retrieved identification number and sensor identification number to the telecom server unit that matches the identification number with an MSISDN. The consent database stores the consent status of the MSISDN. The database unit receives a sensor identification number, system identification number, and MSISDN from the consent database. The application server unit customizes the offer corresponding to the user through a machine learning module and transmits the customized offer to the consented user equipment UE.

Abstract: Methods, apparatus, systems and articles of manufacture are described to manage password security. An example apparatus includes a hardware processor to implement a transmission delay manager to invoke a provisional transmission block of a candidate password in response to detecting entry of the candidate password and a vault hash manager to determine hash values of a set of passwords of a list of passwords. The hardware processor further implements a parity verifier to compare the determined hash values to a hash value of the candidate password to determine a count of a number of instances the hash value of the candidate password matches one of the hash values and an alarm action engine to identify a service category type associated with the candidate password, the service category type associated with a threshold and release the provisional transmission block of the candidate password when the count satisfies the threshold.

Abstract: A file receiver receives an electronic structure file that includes structure-file data associated with a spatial arrangement and detects a content object for processing that includes content-object data. A file transformation engine transforms the structure-file data from the structure file into an electronic record. A rendering engine renders an image of the transformed structure-file data arranged in the spatial arrangement. An interface engine detects an input corresponding to specification of a position of a data segment. A parsing engine defines a segment-position specification indicative of the position. A template engine generates an electronic template that associates an identifier of the data segment with the segment-position specification and associates the electronic template with a template identifier. A record classifier determines that the content object corresponds to the template identifier.

Abstract: The invention provides a handset that includes a finger-image sensor that provides finger-image-related signals or data for authentication purposes and functions as a telephone handset for use with a computer terminal. A system, including handsets and computer terminals, enables the terminal and/or the handset to access or otherwise participate in at least one network-related function and voice communication in response to authentication of finger-image data provided by the handset.

Abstract: Systems and methods are described to validate user connections to one or more application servers within a multi-tenant application system. A domain-level cookie at the client identifies any active connections for that client. As the client requests a connection to a particular application, the cookie is provided to a validation server that determines if any previously-established sessions with the multi-tenant system exist, and/or if such sessions remain active. If an active session already exists, then the client can be redirected to a particular server to continue the previously-established session. If no valid prior sessions are available, then the client can be validated and a new connection to an appropriate server can be established, as appropriate.

Abstract: A touch-panel control apparatus and an operation method thereof are provided. The touch-panel control apparatus includes a fingerprint sensing circuit, a touch detection circuit, and an application processor. The fingerprint sensing circuit is coupled to a touch panel to sense a fingerprint of an object. The touch detection circuit is coupled to the touch panel to detect a touch behavior of the object on the touch panel. The application processor is coupled to the fingerprint sensing circuit and the touch detection circuit. The application processor is configured to enter an encryption mode to sense the fingerprint via the fingerprint sensing circuit. The application processor detects the touch behavior via the touch detection circuit in the encryption mode. When the touch behavior changes in the encryption mode, the application processor ends the encryption mode early.

Abstract: Techniques are provided to generate a secure communication for use in a transaction. In some embodiments, a user device is provided a first set of encryption keys associated with one or more authorizing entities. The user device may, prior to or during a transaction, receive one or more second encryption keys related to a second party to the transaction. In some embodiments, the one or more second encryption keys may be provided to the user device via a local communication means. Once the user device has been provided with transaction details, it may generate a transaction request using the multiple encryption keys that it has been provided, such that portions of the message are encrypted using different encryption keys.

Abstract: A user device implements a certificate authority for issuing digital certificates that extend to other computing devices a level of trust to a particular user paired with the user device. The user device may obtain user persona information, generate a user key, and combine the user key with a device key for the generation of a digital certificate. The computing device may further transmit the digital certificate to a certificate management system, which manages interactions between other computing devices and the user device or authorizes operation of other computing devices by the particular user based on the digital certificate.

Abstract: The present disclosure relates to a sensor network, machine type communication (MTC), machine-to-machine (M2M) communication, and technology for Internet of things (IoT). The present disclosure may be applied to intelligent services based on the above technologies, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. A method and an authenticating system for authenticating users in an IoT environment are provided.

Abstract: The present disclosure is directed to supervising displayed content. In particular, the methods and systems of the present disclosure may: generate data representing a plurality of images of interfaces displayed by a computing device configured to supervise content displayed to a user; determine, based at least in part on one or more machine learning (ML) models and the data representing the plurality of images, whether the interfaces displayed by the computing device include content of a type designated by a content supervisor of the user for identification; and generate data representing a graphical user interface (GUI) for presentation to the content supervisor, the GUI indicating whether the interfaces displayed by the computing device include content of the type designated for identification.

Abstract: Methods for system component pairing and authentication are described. A first system component may pair with a second system component in response to receiving a unique identifier from the second system component. The first system component may store the received unique identifier and, thereafter, may authenticate that it is, in fact, communicating with the second system component. The first component may communicate a challenge message directed to the second system component and if the contents of the reply message and the time taken to receive the reply message do not correspond to expected values, the first component may determine that it may not be communicating with the intended second component and may cease communications with the second component.

Abstract: A public operator processes data streams from multiple operators in different streaming applications to reduce resource costs and increase efficiency in a streaming system. The public operator uses tuple level security with a unique key for each streaming application to securely process the data streams. A stream security module (SSM) manages encryption to and from the public operators to insure other streaming applications with access to the shared public operator don't have access to data of other applications that may belong to other customers or users. The stream security module may be incorporated into the streams manager of a streaming system.

Abstract: A system performs mobile biometric identification system enrollment using a known biometric. The system receives a digital representation of a first biometric for a person. Prior to using the digital representation of the first biometric to identify the person, the system compares a received digital representation of a second biometric for the person to known biometric data for the person. When the digital representation of the first biometric has been thus verified, the system is operative to identify the person using the digital representation of the first biometric.

Abstract: Aspects of a privileged identity management system and method provide users with the ability to request elevated privileges to perform tasks on computing systems and software applications. The privileged identity management system and method also provides users with the ability to extend the elevated privileges to access privileged features or perform tasks using elevated privileges. The privileged identity management system and method utilize a different device that is readily available to the user in order to provide communications relating to the elevated privileges.

Abstract: According to an embodiment, an information processing apparatus includes processing circuitry. The processing circuitry is configured to detect writing on a first file and register, in a restriction target storage, file information on the first file and perform, when processing on a second file is requested and file information on the second file coincides with the file information stored in the restriction target storage, first restriction to restrict the processing on the second file.

Abstract: Various embodiments are directed to a password security warning system. An artificial neural network or other types of models may be used to determine whether a password that is created, input, or proposed by a user via an interface includes one or more predictable or typical transformations or combinations of characters derived from user-specific information. Based on the determination, a warning may be provided to the user.

Abstract: A method, implemented by a computer-implemented authentication system, for authenticating a user attempting to access a target component of a computer system, the method comprising: a) receiving, from a first user system via a computer network, user authentication information and a network address identifying the first user system within the computer network; b) obtaining at least one data item of contextual information indicative of a property of an environment of a wireless communications device associated with the user authentication information; c) authenticating the user based on at least the user authentication information; and d) subject to successful authentication, granting access to the target component and storing a data record comprising the received network address and the received contextual information.

Abstract: A computerized system provides a set of terminal devices accessible to physicians allowing for the electronic exchange of information through a display and data input device and the server system communicating between the anonymous medical record database and the terminal devices to: (1) allow a searching by a given physician of the anonymous medical record database according to search criteria entered by the given physician to provide a search result of patients; and (2) allow communication by the given physician with at least one patient's physician for a patient in the search result using the anonymous identifier to the patient's physician.

Abstract: Techniques for enhancing the security of storing sensitive information or a token on a communication device may include sending a request for the sensitive information or token. The communication device may receive a session key encrypted with a hash value derived from user authentication data that authenticates the user of the communication device, and the sensitive information or token encrypted with the session key. The session key encrypted with the hash value, and the sensitive information or token encrypted with the session key can be stored in a memory of the communication device.

Abstract: Techniques for multifactor authentication as a network service are disclosed. In some embodiments, a system, process, and/or computer program product for multifactor authentication as a network service includes monitoring a session at a firewall, applying an authentication profile based on the new session, and performing an action based on the authentication profile.

Abstract: Described herein are systems and methods that allow for secure wireless communication between a contact lens system and an accessory device to protect sensitive data and prevent unauthorized access to confidential information. In certain embodiments, tampering attempts by potential attackers are thwarted by using a Physically Unclonable Functions (PUF) circuit that is immune to reverse engineering. In addition, sensors monitor a to-be-protected electronic device to detect tampering attempts and physical attacks to ensure the physical integrity of the communication system.

Abstract: Techniques for performing hash validation are provided. In one technique, a signature request that includes a first hash and a data identifier is received from a client. In response, the data identifier is identified and sent to a data repository, data that is associated with the data identifier is received from the data repository, a second hash is generated based on the data, and a determination is made whether the second hash matches the first hash. If the two hashes match, then the first hash is sent to a cryptographic device that generates a digital signature, which is eventually transmitted to the client. Alternatively, the digital signature is transmitted to the client prior to the first hash being validated. In a related technique, a server receives the signature request and sends the data identifier to a hash validator, which interacts with the data repository and generates the second hash.

Abstract: An image recognition based interactive control system and method for a smart television. The system comprises: an image acquisition module for acquiring a card image; a gesture recognition module for recognizing a gesture of a user holding a card and outputting a gesture recognition result, wherein the gesture recognition result is channel switching, program selecting or content searching; a card recognition module for recognizing the content of the card image and outputting a card recognition result; and an interactive control module for performing a relevant interactive operation according to the gesture recognition result and the card recognition result.

Abstract: A method of managing servers of a distributed computer system by using an intent-based CLI (command line interface) executing by one or more processors of a remote computing device, the servers hosting a virtual cluster comprising one or more virtual machines. The method includes receiving, by a first server of the servers, a connection-request from the intent-based CLI to establish an encrypted connection between the first server and the remote computing device. The method includes authenticating the connection-request and establishing, in response to authenticating the connection-request, a first encrypted communication channel between the first server and the remote computing device. The method includes receiving, via the first encrypted communication channel, an operation-request for a list of intent-based operations supported by the first server.

Abstract: Embodiments of the present invention disclose a privacy protection method, a mode switching apparatus, and a terminal device. The method includes: receiving an input operation of a user; identifying the input operation and extracting an action feature; performing matching in an instruction library according to the action feature, and when the matching succeeds, generating instruction information corresponding to the action feature; determining a protection mode of the terminal device according to the instruction information, and determining an application that subscribes to the protection mode in the terminal device; and controlling display of the application according to the protection mode of the terminal device.

Abstract: A method and system automatically and dynamically creates routes between message dropboxes in separate data center infrastructures. The method and system determines that a first message dropbox in a first data center infrastructure is routable to a second message dropbox in a second data center infrastructure based on the names or policies of the first and second message dropboxes. After routability is determined, the method and system automatically creates and implements a route between the first and second message dropboxes in real time.

Abstract: Abstraction programming models of enclave security platforms are described, including receiving a request from an enclave according to an enclave abstraction protocol, converting the request into a native enclave protocol, and sending the converted request to a native platform. The request may be, for example: to create an attestation report, to seal data to the enclave, a request to call a function in a client of the enclave, read a monotonic counter, to take a trusted time measurement, or to allocate memory that is shared with both the enclave and the enclave client.

Abstract: A method for activating an electronic subassembly includes receiving at least one activation signal using a reception module of the electronic subassembly. The electronic subassembly is transferred from an idle state to an active state using the at least one activation signal. The electronic subassembly is intermittently supplied with electric power via the at least one activation signal.

Abstract: A device transmits or receives a packet in a memory network including one or more processors and/or one or more memory devices. The device includes a key storage unit configured to store a one-time password (OTP) key that is shared with a target node, an encryption unit configured to encrypt a transmission packet with the OTP key stored in the key storage unit and to transmit the encrypted transmission packet to the target node, and a decryption unit configured to decrypt a receiving packet from the target node with the OTP key stored in the key storage unit. The device is a processor or a memory device in the memory network.

Abstract: A system and method is provided for a cryptographic primitive and authentication protocol comprised of micro-cavity resonators at optical wavelengths. A micro-cavity resonator is illuminated with an optical challenge signal and the cavity returns an output response that is dependent on the input signal. Digital signal processing is performed on the output signal to generate a corresponding digital representation. This process is repeated for variations of the input signal with its digital output being stored in a database. A user or object claiming an identity presents a token to the system. The system selects a subset of the available challenge-response pairs and presents the challenges to the token. The system compares the digitized responses with the original responses expected for that token. The system will approve or deny the claimed identity corresponding to the presented token.

Abstract: Embodiments of the invention provide methods and systems for password management using public-private key cryptography. A user device generates a public-private key pair including a public key and a private key and registers the public key with a remote password management server. Account names and passwords can be stored at the password management server in association with the public key. To retrieve the passwords, the user device sends a request to the password management server including the public key. The password management server determines the password from the stored passwords and encrypts it using the public key. The encrypted password is sent to the user device, which can decrypt the encrypted password using the private key corresponding to the public key. The user device can then use the account name and password can to obtain account information from an account provider.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for controlling access to physical areas. One of the methods includes receiving first data, determining, using the first data, whether each of the passengers for a vehicle is authorized to cross a border, storing second data in a data set of pre-registered border crossers, receiving third data identifying the vehicle and indicating entry of the vehicle into a border crossing station, comparing the third data with data from the data set of pre-registered border crossers, determining that the third data and the second data both identify the vehicle, collecting, for each current passenger in the vehicle, fourth data representing the current passenger, determining whether the current passengers in the vehicle and the passengers identified in the second data are the same people, and providing instructions to guide the vehicle to a lane at the border crossing station.