Abstract: A method, apparatus and product comprising: identifying a login session in a Graphical User Interface (GUI) of a user device, wherein the login session is configured to enable a user of the user device to login to a first software system; extracting one or more user credentials from the login session, wherein the one or more user credentials comprise one or more user inputs to the login session; manipulating the one or more user credentials using one or more manipulations, thereby obtaining manipulated credentials; and automatically utilizing the manipulated credentials in order to login the user into a second software system.

Abstract: A method, apparatus and product comprising: identifying a login session in a Graphical User Interface (GUI) of a user device, wherein the login session is configured to enable a user of the user device to login to a first software system; extracting one or more user credentials from the login session, wherein the one or more user credentials comprise one or more user inputs to the login session; manipulating the one or more user credentials using one or more manipulations, thereby obtaining manipulated credentials; and automatically utilizing the manipulated credentials in order to login the user into a second software system.

Abstract: An authentication device includes: a wearing position determination unit that determines a wearing position, the wearing position being a position at which a wearable article comprising a sensor is being worn on a body; and an authentication unit that performs authentication by using biometric information of the body, the biometric information being detected by the sensor at the wearing position.

Abstract: Embodiments described herein provide a system and method for controlling access to electronic files by linking the files to a file access monitoring system, called the file access monitor in this application. The file access monitor then authorizes the use of the one or more files by performing one or more qualifying steps on the accessing computer system. The file access monitor may be a standalone program or an embedded logic within a closed system like an application, an operating system (O/S), an external device like a printer, a web browser or a web browsing application. Access to electronic files can include the exchange, modification, execution, printing, viewing, listening, copying and replication of these files to name a few. A given protected electronic file is transferred from a sending computer system to a receiving computer system for eventual access. The receiving computer may also become the accessing computer should a user on the receiving computer wish to access the transferred file.

Abstract: An example method of file transfer between a client and a server includes: initiating, by the client, a front-end control connection between the client and a horizontally scaled proxy service; creating, by a first proxy instance of a plurality of proxy instances of the horizontally scaled proxy service, a back-end control connection between the first proxy instance and the server; returning, to the client from the first proxy instance, a unique client parameter associated with the front-end connection as a destination port for a front-end data connection; initiating, by the client, the front-end data connection between the client and the horizontally scaled proxy service, the front-end data connection using the destination port as returned by the first proxy instance; and creating, by the first proxy instance, a back-end data connection between the first proxy instance and the server.

Abstract: Secrets such as secure session cookies for a web browser can be protected on a compute instance with multiple layers of encryption, such as by encrypting key material that in turn controls cryptographic access to the secret. A compute instance can be instrumented to detect when a process attempts to decrypt this key material so that the process requesting decryption can be compared to authorized or legitimate users of the secret.

Abstract: Described herein are computerized methods and systems for user authentication using an imaged machine-readable identity document. A server receives an authentication request from a first client device, including image files corresponding to a user's machine-readable identity document. The server displays on the first client device user-identifying data elements extracted from the image files. The server captures additional user-identifying data elements from the first client device, and verifies the user's identity based upon the user-identifying data elements. The server determines user contact channel data based upon the verified identity. The server displays the contact channel data on the first client device, and generates a transient access code upon receiving a contact channel selection.

Abstract: Embodiments provide methods and systems for preventing a fraudulent payment transaction. The method performed by issuer system associated with payment account of user includes generating unique data for payment transaction of the user upon approval of payment transaction authorization request signal. The method includes facilitating encryption of the unique data based on encryption key and sending payment transaction authorization response signal to payment server associated with payment network. The payment transaction authorization response signal includes at least the encrypted unique data. The method includes processing the payment transaction upon receiving a notification of a successful validation of the payment transaction authorization response signal from payment server. The validation of the payment transaction authorization response signal is performed by payment server.

Abstract: A method for data transfer and storage is provided. The method may include: encrypting data generated by a terminal device; storing duplicated copies of the encrypted data respectively in a first storage device and a second storage device, which are removably inserted into the terminal device; generating, with the terminal device, a message authentication code associated with the encrypted data; transmitting the message authentication code to a first server; physically transporting the first storage device to a remote location of the first server, and upon the first storage device being inserted into the first server, determining whether the encrypted data stored in the first storage device are damaged using the message authentication code; and in response to a determination that the encrypted data stored in the first storage device are not damaged, transmitting the encrypted data from the first storage device to the first server.

Abstract: Disclosed herein are systems and methods allowing provider server and an analytics server to communicate confidential information but not compromise the anonymity of the customers if the data transmitted in either direction were to be intercepted or otherwise viewed by an unauthorized party, each server is configured to transmit the data records of the customers without any personally identifying information (PII) associated with the customers. The databases may “link” the data records by separately generating customer key identifiers for each unique customer having data in the one or both of the databases, according to predefined parameters and a predetermined one-way hashing algorithm. The unique customer key identifier may then be concatenated to, appended to, or otherwise associated with each data record for a particular customer that is being communicated between the servers.

Abstract: An encryption system for encrypting data of a party, wherein the party is provided with an encryption key wallet and one or more encryption keys of the encryption key wallet are identifiable using at least one reference code. The encryption key wallet is opened for accessing an encryption key via its reference code, for encrypting data to generate corresponding encrypted data and/or for decrypting encrypted data to generate corresponding decrypted data, wherein the encryption key is reproducibly generated by the encryption key wallet. When the encryption system enables exchange of encrypted data via the encryption system between two or more parties the two or more parties are provided with the encryption key wallet; data exchanged between the parties are encrypted using one or more encryption keys obtained from the encryption key wallet; and the encryption key wallet is opened for use when encrypting and/or decrypting the data exchanged between the parties.

Abstract: A management device calculates, from access information transmitted from a token terminal and a site seed assigned to a server, a user seed, and registers the user seed in the token terminal. The token terminal obtains a share seed, calculates a key code from the share seed and the user seed, and presents the key code to the user. When the user enters the key code to an access terminal, the access terminal transmits, to the server, a request having the key code specified. The server obtains access information relating to the transmitted request, calculates a checkup seed from the access information and the site seed assigned to the server, obtains a share seed independently from the token terminal, calculates a checkup code from the share seed and the checkup seed, and sets a necessary condition for sign-in that is consistent between the key code and the checkup code.

Abstract: A method, system, and apparatus comprising: automatically identifying a login session to a first software system in a Graphical User Interface (GUI) of a user device; automatically extracting user credentials from the login session; automatically manipulating at least a portion of the user credentials to obtain manipulated credentials; automatically verifying that the login session is authentic by: encrypting the user credentials, providing the encrypted credentials to a separate environment, and reconstructing the login session at the separate environment; and automatically adding the manipulated credentials to an account of the user in a second software system that is independent from the separate environment.

Abstract: A method, system, and apparatus comprising: automatically identifying a login session to a first software system in a Graphical User Interface (GUI) of a user device; automatically extracting user credentials from the login session; automatically manipulating at least a portion of the user credentials to obtain manipulated credentials; automatically verifying that the login session is authentic by: encrypting the user credentials, providing the encrypted credentials to a separate environment, and reconstructing the login session at the separate environment; and automatically adding the manipulated credentials to an account of the user in a second software system that is independent from the separate environment.

Abstract: A method for synchronizing an identity of a user between a network observer and a third party includes: reading, by the network observer, a connection request sent from the user to the third party, the connection request including a host field having a host part corresponding to the third party and a sub-host part corresponding to identification information of the user; and associating, by the network observer in a database, the identification information of the user derived from the sub-host part with the identity of the user and an identity of the third party.

Abstract: The present disclosure provides an information processing system and an information processing method that, in a material analyzing service that is provided via a network, can appropriately manage data of a high degree of confidentiality. The system and method involve a user terminal that provides a data ID to a combination of first data that relates to a material, and second data that is data obtained by measuring the material and is data whose degree of confidentiality is lower than the first data. The user terminal stores the first data and data ID and transmits the second data and data ID to an information processing device. The information processing device carries out material analysis corresponding to the second data and transmits analysis results data to the user terminal. Accordingly, data having a high degree of confidentiality can be managed appropriately in a material analyzing service over a network.

Abstract: Techniques for determining and using interaction affinity data are described. Interaction affinity data may indicate a latent affinity between information corresponding to an interaction, such as, intents, entities, device type from which a user input is received, domain, etc. A system may use the interaction affinity data to determine an alternative input representation for a spoken input to cause output of a desired response to the spoken input. The system may also use the interaction affinity data to recommend an action to a user.

Abstract: Systems and methods for automatically generating search list rankings of software components are provided. An exemplary method includes generating a list of software components in response to a request, generating ranking parameters, determining first weight values correlating with each of the ranking parameters, generating an index correlating each of the software components with each of the ranking parameters, parsing web data to populate the index, determining, via the ranking parameters, scores for each of the software components, storing the scores on the index, applying the first weight values to the scores on the index, and generating, for each of the software components, a combined score, wherein the combined score is a combination of each of the scores that are associated with each of the software components.

Abstract: Provided is a video playback system based on approval of a playback approver. A decryption key that can decrypt an encrypted and stored recorded video is generated only when video playback is approved by a playback approver using an appointed playback approval method and transmitted to the video recording device so that it is possible to prevent leakage of the recorded video with sensitive personal information.

Abstract: Provided are systems and methods for remotely debugging a software application hosted on a cloud platform. Rather than download and test code locally, a developer may login directly to the cloud platform, and debug the software application in its native cloud environment. In one example, the method may include establishing a communication channel between a remote computing terminal and an application instance hosted on a cloud platform, enabling port forwarding at the remote computing terminal to redirect requests from the remote computing terminal to the application instance hosted on the cloud platform via the communication channel, attaching a debugger to a port at the remote computing terminal that is associated with the communication channel, and forwarding, via the debugger, debugging commands input at the remote computing terminal to the application instance hosted on the cloud platform via the communication channel.

Abstract: Systems and methods are provided for authenticating mobile payments from a customer account to a merchant. The systems and methods may include a financial service provider receiving a request to authorize an electronic transaction at a point-of-sale. A financial service provider server computer may verify that the customer is present at the point-of-sale using received location data. An image having distorted text such as a captcha may be transmitted to a device at the point-of-sale, and the customer may read the captcha aloud. A voice sample of the customer may be sent to the financial service provider for comparison to stored voice recordings, to verify that the customer's voice sample is authentic if the voice matches a previously generated voice recording for the account. If the voice sample is authentic, the financial service provider may authorize the mobile payment.

Abstract: Various embodiments of the present disclosure provide techniques for facilitating a credential-less exchange over a network using a plurality of identifier mapping and member interfaces. The techniques may include initiating the presentation of an enrollment user interface via a client device of a user and receiving selection data indicative of a selection of a service provider instrument from the enrollment user interface. The techniques include generating a matching code for authenticating the user, providing the matching code to a service provider platform, and receiving the matching code from a partner platform. In response to an authentication of the user based on the matching code, the techniques may include generating an UUEK for the user that may be used to replace persistent credentials.

Abstract: A method for anonymizing documents before publication is provided. The method includes identifying regular expressions configured to match strings to be anonymized in a document, selecting a readable identifier as an anonymized reference for a string replacement, searching the document for a match string that fits the regular expression, hashing the match string using a collision resistant, deterministic, non-inverting cryptographic hashing function, and comparing a cryptographic hash of the match string with a database including multiple previous hashes and multiple corresponding readable identifiers. When none of the previous hashes matching the cryptographic hash, the method includes creating a new database record including the cryptographic hash, incrementing a counter in the readable identifier and associating the readable identifier with the new database record, and replacing the match string with the readable identifier, throughout the document.

Abstract: A non-transitory computer readable storage medium has instructions executed by a processor to collect keystroke data of a user for a designated time period. A number of distinct keys is derived from the keystroke data. A maximum character frequency is derived from the keystroke data. Digital gaming activity is selectively designated based upon the number of distinct keys and the maximum character frequency.

Abstract: A wireless interface device for communicating an input signal to a processor-based host is provided. The wireless interface device includes a processor, a display and a wireless communication component. The display comprises a touchscreen, a touchscreen controller and a memory liquid crystal display. The display is configured to receive and translate an input to an input signal and communicate the input signal to the microprocessor. The wireless communication component is configured to receive the input signal from the processor and communicate the input signal over a communications channel to the processor-based host.

Abstract: Techniques are described for managing master keys for token requestors to use in generating cryptograms such as TAVVs. A processor computer generates a first master key for a token requestor, the first master key being generated based on (a) a second master key managed by the processor computer and (b) an identifier of the token requestor. The processor computer transmits, to a token requestor computer corresponding to the token requestor, the first master key. The processor computer receives, from the token requestor computer, a request for a token. Responsive to receiving the request for the token, the processor computer transmits the token to the token requestor computer; and receives, from the token requestor computer, an authorization request message comprising the token and a cryptogram generated by the token requestor computer using the first master key and the token.

Abstract: A method, computing device and computer program product generate a temporary password to control access to a record created in response to an electronic message. An electronic message is parsed to separately identify a plurality of fields that provide different types of information. Record(s) are accessed from a database that are associated with the information provided by at least one field. An action to be initiated by the electronic message is determined to either be taken or to be rejected based upon information provided by the field(s) of the electronic message and also based upon information from the record(s) accessed from the database. If the action is rejected, a record of the electronic message is created for transmission along with information regarding the rejection. A temporary password is also generated to control access to the record created regarding the electronic message and its rejection. The response includes the temporary password.

Abstract: Disclosed embodiments relate to systems and methods for securing the use of temporary access tokens in network environments. Techniques include identifying a request for an action involving a target network resource requiring a temporary access token; receiving, from the target network resource, a temporary access token; storing the temporary access token separate from the network identity; generating a customized replacement token having an attribute different from the temporary access token such that the customized replacement token cannot be used directly with the target network resource; providing the customized replacement token to the network identity; monitoring use of the customized replacement token to detect an activity identified as being at least one of potentially anomalous or potentially malicious; receiving an access request to access the target network resource; and based on the detected activity, denying the access request from the network identity.

Abstract: Disclosed are an access rejection method, apparatus and system, where the access rejection method includes: a first base station receives an access request from a terminal; and the first base station sends an access rejection message to the terminal; where the access rejection message at least carries: a check value generated based on a key of the terminal and at least part of contents of the access rejection message. And further disclosed are related computer storage media and processors.

Abstract: Techniques for measuring firmware at the point and time of execution are described. Hardware logic can be implemented in a processing unit that is tasked with executing firmware code to make on-the-fly measurements of the instructions being executed by the processing unit. For example, an instruction register that stores instructions being executed by the processing unit can be monitored to obtain a set of instructions corresponding to the firmware being executed. Firmware verification circuitry can be implemented to compute a cryptographic measurement of the instructions being executed to verify the authenticity of the firmware.

Abstract: The present disclosure describes techniques for accessing user accounts and data from any computing device. It may be determined whether an account of a user exists in a cloud service in response to receiving information associated with the user from any computing device. Data associated with the account may be stored by the cloud service. There may be a plurality of types of data associated with a plurality of security levels. The plurality of security levels may correspond to different security requirements. The data associated with the account may belong to at least one of the plurality of types of data. An instance of the account may be deployed to the computing device in response to determining that the account exists in the cloud service. The instance of the account may enable the user to access services via the computing device.

Abstract: Methods and systems described herein authenticate a user and help secure transaction. A display screen presents images that are difficult for malware to recognize but a person can recognize. In at least one embodiment, a person communicates transaction information using visual images received from the service provider system. In at least one embodiment, a user selects a sequence of visual images as a means of authenticating the user and logging into a financial account or other corporate account. In some embodiments, methods and systems are provided for determining whether to grant access, by generating and displaying visual images on a screen that the user can recognize, and select. In an embodiment, a user presses his or her finger or fingers on a display screen to select images as a method for authenticating and protecting communication from malware.

Abstract: Disclosed are systems and methods that require/force bots to access and interact with webpages at a similar level to humans, by including an executable script that generates/updates a test value for a webpage. The client devices must perform certain processing and/or rendering of the webpage to call the computations necessary for generating the updated test value. The script must be executed as a function of processing and/or rendering the webpage. The script may be retrieved from the webserver as a function of processing and/or rendering the webpage. When the browser executes this script, the browser generates the updated test value. At some point, the client device submits a request for certain process with the updated test value. The server compares the inbound test value from the client device against an initial/previously received test value or an expected test value to determine whether the browser is being operated by a human.

Abstract: Systems and methods for improved security authentication are disclosed. In some embodiments, an improved system for security authentication may include a plurality of computing devices, and a server system communicatively coupled to the plurality of computing devices. The server system may be configured to receive a request for security authentication, determine an authorization providing computing device from among the plurality of computer devices based on authentication preferences stored in a database communicatively coupled to the server system, generate and transmit authentication information to the determined authorization providing computing device, receive, from an initiating computing device an authentication input, determine whether the received authentication input matches the transmitted authentication information, and complete the request for security authentication when the received authentication input matches the generated and transmitted authentication information.

Abstract: A system and method are disclosed that leverage multi-factor authentication features of a service provider and intelligent call routing to increase security and efficiency at a customer call center. Pre-authentication of customer support requests reduces the potential for misappropriation of sensitive customer data during call handling. A contactless card uniquely associated with a client may provide a second factor of authentication via a backchannel to reduce the potential for malicious third-party impersonation of the client prior to transfer of the call to the customer call center. Pre-authorized customer support calls may be intelligently and efficiently routed directly to call center agents, without incurring further delay. During call handling, call center agents may initiate further client authentication processes, including contactless card authentication requests, over one or more different communication channels for authorizing access to sensitive information or to allay suspicion.

Abstract: Systems and methods for facilitating authentication for payment transactions using pattern-based time bound passwords. More specifically, techniques disclosed herein enable authentication of payment transactions performed by a user at a merchant terminal based on a pre-registered pattern provided by the user within a pre-defined time period limit. The pre-registered pattern drawn in the pre-defined time period is registered as a password for authenticating any payment transaction performed by the user using a payment card which is associated with an account of the user in an issuing bank. If the user provides the pre-registered pattern within the pre-defined time period limit, the payment transaction is authenticated. In another embodiment, such pattern-based time bound password is used as a second level authentication in which first level authentication is performed by a personal identification number.

Abstract: Exemplary system, method, and computer-accessible medium for transmitting or generating an encrypted message(s) to or for a receiver(s) from a sender(s), can be provided, which can include, for example, generating an electronic public key(s) and an electronic private key(s) for the sender(s), generating first information based on (i) data of the sender(s), (ii) a state(s) of the sender(s), and/or (iii) a type of the sender(s), electronically selecting an electronic message signal(s) and a time stamp(s) based on the first information, generating a message(s) based on the electronic message signal(s) and the time stamp(s), generating the encrypted message(s) by encrypting the message(s) using the electronic private key(s), and transmitting the encrypted message(s) to the receiver(s).

Abstract: A secure method for resetting the password for an account is disclosed. During the setup of the account, the user can provide the service provider with a media file, and when the user asks the service provider to reset the password for the account, the user will be prompted with several media files. The user can be asked to identify the media file that the user provided to the service provider at the time of the setup of the account. If the user properly identifies the media file, the password will be reset.

Abstract: A device may receive a request from a first user device to access a protected device. The device may verify a user identity of a user of the first device based on user credentials and determine that an authentication code is needed to authenticate the request to access the protected device. The device may dynamically generate multiple codes and transmit the multiple codes to a second user device associated with the user identity of the user of the first device. A first code, of the multiple codes, may correspond to a correct authentication code needed to authenticate the request to access the protected device. The device may transmit a message including an instruction for identifying the correct authentication code from among the multiple codes, receive a second code from the first device, compare the second code and the first code, and selectively authenticate the request to access the protected device.

Abstract: A method for establishing account controls for a transaction account through specially configured personal identification numbers includes: storing, in an account profile, an account identifier, standard personal identification number (PIN), and blocking PIN; receiving a first authorization request for a first payment transaction including the account identifier, a merchant identifier, and the blocking PIN; inserting the merchant identifier into the account profile; receiving a second authorization request for a second payment transaction including the account identifier and the merchant identifier; and transmitting an authorization response in response to the second authorization request including a response code indicating decline of the second payment transaction.

Abstract: An information processing system including a communication unit that acquires information related to an interaction between objects from a sensing device that detects the interaction between the objects, an emotion information database constructed by accumulating an evaluation value used when an emotion value of each object generated based on the information related to the interaction between the objects is calculated, a certification unit that certifies the sensing device and issues certification information to the sensing device, and an authentication unit that authenticates the information related to the interaction transmitted from the sensing device based on the certification information issued to the sensing device.

Abstract: Systems and methods are provided for authenticating mobile payments from a customer account to a merchant. The systems and methods may include a financial service provider receiving a request to authorize an electronic transaction at a point-of-sale. A financial service provider server computer may verify that the customer is present at the point-of-sale using received location data. An image having distorted text such as a captcha may be transmitted to a device at the point-of-sale, and the customer may read the captcha aloud. A voice sample of the customer may be sent to the financial service provider for comparison to stored voice recordings, to verify that the customer's voice sample is authentic if the voice matches a previously generated voice recording for the account. If the voice sample is authentic, the financial service provider may authorize the mobile payment.

Abstract: A method for managing customers for a store includes generating first account identification information from stored account information of a customer. The method also includes transmitting a list of candidate payees within a predefined distance of a current geolocation of a personal communication device of the customer and identifying the store as a party to a transaction with the customer based on feedback. The method still further includes receiving, from the store, a transaction message indicating the customer is a counterparty to the transaction, the transaction message comprising second account identification information received at the communication device of the store from the customer. The method also includes determining the first account identification information matches the second account identification information.

Abstract: An access control system includes a verification computing system that stores access rights information and credential proxies received from user devices, receives from a local access control subsystem an input credential and input credential proxy derived therefrom and received from a present user, identifies the access rights information associated with the user according to the input credential proxy and the stored credential proxy, requests and receives a stored credential from the user device of the present user, and compares the stored credential to the input credential to authorize the present user. The access rights information is for each of the users to access spaces with the local access control subsystems. The stored credential proxies are derived from stored credential received by the user devices using an algorithm. The input credential proxies are derived from the input credentials using the algorithm.

Abstract: Described are techniques for differentiating humans from bots. The techniques including a computer-implemented method comprising presenting a motion-based challenge-response instruction to a user via a user interface of a first device of a plurality of devices associated with the user and communicatively coupled to one another by a network, where the motion-based challenge-response instruction describes at least one motion that is performable by the user and detectable by at least one of the plurality of devices, and where the motion-based challenge-response instruction is configured to differentiate humans from bots. The method further comprises determining that device data from one or more of the plurality of devices matches the at least one motion. The method further comprises authenticating the first device in response to determining that the device data matches the at least one motion, where authenticating the first device indicates that the user is a human.

Abstract: A secret computation system is a secret computation system for performing computation while keeping data concealed, and comprises a cyphertext generation device that generates cyphertext by encrypting the data, a secret computation device that generates encrypted basic statistics by performing secret computation of predetermined basic statistics using the cyphertext while keeping the cyphertext concealed, and a computation device that generates decrypted basic statistics by decrypting the encrypted basic statistics and performs predetermined computation using the decrypted basic statistics.

Abstract: An automated payment method performed by an automated payment system include: receiving a payment request for a home shopping order from a user of a home shopping server associated with a home shopping broadcast; performing, in an authentication processor, authentication processing on the user based on a user information included in the payment request; and performing, in a payment processor, payment processing corresponding to the payment request based on the user information in response to successful authentication of the user.

Abstract: Embodiments disclosed herein are related to generating and using a private key recovery seed based on random words extracted from a generated story to recover the private key. An input story is received from a user. The story includes random words and filler words that were previously generated. The number of random words generated is based on an entropy level. The random words included in the story are extracted. This means that the user does not need to enter any random words that are not included in the story to recover the private key. The random words are input into a first key recovery mechanism to thereby generate a private key recovery seed. The private key recovery seed is then input into a second private key recovery mechanism, the second private key recovery mechanism generating a recovered private key upon performing a recovery operation on the private key recovery seed.

Abstract: A system performs mobile biometric identification system enrollment using a known biometric. The system receives a digital representation of a first biometric for a person. Prior to using the digital representation of the first biometric to identify the person, the system compares a received digital representation of a second biometric for the person to known biometric data for the person. When the digital representation of the first biometric has been thus verified, the system is operative to identify the person using the digital representation of the first biometric.

Abstract: A computer-implemented authentication method, the method comprising: matching a brain pattern sequence with a predetermined password to allow access to a system, wherein the brain pattern sequence is calculated by analyzing a signal slope of a slope threshold of the brain activity to determine a timing and a duration of the brain activity.