Abstract: Methods and apparatuses for a computerized system are disclosed. A data processing device receives information from at least one source of log information in the computerized system and detects, based at least in part on said received log information, at least one security protocol related event at a first host device, the at least one security protocol related event being initiated by a second host device. Information is then stored for determination of a trust relationship record based on the detected at least one security protocol related event and information of the second host device.

Abstract: Systems, computer program products, and methods are described herein for authenticating a user using an application specific integrated circuit embedded within a user device. The present invention is configured to receive an indication that a user has initiated an application on the user device; determine that the application is associated with the application specific integrated circuit embedded within the user device; activate the application specific integrated circuit based on at least determining that the application is associated with the application specific integrated circuit; receive an indication that the user has initiated an execution of an action, via the application, with an entity; and execute the action using the application specific integrated circuit based on at least receiving the indication that the user has initiated the execution of the action.

Abstract: A system includes one or more memory devices storing instructions, and one or more processors configured to execute the instructions to perform steps of a method providing sensor-based authentication of customers. The system may detect customer biometric data associated with an unknown customer present at a merchant location. The system may determine, based on a known customer identification profile and the detected customer biometric data, a confidence level that the unknown customer is the same individual as the known customer and authenticate the unknown customer based on a determination that the confidence level exceeds a predetermined threshold. The system may transmit identification information associated with the known customer to a financial service provider and receive payment credentials of one or more accounts associated with the known customer and authorization to utilize the one or more accounts to perform a financial transaction.

Abstract: An automated data management system in a smart television comprises at least one TV set (2) that is equipped with a TV set processor device (6). The latter is connected to the server (10) that is configured to exchange data with said TV set processor device. Web-cameras (13) are provided, which are configured to send a signal with a streaming video to the server (10) in a real time. Upon receipt of a service message about the fact that the TV set (2) is in a standby mode from the TV set processor device (6), a server processor device (14) is configured to send a signal from the web-camera (13) selected by the user to the TV set (2) display device (4).

Abstract: This application provides a method for secure multi-terminal cooperative working, applied to a network on which a plurality of terminal devices perform cooperative playing and/or cooperative recording, where the plurality of terminal devices include a first terminal device. The method includes: determining, by the first terminal device, a security mechanism; obtaining, by the first terminal device, cooperative working information, where the cooperative working information is information played and/or recorded by the plurality of terminal devices; and performing, by the first terminal device, security processing on the cooperative working information based on the security mechanism.

Abstract: A method and authenticator for authenticating a device in a system using the electrical properties of the device is disclosed. Embodiments of the disclosure enable authentication by receiving a plurality of input seed values from a requestor. For each input seed value, load stimuli are generated to produce an electrical load sequence on a power delivery network powering at least part of the system. Noise induced in the power delivery network is measured in response to the electrical load sequence using one or more sensors located on the power delivery network. Based on the measured noise, a dynamic response property (magnitude and phase response as a function of frequency) of the power delivery network corresponding to a respective input seed value can be determined and returned to the requestor.

Abstract: According to at least one example embodiment of the present invention, provided is a face authentication system including: a criterion setting unit that sets a criterion of face authentication performed on a user so as to be different in accordance with a state of an access target system accessed by the user; and a face authentication unit that performs face authentication of the user based on the criterion.

Abstract: Devices, systems, and methods for preparing an electronic lock controller to obtain a digital certificate that verifies authenticity of the electronic lock controller are provided. The method involves physically marking an electronic lock controller with a mark containing digitally signed lock information. The digitally signed lock information includes a hardware identifier, and is digitally signed at a server using a private key of the server. The method further involves loading the electronic lock controller with self-provisioning instructions to cause the electronic lock controller to obtain a digital certificate that includes the public key of the electronic lock controller and the hardware identifier, the digital certificate having been signed by a private key of the server.

Abstract: An apparatus to initialize a port includes a first input-output port to connect to a first device and a control unit to initialize all input-output ports of the apparatus when the apparatus is booted and to skip a power-on self-test (POST) of the first input-output port in response to a request to skip initialization of the first input-output port while the first input-output port is enabled.

Abstract: Example media monitoring apparatus disclosed herein include means for accessing, at a first server, a first adaptive bitrate streaming URL collected by a meter executing on a mobile platform, the first adaptive bitrate streaming URL collected from a first message to be sent by the mobile platform to a second server to stream first media according to an adaptive bitrate streaming protocol, the first adaptive bitrate streaming URL received at the first server in a report sent from the meter executing on the mobile platform. Disclosed example apparatus also include means for requesting network log information corresponding to the first adaptive bitrate streaming URL from a service provider providing network access for the mobile platform. Disclosed example apparatus further include means for monitoring presentation of the first media on the mobile platform using the network log information.

Abstract: A vehicle-oriented service providing system includes an in-vehicle device and configured to receive commands applied to a control device inside the vehicle, a vehicle information server configured to transmit the commands to the in-vehicle device, and a push information server configured to mediate the transmission of the commands from the vehicle information server to the in-vehicle device. In the commands, a security level prescribed in advance for each of the commands is set. The vehicle information server performs encryption corresponding to the security level on the commands, and requests the push information server for transmission. The in-vehicle device is configured to wait for commands from the push information server. The in-vehicle device is configured to decrypt the received encrypted commands, and solely when encryption corresponding to a security level equal to or higher than the security level set in advance in the commands is performed, execute the commands.

Abstract: Disclosed herein are system, method, and computer program product embodiments for detecting cyber-attack. In an embodiment, a server receives a request to an application from a user device. The server determines that there is no cookie in the received request. The server then generates a new fingerprinting cookie and sends a verification request to the user device to verify the identity of a user. When the server receives the verification reply from the user device, the server determines that the verification reply is valid, marks the new cookie as a verified cookie, and transfers the request to the application for processing. The server can also unverify the verified cookie when the verified cookie is included in a malicious request. The server can determine that a request is malicious by analyzing functions the user wishes to perform using the request.

Abstract: Provided are a key generation device and an in-vehicle computer which is installed in a vehicle. The key generation device includes a vehicle interface, a key generation unit that generates first and second keys, a cryptographic processing unit that encrypts the first key with an initial key to generate first encrypted data and encrypts the second key with the first key to generate second encrypted data, an expected value calculation unit that calculates an expected value of stored data using the second key, and a verification unit that verifies a received measured value on the basis of the expected value, and the key generation device transmits the first and second encrypted data to the vehicle. The in-vehicle computer includes an interface unit, a cryptographic processing unit that decrypts the received first encrypted data, and decrypts the received second encrypted data, and a measured value calculation unit.

Abstract: The present invention relates generally to Internet Protocol Television (IPTV). More specifically, the present invention is a method and device for IPTV crowdfunding or IPTV fundraising. The invented system allows for backers to fund campaigns using commissions paid out from services and products purchased using the system. It is also possible for backers to fund campaigns by volunteering to receive marketing materials or participating in marking presentations, or engaging in other marketing activities. It would also be possible for a backer to help fund a campaign by distributing marketing messages on social media platforms or getting other people to purchase a product or service they recommend. Any type of marketing activities which can generate a commission, referral fee, or reward, could be incorporated into our fundraising system, in order to allow for the funding of campaigns.

Abstract: An electronic transmission method, device and system, and computer readable storage medium are provided. The electronic transmission method includes: receiving a first instruction for a target electronic file; after receiving the first instruction, dispatching the target electronic file from a first storage location on which it is stored currently to a second storage location, the network connectivity between the second storage location and a target terminal being better than the network connectivity between the first storage location and the target terminal; after receiving a second instruction for the target electronic file, transmitting the target electronic file from the second storage location to the target terminal. This method ensures that it will not be difficult for the target terminal to acquire the target electronic file in time due to poor network connectivity, which in turn improves the online transaction efficiency of electronic files.

Abstract: A system that includes a threat management server configured to store a device log identifying device information for endpoint devices that have passed authentication. The threat management server is configured to determine that first device information for an endpoint device obtained from a switch and second device information for the endpoint device from the device log file do not match, and, in response, block the endpoint device from accessing a network. The switch is operably coupled to the threat management server and configured to collect the first device information for the endpoint device and send it to the threat management engine.

Abstract: Aspects of providing single sign on (SSO) sessions are described. An access interval key is generated using an access code as a seed to a key derivative function. The access interval key is encrypted using a public key of an SSO-enabled application to generate an encrypted access interval key for a sign on session. The sign on session is established by storing the encrypted access interval key in a memory location of an SSO session map shared by SSO-enabled applications.

Abstract: The disclosure provides for authentication and/or authorization via persistable identity tokens, so an original identity provider (e.g., a user) does not need to be present upon initiating execution of a task. Examples include requesting a persistable token in exchange for a first live token. Based at least on the request for the persistable token complying with a first set of policies, receiving the persistable token. Based at least on a trigger event, requesting a second live token in exchange for the persistable token. Based at least on the request for the persistable token complying with a second set of policies, receiving the second live token. Based at least on receiving the second live token, initiating execution of a task using the second live token for authentication or authorization, wherein the execution of the task is contingent upon the authentication or authorization.

Abstract: In a segmented network environment, a segmentation server assigns labels to workloads to enable the segmentation server to implement a segmentation policy based on label-based rules. A first set of labels associated with one or more label dimensions may be assigned in a secure manner by automatically assigning the labels based on a pairing profile. A second set of labels associated with different label dimensions may be assigned automatically based on workload attributes. An administrator can manage which label dimensions are assigned in a secure way based on the pairing profile and which labels are assigned in an adaptable way based on workload attributes, thereby enabling the administrator to flexibly manage the tradeoff between adaptability and security.

Abstract: Countering phishing attacks by generating multiple synthetic victims, where each of the synthetic victims includes synthetic victim information that represents a computer user identity and includes associated sensitive information, where the computer user identity and its associated sensitive information are fictitious in that they are not known to be associated with a legitimate computer user, providing any of the synthetic victim information of the synthetic victims to a computer-hosted phishing site, storing the synthetic victim information in a computer-accessible database, receiving from a computer-hosted target site information provided to the computer-hosted target site by a requestor, identifying in the computer-accessible database database synthetic victim information matching the requestor information, and notifying the computer-hosted target site that the requestor information is of a synthetic victim.

Abstract: According to one embodiment, in response to a request received at a host agent of a server from a user device of a user over a network to process user data, a data processing system launches a restricted operating environment within the server. The system transmits a token representing the request to a guest agent executed within the restricted operating environment, where an executor associated with the token is launched by the guest agent within the restricted operating environment, where the executor, when executed, is configured to process the user data to generate a processing result without accessing an external component external to the restricted operating environment. The system returns the processing result back to the user device.

Abstract: A method for converting data via a centralized application programming interface (“API”) is provided. The method may include retrieving data files from two or more data repositories and transmitting the data files to the centralized API. For each of the data files, the method may include selecting a conversion application and executing the conversion application to convert the data files into secure data files. The executing may include converting sensitive data strings into fictional data strings. Each of the sensitive data strings may include a first sub-set of characters and a second sub-set of characters. The converting may include, for each of the sensitive data strings, replacing the first sub-set of characters with a third sub-set of characters and maintaining the second sub-set of characters. Following the converting, the method may include transmitting the secure data files to an external network.

Abstract: Embodiments of the present invention disclose a fingerprint anti-counterfeiting method and device used for implementing a fingerprint anti-counterfeiting function efficiently. The method in the embodiment of the present invention includes: acquiring a fingerprint image; controlling a camera to acquire a face image under a preset trigger condition; performing face identification on the face image according to a pre-stored face template; and determining the fingerprint image as an authentic fingerprint image when the face identification succeeds. As a fingerprint feature and a face feature of an identical user both can be used for uniquely identifying the user, the fingerprint feature and the face feature of the user can be associated with each other. If face identification performed on a face image according to a preset face module succeeds, it can be determined that an acquired fingerprint image is an authentic fingerprint image.

Abstract: A technology is described for device communication with computing regions. An example method may include receiving at a first computing region a request for a computing resource. In response to receiving the request, a device associated with the request may be authenticated using authentication credentials for the device. An identity token that indicates permission for the device to access the computing resource in a second computing region may be generated and the identity token and instructions to connect to the second computing region may be provided to the device. The device may present the identity token to the second computing region in order to access the computing resource in the second computing region.

Abstract: A device, method, and computer readable storage medium generate a biometric public key for an individual based on both the individual's biometric data and a secret, in a manner that verifiably characterizes both while tending to prevent recovery of either by anyone other than the individual. The biometric public key may be later used to authenticate a subject purporting to be the individual, using a computing facility that need not rely on a hardware root of trust. Such biometric public keys may be distributed without compromising the individual's biometric data. In operation, a confident subset of a set of biometric values of the subject is extracted, including by performing a transform of the set of biometric values. The transform may variously be a Gabor transform, a wavelet transform, processing by a machine learning system, etc.

Abstract: The present disclosure relates a new generation “smart card” designed to create a severable invisible “bond” between the cardholder and the smart card itself where this trusted bond relationship is used to enhance and simplify the authentication process and during the use of the multi-purpose smart card. This new smart card is initiated and connected to a specific user using biometric information added to the card and the user using biometric information connects via a trusted bond with the card by pairing the biometric information which can be severed in one of multiple ways. The trusted bond with the smart card can be broken in one of multiple ways including disconnection from a network, distancing from the user, impact accelerometers, outside parameters, etc. The multi-function smart card also uses this established trusted bond with the user to simplify the authentication of the user for use of the card in encrypted computer network, ground security, or other retail and payment function.

Abstract: A code system for preventing fraud in trading and at the same time a safe payment method for business and consumer. The code system of the present invention ensures security and control for the contracting parties regarding the previously defined attributes of the goods and the payment including all decisional steps of the transactions as well as of the reverse transactions in case of complaint. The contracting parties act complementary, money and goods or money and services are never at the same time under control of one contracting party.

Abstract: Systems and methods of detecting an unauthorized data insertion into a stream of data segments extending between electronic modules or between electronic components within a module, wherein a pseudo data segment included in the data stream upon transmission is detected upon receipt to confirm data transmission integrity.

Abstract: The present disclosure relates to a method and system for securely transferring master keying material between a master dongle (10) and a slave dongle (12). Each dongle (10,12) is connected to a data transfer system. The slave dongle (12) contains a public key and a private key and the master dongle (10) contains master keying material that is to be transferred securely to the slave dongle (12). The data transfer system reads the slave dongle's public key and sends it to the master dongle (10). The master dongle (10) encrypts the master keying material with the slave dongle's public key to produce an encrypted master keying material. The encrypted master keying material is sent via the data transfer system to the slave dongle (12) and the slave dongle (12) decrypts the encrypted master keying material with the slave dongle's private key.

Abstract: Implementations of the present disclosure provide techniques to improve security in blockchain networks. In some implementations, a linking request is received from a node. The node requests to be linked to a blockchain network. The linking request includes a digital code. One or more consensus verification messages are received from one or more blockchain nodes of the blockchain network. Each consensus verification message indicates whether a respective blockchain node approves or denies the linking request. A consensus verification result is determined based on the one or more consensus verification messages. In response to determining that the linking request is approved by the one or more blockchain nodes, the digital code is stored into the blockchain network as a digital certificate of the node.

Abstract: Methods and systems are provided for electronic authentication. A modified electronic image is generated by altering at least a pixel of an electronic image. The electronic image is an image that has been previously viewed by a user during a setup process. In response to receiving an authentication request from the user, the modified electronic image is displayed to the user via an electronic display along with one or more other electronic images. A determination is made as to whether the user is able to recognize the modified electronic image. In response to determination that the user is able to recognize the modified electronic image, the authenticating request is granted.

Abstract: Implementations of the present disclosure provide techniques to improve security in blockchain networks. In some implementations, a linking request is received from a node. The node requests to be linked to a blockchain network. The linking request includes a digital code. One or more consensus verification messages are received from one or more blockchain nodes of the blockchain network. Each consensus verification message indicates whether a respective blockchain node approves or denies the linking request. A consensus verification result is determined based on the one or more consensus verification messages. In response to determining that the linking request is approved by the one or more blockchain nodes, the digital code is stored into the blockchain network as a digital certificate of the node.

Abstract: Methods and systems for implementing keyboard linked authentication challenges are described. A visual representation of a first string of characters is provided for display on a client computing device. In response to the providing the visual representation for display, several keystrokes on the client computing device that produces a second string of characters are received. A determination that the second string of characters matches the first string of characters is made. A determination that no unauthorized keystrokes are included in the detected plurality of keystrokes is further made. Access is provided to the client computing device upon determining that the second string of characters matches the first string of characters, and determining that no unauthorized keystrokes are included in the detected plurality of keystrokes.

Abstract: A method of advertisement filtering including receiving advertisements from a multiple of access controls; filtering the received advertisements based on a credential on the mobile device; comparing the filtered received advertisements and determining a user intent to access a particular access control in response to the comparing and to a destination intent.

Abstract: Determination of a user-specific likelihood of incident occurrence at a geographic location may be performed. User information, historical incident information, contextual information, and/or other information may be obtained. User information may include user demographic information, user behavior information, user social information, and/or other user related information. Historical incident information may include data relating to crime, mortality, injury, morbidity rates and may be obtained from local law enforcement, local Departments of Motor Vehicles, national security agency such as the Federal Bureau of Investigation, foreign security agency such as the Central Intelligence Agency, international criminal policy organization such as Interpol, national public health agency such as Center for Disease Control, international public health agency such as World Health Organization and/or other sources.

Abstract: It is presented a method for providing access to a lock for provision of a service. The method comprises the steps of: receiving a request for access to the lock, the request being based on the service consumer ordering a service requiring access to a physical space, the request comprising a first public key associated with a co-ordinator and a second public key associated with a service provider agent; presenting a first consumer query to the service consumer; receiving a first positive consumer response indicating that the service consumer allows the service provider agent to access the physical space; and delegating access to the lock to the co-ordinator, which comprises encrypting at least part of a delegation using the first public key, encrypting at least part of the delegation using the second public key, and electronically signing the delegation, enabling further delegation to the service provider agent.

Abstract: Methods and systems for configurable device fingerprinting and/or achieving communications with enhanced security are disclosed herein. In one example embodiment, a method of configurable device fingerprinting includes storing, at a server, first information regarding one or more selected system attributes, and further includes receiving, at the server, a first signal requesting that a first client device be registered and including system information pertaining to the first client device. Also, the method includes extracting, from the system information, relevant portions of the system information corresponding to the one or more selected system attributes, where the server determines a fingerprint of the first client device based at least in part the relevant portions.

Abstract: It is presented a method for controlling access to an access object. The method is performed in an access control device and comprises the steps of: receiving a user input to reset the access control device; generating a new identifier for the access control device, and discarding any previously used identifier for the access control device; communicating with an electronic key to obtain an identity of the electronic key; obtaining a plurality of delegations, wherein each delegation is a delegation from a delegator to a receiver; and granting access to the access object only when the plurality of delegations comprise a sequence of delegations covering a delegation path from the access control device, identified using the new identifier, to the electronic key such that, in the sequence of delegations, the delegator of the first delegation is the access control device, and the receiver of the last delegation is the electronic key.

Abstract: A mouse pad includes a wireless power transmission apparatus including at least a first transmission coil and a second transmission coil and configured to wirelessly transmit power to a mouse placed on the mouse pad; and a controller configured to directly receive determination information for selecting one transmission coil among the first transmission coil and the second transmission coil according to a movement of the mouse on the mouse pad from a power supply connected to the mouse pad, and enable the second transmission coil and disable the first transmission coil when the movement of the mouse indicates the mouse is moving on the mouse pad from the first transmission coil to the second transmission coil.

Abstract: Techniques described herein improve network security and traffic management. In an embodiment, a request associated with an identifier (ID) is received. It is determined whether the ID exists in a first membership database (MDB). If the ID exists in the first MDB, the request is serviced subject to a rate limit. If the ID does not exist in the first MDB, it is determined whether the ID exists in a second MDB. If the ID exists in the second MDB, the request is serviced. If the ID does not exist in the second MDB, the request is serviced subject to another rate limit. A response is received. The first and second MDBs can be updated based on the type of received response. In an embodiment, the response is classified as indicative of degraded or typical network performance, and the first and second MDBs are updated accordingly.

Abstract: An appliance includes a processor, a medium, a registration application, and a monitoring application. The registration application includes instructions in the medium that, when read and executed by the processor, configure the registration application to write a transaction identifier to a start message, the transaction identifier identifying the appliance, write a dataset of interest identifier to the start message, and send the start message to a database. The dataset of interest identifies a group of appliances including the appliance. The monitoring application includes instructions in the medium that, when read and executed by the processor, configure the monitoring application to monitor operations executed on the appliance, write data resulting from the operations to a data message, and send the data message anonymously to the database. The data message is signed with a member key associated with the group of appliances.

Abstract: Digital pass verification systems and methods are disclosed herein. One or more servers are to distribute instructions on a network. The instructions, when executed, cause a first device carried by a person to at least: access a result of a diagnostic test performed on the person, the result provided by a second device; generate a machine-readable code in response to the result being negative; and display the machine-readable code on a display of the first device to enable the person to gain access to a location.

Abstract: Systems and methods for adaptive token verification are disclosed. For example, a system may include at least one memory storing instructions and one or more processors configured to execute the instructions to perform operations. The operations may include training a verification model to verify tokenized requests based on system identifiers. The operations may include receiving a tokenized request from an external system, the request comprising a system identifier of the external system. The operations may include generating output of the verification model based on the system identifier, and, based on the output, performing one of granting the request or blocking the request.

Abstract: A system, method and one or more wireless earpieces for authenticating utilization of one or more wireless earpieces. A request is received through the one or more wireless earpieces. Biometric readings are performed for a user utilizing sensors of the one or more wireless earpieces. The biometric readings are analyzed to determine whether a biometric profile authorizes the one or more wireless earpieces to fulfill the request. The request is authenticated in response to determining the biometric profile authorizes fulfillment of the request.

Abstract: A system intercepts, at an application programming interface (API) gateway, a request for access to a computing resource and obfuscates metadata associated with the request. The metadata is obfuscated by at least encrypting the metadata to generate encrypted metadata. The API gateway further generates a second request to include the encrypted metadata. The second request is then used to access the computing resource in response to the first request such that when the computing resource is accessed, the metadata associated with the computing resource is encrypted.

Abstract: In a networked environment, a client side application executed on a client device may transmit a request to an authorization service for access to a resource. The authorization service may authenticate the user of client device and/or the client device based on user credentials and/or a device identifier. In response to authenticating the user and/or the client device, the authorization service may send to the client side application a request for confirmation that the client device complies with a distribution rule associated with the resource, where the distribution rule requires a specific application or specific type of application to be installed, enabled and/or executing on the client device as a prerequisite to accessing the resource. If the client device complies with the distribution rule, the client side application accesses the resource. Accessing the resource may include receiving an authorization credential required for access to the resource.

Abstract: A first string, having a first string value, that is associated with a sample set of material is received where a second string, having a complementary value relative to the first string value, is also associated with the sample set of material. A reversible hash generator is used to generate a determinative hash using the first string value, where a second hash, corresponding to the second string, is able to be determined directly from the determinative hash and without the reversible hash generator processing the complementary value of the second string. It is determined whether at least one of the first string or the second string is stored in a memory using the determinative hash.

Abstract: An electronic device, a method of an electronic device authenticating a user and a computer readable recording medium are provided. The electronic device includes a storage configured to store an identifier and attributes of a first object as authentication information, a display configured to display a plurality of authentication objects comprising a second object that has one or more of the attributes of the first object and has a form different from a form of the first object, in response to a request to perform an authentication procedure, and a controller configured to authenticate a user based on an attribute of an authentication object selected by the user from among the plurality of displayed authentication objects and the stored authentication information.

Abstract: An identification, authentication and authorization method in a laboratory system is presented. The system comprises at least one laboratory device. The method comprises receiving identification data identifying a user; receiving identity confirmation data to authenticate the user; and generating authentication data upon successful authentication of the user. The authentication data is configured to enable authentication of the user based on only the identification data during a validity time period without repeated receipt of the identity confirmation data. The method further comprises receiving the identification data by an identification unit; validating the authentication data corresponding to the identification data comprising the step of verifying non-expiry of the validity time period; and granting authorization to the user for the laboratory device upon successful validation of the authentication data.

Abstract: A hardware turnstile including a system-on-chip data security appliance (a diode). The diode includes a single-chip device defining a protected boundary co-incident with a boundary of the single-chip device, a first and a second communication interface, an electronic processor located within the protected boundary, a data transfer control component located within the protected boundary, and memory located within the protected boundary. The electronic processor is configured to selectively allow a designated one-way transfer of data appearing on the first communication interface to the second communication interface using the data transfer control component, based on data stored in the memory.