Abstract: A method and system for connecting a communication to a client including at a system bridge, establishing a client subscription connection with a client device; receiving an incoming communication request at the system bridge; publishing an incoming communication notification from the system bridge to the client device; receiving a client communication at the system bridge; and merging the incoming communication request into the client communication at the system bridge.

Abstract: Embodiments of the invention provide systems and methods for controlling presentation of sensitive information in a user interface of an application. More specifically, embodiments of the present invention provide for masking the sensitive information when being entered by the user. However, if the user wants to verify the entry or display the sensitive information in readable text, the information can be displayed or unmasked upon request. For example, in response to the user clicking a button or other control of the user interface associated with the sensitive information or by another mouse or keyboard event, the requested sensitive information can be unmasked and displayed in the clear, for example as a tool tip or in the originally presented element of the user interface. The user can then close the tooltip or mask the information, e.g., after verification of what he/she typed.

Abstract: When a portable terminal of a user receives an authentication prompt message pushed by an application server, an authentication prompt option corresponding to the authentication prompt message is output at the portable terminal. A portal authentication is initiated after the authentication prompt option is selected by the user. MAC address information of the portable terminal returned by a portal server is acquired after the portal authentication is initiated. A user name and password for the application client terminal to log into the application server terminal is used as a user name and password for portal authentication. The MAC address information of the portable terminal returned by the portal server is sent to the application server. The present disclosure facilitates the operation of using the portal authentication, prevents the user from forgetting to perform the portal authentication, and brings convenience to those who are not familiar with the portal authentication mechanism.

Abstract: A system is provided that reports audit data. The system defines audit metadata that defines a business object of an application module and an attribute of the business object as being auditable. The system further defines business object metadata that defines a hierarchical relationship between the business object and a child business object. The system further generates audit data for the attribute of the business object based on the audit metadata, where the audit data includes a history of modifications to the attribute of the business object. The system further displays the audit data within a user interface. The system further displays the business object and the hierarchical relationship between the business object and the child business object within the user interface based on the business object metadata.

Abstract: A controller performs a first processing including: at a predetermined timing, determining whether a first authentication code stored in a storage of a control board attached to a first control board attachment portion matches a second authentication code stored in a storage of a control board attached to a second control board attachment portion; upon determining that the first authentication code matches the second authentication code, allowing a printer to execute a print processing; and upon determining that the first authentication code does not match the second authentication code, prohibiting the printer from executing the print processing.

Abstract: A computerized device and a process protect against denial-of-service (DoS) attacks by using a memory-time hard problem that a client (e.g., IoT device or mobile app) solves as part of a request such as an initial registration process. The process may use parameters obtained from a public source of randomness. The problem is designed such that all memory allocated for the algorithm is used in a random manner, making it difficult for attackers to use FPGA/ASIC approaches. The client provides a proof-of-work (PoW) value to a server, which performs a more directed version of the calculation done by the client to confirm that the PoW value is correct. When confirmation is not obtained, the server can refrain from further processing of the client request, thwarting DoS attacks.

Abstract: A security domain management method and apparatus for managing at least one security domain in a trusted execution environment (TEE) including at least one security domain is provided. The method includes obtaining information related to an event for an arbitrary security domain when the event for the arbitrary security domain is generated; and transmitting the information related to the event to at least one other security domain, wherein the information related to the event is sent via a TEE kernel.

Abstract: Systems and methods include: implementing a first machine learning model to generate an output of a global digital threat score for an online activity based on an input of the collected digital event data; implementing a second machine learning model that generates a category inference of a category of digital fraud or a category of digital abuse from a plurality of digital fraud or digital abuse categories; selecting a third machine learning model from an ensemble of digital fraud or digital abuse machine learning models based on the category inference generated by the second machine learning model, wherein the ensemble of digital fraud or digital abuse machine learning models comprise a plurality of disparate digital fraud or digital abuse category-specific machine learning models; and implementing the selected third machine learning model to generate a digital fraud or digital abuse category-specific threat score based on the digital event data.

Abstract: A network system, an access point, and a connection method thereof are provided. The access point includes a communicator configured to communicate with a wireless devices, and a controller configured to control the communicator to acquire authentication information based on a Uniform Resource Locator (URL) that is received from the wireless device, and to perform connection with an electronic device based on the acquired authentication information.

Abstract: A method of synchronizing notification messages for electronic devices may include monitoring if an electronic device has a notification message. If the electronic device has a notification message, the method may include determining if the electronic device is on standby. If the electronic device is determined to be on standby, a notification message may be sent via a server to an active electronic device associated with the electronic device. An associated server and an electronic device are also provided. The methods, servers and electronic devices may facilitate gathering of notification messages.

Abstract: A content management system for collecting files from one or more submitters in a collection folder. A collector, who generates the collection folder, can invite one or more submitters to submit one or more files to the collection folder in response to a public file request. The one or more submitters have limited rights to the collection folder. The limited rights can include uploading rights and prohibiting a submitter from viewing files that other submitters associated with the collection folder submitted. Thus, the collection folder is able to store files from the one or more submitters, but prevent them from viewing other's submissions.

Abstract: A system and method for determining a specific user location and path to an exit during an emergency condition. In response to an emergency alarm activated for a structure, a notification system may receive the alarm signal. The notification system may send a notification of the alert to a user mobile device when the user has subscribed to receive alerts regarding the structure. The notification may determine that the subscribed mobile device is located in the vicinity of the structure and activate an alarm on the device.

Abstract: Systems and/or methods provide a user of a first computing device with the ability to authenticate themselves on a remotely provided process or service using a second computing device on which the user is already authenticated. For example, the techniques of this disclosure provide a user with the ability to securely log into a remotely provided service or application (such as e-mail, cloud computing service, etc.) on a first computing device (e.g., a desktop computer, laptop, tablet, etc.) using a second computing device (e.g., mobile phone) on which the user is already logged into the service or application, without requiring manual entry of authentication information on the first computing device.

Abstract: A system and method for electronic commerce allowing consumers to purchase items over a network and merchants to receive payment information relating to the purchases. The system includes a server configured to gather purchasing information from a consumer to complete a purchasing transaction. The system has a consumer data structure that stores purchasing information for registered consumers. The server is able to access the consumer data structure and enter the consumer's purchasing information during subsequent purchases such that the consumer does not have to enter the same information every time they purchase an item over the network. In alternate embodiments, the same technology can be applied to other arenas where a user may have to enter the same repetitive information. In addition, consumers can register with the consumer information server prior to making purchase.

Abstract: Load balancing includes receiving, from a client, a connection request to establish a connection with a server; determining load balancing state information based at least in part on the connection request; synchronizing the load balancing state information across a plurality of service engines using a distributed data store service, the distributed data store service being configured to: determine whether in a distributed data store there is an existing entry that corresponds to the load balancing state information; in the event that it is determined that in the distributed data store there is no existing entry that corresponds to the load balancing state information, atomically create a new entry based on the load balancing state information; and distributing the connection to a selected server among a plurality of servers, the selected server being selected based at least in part on the load balancing state information.

Abstract: Systems and methods are described herein for providing multiple, different types of information for mobile devices and associated users to requesting systems, such as customer service systems provided by telecommunications carriers. The systems and methods may generate a single API that, when called by a requesting system (e.g., via a request transmitted by the requesting system that includes subscriber or device information), provides data collected from multiple, disparate data sources back to the requesting system via the single API.

Abstract: Embodiments relate to detecting and mitigating network intrusions. Packets are inspected at their source/destination hosts to identify packet trends local to the hosts. The local packet trends are combined to identify network-wide packet trends. The network-wide packet trends are used to detect anomalies or attacks, which in turn informs mitigation actions. The local inspection may be performed by reconfigurable/reprogrammable “smart” network interfaces (NICs) at each of the hosts. Local inspection involves identifying potentially suspect packet features based on statistical prevalence of recurring commonalities among the packets; pre-defined threat patterns are not required. For network-wide coherence, each host/NIC uses the same packet-identifying and occurrence-measuring algorithms. An overlay or control server collects and combines the local occurrence-measures to derive the network-wide occurrence-measures.

Abstract: Systems and methods for enabling multi-factor authentication for a web-based account. A first computing device and a second computing device are accessible to a first user. A backend system is accessible to a second user. The backend system communicates with the second computing device via a secure communication network. The first user creates a web-based account and receives a MFA initiation screen including secret information and a field for entering at least one TOTP token. The backend system has a TOTP token generator. The second computing device captures the secret information and transmits it to the backend system. The second user generates at least one TOTP token using the backend system and transmits the at least one TOTP token to the second computing device. The first user enters the at least one TOTP token into the first computing device. The account can then be validated and MFA enabled.

Abstract: Systems, methods, and media for authentication are provided. In accordance with some implementations, the system comprises: a hardware processor that is programmed to: receive, from a device, a message relating to an authentication status of a user account associated with the device; transmit an authentication request to the device that is transmitted to an authentication server; receive, from the device, a response to the authentication request that includes authentication data relating to a session corresponding to the user account on the authentication server; cause an interface to be presented that requests authorization to authenticate the device with the authentication server using the user account; and transmit the authentication data to the device that causes the device to retrieve a corresponding authentication token from the authentication server, wherein the corresponding authentication token authenticates the user account on the device.

Abstract: A method for preventing a verification flaw by controlling a session time and a session data traffic is applied to a networking equipment that stores a list of verified terminal devices, a temporary permit list, and a walled garden. When a terminal device is connected to the networking equipment, the networking equipment records the media information of the terminal device on the temporary permit list and starts recording a session time and session data traffic of the terminal device. Once the session time or session data traffic exceeds its upper limit (e.g., 10 minutes or 20 MB), the networking equipment cuts off connection with the terminal device, only when a frame received from the terminal device has a matching target address in the walled garden, the networking equipment will send the frame out therethrough. Thus, the terminal device, must be verified before it can access full network services.

Abstract: A mechanism for automatically registering Internet-of-Things (IoT) devices to an end-user account of an Internet-based resource, using a gateway that the end-user previously registered to the account. Various security alternatives are described that help avoid masquerading and other attacks on the home network of the end-user.

Abstract: An environment management system includes a communication platform disposed remote from a site, and at least one client associated with the site. The communication platform includes at least one external XMPP server communicatively coupled with the at least one client via an instant message communication stream, and the at least one external XMPP server is configured to utilize an Extensible Message Presence Protocol (XMPP) standard to communicate with and alter an operating condition of said at least one client at the site.

Abstract: This disclosure relates to techniques for securely performing connection release and network redirection in a wireless communication system. A wireless device may establish a radio resource control (RRC) connection with a first cell. The wireless device may receive a RRC connection release message from the first cell. The RRC connection release message may include an indication to redirect the wireless device to a second cell. The RRC connection with the first cell may be released. It may be determined whether security has been established with the first cell when the indication to redirect the wireless device to the second cell is received. A new serving cell may be selected based at least in part on whether security has been established with the first cell when the indication to redirect the wireless device to the second cell is received.

Abstract: Systems, apparatus, methods, and computer program products are provided for determining a user's authentication requirements/credentials for a specific network access session based on the current location of the user in comparison to predetermined boundaries of location that have altered authentication requirements, in the form of, increased or decreased authentication requirements/credentials that differ from the standard authentication requirements.

Abstract: An estimated time to migrate a VM from a source hypervisor to a target hypervisor is calculated. The estimated time is compared to a threshold time and based on the estimated time meeting the threshold time, a migration of the VM from the source hypervisor to the target hypervisor via the network is initiated. Based on the estimated time not meeting the threshold time, it is determined whether an additional path can be added to the network between the source hypervisor and the target hypervisor. If an additional path cannot be added to the network, a migration of the VM from the source hypervisor to the target hypervisor via the network is initiated. If an additional path can be added to the network, the additional path is added and the migration via the network is initiated.

Abstract: A system and method is provided for securing network traffic across a plurality of connections to a computing device without requiring each connection to have its own security association. The system can include an IPsec encoder configured to obtain a datagram and encode a datagram, wherein the IPsec encoder includes a security association that is associated with a computing entity, a packet analyzer configured to associate metadata with the encoded datagram, and a gateway to transmit the encoded datagram using one of the plurality of connections to the computing device.

Abstract: A captive portal system includes a login database, a web server, and a name server. The name server receives a DNS request from a user device, queries the login database to determine whether the user device is logged in, and responds to the DNS request with the IP address of the web server as a resolved IP address of the specified domain name when the user device is not logged in. The web server accepts a connection request from the user device to the IP address of the web server, receives an HTTP request specifying a non-local target URL from the user device, queries the login database to determine whether the user device is logged in according to the source address of the user device, and acts as a transparent proxy between the user device and the non-local target URL when the user device is logged in.

Abstract: In a wireless communication system wherein a user equipment (UE) that accesses a cell served by an access point (sometimes known as femtocell) is granted only a limited time period during which to camp on, attach to, or connect to the cell, the communication system permits a user of the UE to anticipate an expiration of the time period and, if desired negotiate an extension of the time period. More particularly, the communication system provides for notification of the UE of the duration of this limited time period and further permits the UE to negotiate an extension of the time period when the UE desires to do so. In the event an extension is requested by the user and granted by the owner/operator, a notification will be sent to the user and the UE may reset a timer.

Abstract: Methods and systems are provided for detecting dead tunnels associated with a VPN. An indicator of a tunnel capability, for example, a DPD vendor ID, is received from a peer through a VPN connection. The tunnel capability is associated with one or more phase II tunnels associated with the VPN. Traffic generated by the peer is detected, and if traffic is detected at a tunnel, the tunnel is presumed to be alive. When no traffic is detected in a tunnel, a DPD packet exchange with the tunnel is initiated. A determination is made, based on the packet exchange, whether the tunnel is alive.

Abstract: A system for communicating with an Internet Protocol Multimedia Subsystem (IMS) network is provided. A system that incorporates teachings of the present disclosure may include, for example, an intermediate node having a controller element to receive from a non IP Multimedia Subsystem (IMS) compliant node a Session Initiation Protocol (SIP) message having a calling party number and a called party number, and insert in the SIP message a request that instructs a receiving IMS-compliant node to bypass validation of the calling party number. Additional embodiments are disclosed.

Abstract: Provided is a process including: receiving, with an intermediary server, a request to access web content at a web server; submitting, from the intermediary server a value by which possession of an access credential is demonstrated, wherein the value is withheld from the client web browser; receiving, by the intermediary web browser, instructions to store in web browser memory an access token; and sending, from the intermediary server, to the client web browser executing on the client computing device, instructions to store the access token in browser memory of the client web browser, thereby authenticating the client web browser without the client web browser having access to the value by which possession of the access credential is demonstrated.

Abstract: Multiple image verification challenges can be used to identify the location of an object within an initial image. For instance, a first set of tiles is generated using the initial image. This first set is provided to a client computing device for display in a first verification challenge requesting that the user select tiles including the object. In response, a user selection of tiles of the first set is received. These selected tiles are then used to generate a second set of tiles corresponding to a sub-portion of the initial image. The second set of tiles is provided to a client computing device for display in a second verification challenge. In response to the second verification challenge, a user selection of tiles of the second set is received. This user selection of tiles of the second set is then used to determine a location of the object in the image.

Abstract: The present invention relates to communications systems, and more particularly to enabling one communications device to access data, such as a set of multimedia objects, accessible by another communications device. Identity code information is communicated between the communications devices and the server, wherein a representation of the identity code is communicated from one of the communications devices to the other of the communications devices and then to the server. The identity code is associated with data accessible by one of the communications device and the data is associated with access rights. The server is thereby able to associate specific communications devices, access rights and contents.

Abstract: A network-based multi-factor authentication approach is provided. A request to access a protected network resource and user credentials are received from a client by an application server hosting the resource. Attributes associated with the request are obtained. After determining the credentials are valid, the access attributes are provided to an authentication server. A first OTP is generated by the authentication server. The client is caused to seek confirmation from the user regarding the request and the associated attributes, by sending a push notification to the client. Responsive to authentication of the user to an OTP generator application running on the client via a biometric sensor or a PIN associated with the client: (i) a second OTP is generated by the OTP generator; and (ii) the application server is caused to grant the request by the OTP generator sending the second OTP to the application server or to the authentication server.

Abstract: Techniques, systems, and articles of manufacture for collaborative analytics with edge devices. A method includes identifying multiple items of data pertaining to a user from one or more user actions implemented across multiple user devices, identifying one or more rules associated with one or more user preferences, exchanging the multiple items of data across the multiple user devices, and applying the one or more rules to the multiple items of data across the multiple user devices to generate an output via at least one of the multiple user devices.

Abstract: A method in a coordinator in a radio communication network. The method comprises obtaining a token identifying a radio device. The method also comprises obtaining information confirming that the radio device is authorized to connect to the coordinator. The method also comprises calculating a device filter comprising a plurality of tokens, wherein the plurality of tokens include the obtained token of the radio device and identifies a plurality of devices authorized to connect to the coordinator. The method also comprises sending a broadcast radio signal comprising the device filter. The method also comprises allowing the radio device to connect to the coordinator. The present disclosure also relates to a coordinator, as well as to a radio device and a method of a radio device.

Abstract: A method for managing data, comprising: receiving data about information collected by a sensor, in which at least a part of the data is encrypted; and performing an analysis in a state where both non-encrypted section and encrypted section of the data are not decrypted. Also, a method for managing data encryption, comprising: allowing a sensor or an intermediate network device to encrypt at least a part of data about collected information; allowing the sensor or the intermediate network device to transmit the at least partially encrypted data; allowing a data management apparatus to receive the at least partially encrypted transmitted data; allowing the data management apparatus to store the at least partially encrypted received data; and allowing the data management apparatus to perform an analysis in a state where both non-encrypted section and encrypted section of the at least partially encrypted data are not decrypted.

Abstract: Embodiments disclosed herein provide systems and methods for digital meeting management within a blockchain. Before a meeting, a computer may generate a digital meeting record containing a plurality of data fields and linked to various smart contracts to capture meeting activities. During the meeting, a first smart contract may authenticate and record attendees in the digital meeting record based on biometric information received from the attendees' devices. Furthermore, a second smart contract may capture in the digital meeting record, meeting actions of each attendee, including date, time, and location associated with the meeting actions. After the meeting, a third smart contract may autopopulate post meeting documentation. After review by the attendees, the third smart contract may store a hash of the documentation to the digital meeting record and store the documentation in a repository. Once appended to the blockchain, the digital meeting record becomes an immutable record of the meeting.

Abstract: A user of a mobile device selects data to be shared with other users and engages a lock button installed on the mobile device. As a result of engaging the lock button installed on the mobile device, one or more regions of a display unit installed on the mobile device may be disabled such that the other users cannot access other applications and data stored on the mobile device. If a user attempts to interact with the mobile device after the lock button has been engaged, the user is presented with a PIN input box. Accordingly, a user may input a PIN into the PIN input box that, if correct, causes the one or more regions of the display unit installed on the mobile device to be restored.

Abstract: This disclosure describes an approach to detect replay attacks while having multiple cores in a multi-core processor manage an established tunneling session. The tunneling session includes a number of flows. One of the cores is assigned to manage one of the flows, and another core is assigned to manage another of the flows. A replay attack over the tunneling session is inhibited by maintaining a flow-based sequence context at each of the flows, and the flow-based sequence context is maintained by the core that is managing the respective flow.

Abstract: Systems and methods for maintaining zero client sessions between different servers and a zero client device are presented herein.

Abstract: An information processing system includes a service utilizing device and at least one information processing device to provide a service for the service utilizing device. A temporary code issuing unit to issue a temporary code is provided in the information processing device. A device authentication token generation unit is provided in the service utilizing device and generates a device authentication token by using the temporary code obtained from the information processing device. A device authentication ticket issuing unit is provided in the information processing device and verifies whether the device authentication token obtained from the service utilizing device is valid by using the temporary code and issues a device authentication ticket depending on a verification result. An access unit is provided in the service utilizing device and accesses a resource in the information processing device by using the device authentication ticket obtained from the information processing device.

Abstract: Aspects of the subject disclosure may include, for example, receiving an image, delivery instructions, and metadata associated with the image from a first device associated with a first user. The delivery instructions indicate to deliver the image to a second device associated with a second user, and the delivery instructions comprise security features and the metadata comprises a plurality of security preferences for delivery. Further, the plurality of security features and the plurality of security preferences are implemented on the image. In response to determination of a security risk due to the implemented security features or security preferences, the image is not delivered to the second device and a message is delivered to the first device indicating that the image was not delivered. Other embodiments are disclosed.

Abstract: Systems, apparatus, methods, and computer program products are provided for determining a user's authentication requirements/credentials for a specific network access session based on the current location of the user in comparison to predetermined boundaries of location that have altered authentication requirements, in the form of, increased or decreased authentication requirements/credentials that differ from the standard authentication requirements.

Abstract: Systems and methods for DNS resolution based on user identities are provided herein. In the DNS name resolution process, a DNS resolver can construct and send DNS queries to different DNS name servers depending on the identities of the users requesting the name resolution. One embodiment may be a DNS forwarder configured in a home router, where DNS requests from a certain user group (e.g., kids) may be forwarded to OpenDNS Family Shield, while DNS requests from another user group (e.g., parents) may be forwarded to the ISP's default DNS servers or Google Public DNS. In another embodiment, the DNS resolver may be integrated within an authenticating proxy server, wherein the DNS resolver may use different DNS name servers to perform DNS name resolution for different users authenticated by the proxy server.

Abstract: A mobile network-based tenant network service implementation method and system and network elements are disclosed. The method includes: an MME of a mobile network performing identity authentication of a tenant network to which UE belongs on the UE; after the UE passes the identity authentication of tenant network, the MME selecting a local exchange node for the UE; the MME transmitting a creation/update message of a local exchange forwarding table to the local exchange node; the local exchange node creating or updating the local exchange forwarding table and generating a forwarding table entry of UE, wherein the forwarding table entry comprises identification information of UE; after UE bearers establishment are completed, the local exchange node writing UE bearer information into the forwarding table entry of UE; and the local exchange node implementing message forwarding of the tenant network according to the local forwarding table, thereby implementing a tenant network service.

Abstract: There is provided a method for authenticating an attempt at establishment of a network connection by allowed code, comprising: providing a dataset having previously observed stack trace templates each representing a stack trace pattern prevailing in stack traces recorded by monitoring stacks of clients executing an allowed code during a connection establishment process for establishing network connections related to the allowed code; receiving a new stack trace recorded during a new connection establishment process for a new network connection by a new client; measuring a similarity between the new stack trace and the plurality of stack trace templates to identify a match to a stack trace template; evaluating the matched stack trace template for a predefined rule requirement; and updating a rule-set database with the matched stack trace template to authenticate new network connection establishments associated with stack templates matching the matched stack trace template.

Abstract: In an example embodiment, invisible two factor authentication is performed by receiving, at a first machine, a registration request from a second machine, with the registration request encrypted using a common hash key. Then, in response to the receiving of the registration request, a server key is generated that is unique to the first machine and to the second machine. The registration request is responded to with the server key encrypted using the common hash key. Encrypted data is then received from the client machine, and this encrypted data is decrypted using the server key. In another example embodiment, in response to a determination that a data source has changed, incremental dynamic data processing is performed by identifying dynamic data relevant to records in the data source marked for distribution and, based on the existence of a state for each piece of dynamic data, marking the dynamic data for distribution.

Abstract: A switcher device comprises a multiplexer coupled in-between at least one input and output cards. The multiplexer detects the presence of an event signal from an activated sink. In response to the detection of the event signal, the switch dynamically switches to a closed position in order to enable the at least one source to authenticate with the input card and the output card to authenticate with the at least one sink for security protocol encryption. In response to the non-detection of the event signal, the switch switches dynamically to an open position in order to disable the at least one source from authenticating with the input card, therefore the output card also does not attempt to authenticate with the at least one sink for security protocol encryption.

Abstract: A switcher device comprises a multiplexer coupled in-between at least one input and output cards. The multiplexer detects the presence of an event signal from an activated sink. In response to the detection of the event signal, the switch dynamically switches to a closed position in order to enable the at least one source to authenticate with the input card and the output card to authenticate with the at least one sink for security protocol encryption. In response to the non-detection of the event signal, the switch switches dynamically to an open position in order to disable the at least one source from authenticating with the input card, therefore the output card also does not attempt to authenticate with the at least one sink for security protocol encryption.