Abstract: A network access method and apparatus for improving network access accuracy of a terminal device are disclosed.

Abstract: A conference system enables a communication session between two or more participants. During the communication session, a participant device displays a visual code that is scanned by the device in which the identity is unknown. Based on the scan of the visual code, the conference system transfers the communication session such that it is continued between the device in which the identity is unknown and the one or more devices of the remaining participants of the conference.

Abstract: A secure digital network environment is provided by integrating OTP keys as part of quantum-safe data systems solutions (QPN Solutions), including the use of one-time-pad (OTP) keys to encrypt data, support multi-factor authentication and secure all communications between devices in the secure digital network environment. The OTP keys are “pre-loaded” to endpoint (EP) devices to render them quantum-safe (QS) when connected into the secure digital network environment, or are otherwise provided through removable media to be loaded into user supplied appliances, devices and accessories to render them QS when connected into the secure digital network environment. The application of QPN Solutions refers to the application of QPN enabled technologies to provide a secure digital network environment includes risk assessment and management solutions for establishing and managing cyber security insurable risks and policies.

Abstract: Technology for identifying that a communication is from a verified enterprise includes receiving, by a device associated with a user, a data packet from a phone network. The data packet can be included in a communication to the device, which can have an application configured to verify communications from at least one enterprise. A token within the data packet can be identified by the application, and the application can compare the token to at least one token identifier associated with the at least one enterprise. In response to the token corresponding to at least one token identifier, the application can verify that the communication is from the at least one enterprise. In response to the communication being verified, the application can display a validation image on the device.

Abstract: An example embodiment may involve: obtaining a representation of an access control list (ACL), wherein the ACL includes an entry that defines user capabilities with respect to a computing resource; determining a user class based on the entry and one or more rules, wherein the one or more rules are based on whether the computing resource is a database table for a task-based application, and wherein the one or more rules are based on whether the computing resource is read accessible or write accessible; and providing, for display on a graphical user interface, an indication of the user class.

Abstract: Systems and methods for tokenless authorization are provided. Obtaining an electronic representation of an initial biometric sampling of a registrant. Applying the initial electronic representation to a template data construct producing a unique digital identifier (UDI). Obtaining account information constructs corresponding to an account by the registrant with a third party. Generating a unique secure identification number (SIN) using the UDI and the account information constructs. Storing a unique link from the UDI to the account information constructs. Receiving a request for service and an electronic representation of a second biometric sampling. Forming the UDI by applying the second electronic representation to the template data construct. Verifying the UDI corresponds to the stored UDI to reconstruct the unique SIN from the UDI and using this unique SIN to retrieve the account information constructs using the indexed data structure. Transmitting the request and the unique SIN to the third party.

Abstract: Systems, computer program products, and methods are described herein for dynamic communication channel switching based on preconfigured network security protocols.

Abstract: A method includes sending a challenge data structure to a user computer system. The challenge data structure defines a challenge user interface to be presented to a user of the user computer system. The challenge user interface includes a playback control area for playing an audio clip comprising a plurality of sounds. The challenge user interface prompts the user to select two or more answers corresponding to two or more sounds from a multiple choice answer area of the challenge user interface. The method includes obtaining a user input to the challenge user interface that represents a selection of at least one image from the plurality of images, and providing access to a computer resource for the user computer system based on whether the at least one image is consistent with the correct image.

Abstract: A power receiving apparatus for receiving power transmitted by wireless power transmission from a power transmitting apparatus, comprises a first communication unit for communicating with the power transmitting apparatus, and a second communication unit for performing communication at a speed higher than the first communication unit. The power receiving apparatus determines, by communication via the first communication unit, whether the power transmitting apparatus has a function of transmitting/receiving, via the second communication unit, information for device authentication with the power transmitting apparatus, and enables the second communication unit to execute transmission/reception of the information for the device authentication with the power transmitting apparatus via the second communication unit if it is determined that the power transmitting apparatus has the function and the second communication unit is in a disabled state.

Abstract: Some implementations of the disclosed systems, apparatus, methods and computer program products may provide for chatbots configured to perform tasks requiring end user identification on behalf of users. Such a chatbot may be authenticated through tokens with custom claims. The custom claims may include identifying or authenticating tokens received by the chatbot or server system and the chatbot may create and/or provide such tokens for authentication. The custom claim may be configured to provide user identifying data, allowing for the chatbot to be provided with end user credentials. Accordingly, chatbots may be utilized to perform sensitive tasks that require user credentials while continuing to provide security for users.

Abstract: Systems, methods, and messages of the present invention provides IP-based messages associated with the grid elements, wherein each IP-based message includes an internet protocol (IP) packet that is generated autonomously and/or automatically by the grid elements, intelligent messaging hardware associated with the grid elements, at least one coordinator, and/or a server associated with the electric power grid and its operation, energy settlement, and/or financial settlement for electricity provided or consumed, transmitted, and/or curtailed or reduced. The IP packet preferably includes a content including raw data and/or transformed data, a priority associated with the IP-based message, a security associated with the IP packet, and/or a transport route for communicating the IP-based message via the network.

Abstract: A set of software components has been created to form a path of execution outside of a kernel that triggers the authentication process based on MAC address determination for connected stations and separately managing that authentication per controlled port shared across stations. The architecture of the set of software components includes a control daemon that interacts with objects and services of the network access point OS or kernel to leverage dynamic host configuration protocol (DHCP) snooping and MAC address learning to determine MAC addresses. The control daemon instantiates an authenticator object/service for each controlled port and interacts with the authenticator object/service to cause an authenticator service of the OS to perform the authentication process for stations. The control daemon also leverages an Ethernet frames rules table of the kernel to authorize traffic of authenticated stations via the controlled port.

Abstract: In one general aspect, a method can include displaying, on a display device included in a computing device, content in an application executing on the computing device. The method can further include displaying, in a user interface on the display device, at least one identifier, receiving a selection of the at least one identifier, and initiating casting in response to receiving the selection of the at least one identifier.

Abstract: In a server configured to operate on a network, secured access to shared digital content may be implemented by analyzing information about a first user and a second user with a neural network trained with a machine learning algorithm to determine a relationship between the first and second users. The first user may be granted access to one or more content items belonging to the second user based on the determined relationship and the second user's access to the one or more content items may be disabled. The first user's access to the content items may be disabled when the second user requests access to them and access of the content items may be returned to the second user after access for the first user to the one or more content items has been disabled.

Abstract: A method may include storing, using a data management application on a user device, personal data that is associated with a user and a first data variable. The method may further include obtaining, from a requesting application and by the data management application, a data request for a second data variable. The method may further include determining, by the data management application, whether the first data variable associated with the personal data matches the second data variable associated with the data request. The method may further include transmitting, by the data management application and in response to determining that the first data variable matches the second data variable, the personal data to various intermediary nodes. One intermediary node among the intermediary nodes may transmit the personal data to the requesting application using a distributed ledger.

Abstract: A method is disclosed for authorization of resources clustered into one or more resource groups, each resource group comprising functionally interdependent resources. The method includes receiving an authorization request signal indicative of a first resource for authorization, wherein the first resource is comprised in a first resource group, determining—for each mandatory resource of the first resource group—whether the resource is authorized, and transmitting an authorization response signal. The authorization response signal is indicative of successful authorization of the first resource when all mandatory resources of the first group are determined as authorized. Further, the authorization response signal is indicative of unsuccessful authorization of the first resource when at least one mandatory resource of the first group is determined as unauthorized. Corresponding apparatus, authorization server, network node and computer program product are also disclosed.

Abstract: Provided is a security key input system using a one-time keypad. The security key input system may include: a keypad input unit configured to output a security keypad including one or more null keys each having no identification mark written thereon, and receive a security key from a user; a control unit comprising a one-time keypad generator configured to generate a one-time keypad; an input terminal comprising an NFC recognition unit configured to provide the one-time keypad generated by the one-time keypad generator to an output terminal through NFC with the output terminal contacted with the input terminal; a display module; an NFC recognition module configured to receive the one-time keypad from the input terminal through the NFC recognition unit; and the output terminal comprising a controller configured to output the one-time keypad received from the NFC recognition module through the display module.

Abstract: The antenna hub of a satellite gateway has limited space. Existing frequency conversion utilize bulky components that consume significant space and are costly to maintain in terms of complexity, time, and expense. Accordingly, a compact and flexible frequency conversion system is disclosed. This frequency conversion system consumes less space, provides built-in automated software-controlled configurability and redundancy, and provides easy replaceability at both a channel level and a device level.

Abstract: Various techniques and mechanisms for sharing remote resources among a trusted group are disclosed. A credential management agent utilizes a resource credential for a first user to access a secure resource corresponding to the first user for a second user by at least validating a second user and validating a consent of the first user to allow the second user to access the secure resource using the resource credential for the first user. The secure resource resides on a remote server system accessible via one or more application program interfaces (APIs). A platform management agent provides an interface for shared resource-agnostic credential sharing. The platform management agent validates credentials for the second user as belonging to a trusted group and forwards a request for access to the secure resource for the second user to the credential management agent.

Abstract: Applications supporting operations of an autonomous vehicle fleet can be implemented on and supported by cluster infrastructure. These applications have endpoints where data traffic runs in and out of these applications. Securing access to these endpoints can prevent unauthenticated and unauthorized access to these endpoints and the protected resources accessible through these endpoints. Securing access to these endpoints, managing entitlements and security policies, and maintaining security systems that can enforce the security policies are not trivial tasks. One solution addresses some of these challenges by offering a simple frontend for users to define the entitlements and security policies, leveraging an open source security solution, and ensuring backwards compatibility to other security solutions in the cluster infrastructure.

Abstract: A system and method for detecting a cybersecurity risk of an artificial intelligence (AI), is presented. The method includes: inspecting a computing environment for an AI model deployed therein; generating a representation of the AI model in a security database, the security database including a representation of the computing environment; inspecting the AI model for a cybersecurity risk; generating a representation of the cybersecurity risk in the security database, the representation of the cybersecurity risk connected to the representation of the AI model in response to detecting the cybersecurity risk; and initiating a mitigation action based on the cybersecurity risk.

Abstract: Authorization for access to an application server and associated communication service can be desirably managed. When a device attempts to access an application server and service, an authorization server generates an encrypted token, comprising device identifier information, and communicates the token to the device. The device communicates the token to the application server. The application server communicates the token to the authorization server. The authorization server determines whether the device is validated to access the application server and service based on the encrypted token, private decryption key, and initialization vector, and based on subscriber-related information. The authorization server does not share the private decryption key or initialization vector with the application server. If validated, the authorization server communicates validation-related information, including a permitted portion of subscriber-related information, to the application server.

Abstract: Methods and systems are described herein for generating and assigning resources based on timestamps. A plurality of permission messages associated with a plurality of authorization events may be received with each permission message including an authorization timestamp indicating a generation time of a corresponding permission message. In addition, a plurality of data records may be received with each data record including a corresponding plurality of parameters. Based on the permission messages and the data records, a resource multiplier is generated, and resources assigned to each data record are multiplied based on the resource multiplier.

Abstract: Dynamic multi-network security controls are provided herein. A method can include receiving a report of malicious network traffic observed by first network equipment operating in a first communication network, where the report indicates a second communication network distinct from the first communication network as an originating network of the malicious network traffic, identifying second network equipment operating in the second communication network as a source of the malicious network traffic, and based on the identifying, blocking communications from the second network equipment for a defined time interval.

Abstract: This disclosure describes techniques including, by a domain name service (DNS), receiving a name resolution request from a client computing device and, by the DNS, providing a nonce to the client computing device, wherein a service is configured to authorize a connection request from the client computing device based at least in part on processing the nonce. This disclosure further describes techniques include a method of validating a connection request from a client computing device, including receiving the connection request, the connection request including a nonce. The techniques further include determining that the nonce is a valid nonce. The techniques further include, based at least in part on determining that the nonce is a valid nonce, authorizing the connection request and disabling the nonce.

Abstract: A system and method for altering client fingerprint that includes editing data components of network communication from a client device to a server, which comprises editing network protocol data from the client during negotiation of a cryptographic protocol; selectively enabling access to library components specified in the edited client network protocol data; and sending a client communication to the server using the edited client network protocol data.

Abstract: A system for cross cloud workload identity virtualization including a program having instructions to route a first network call from a workload in a first cloud computing environment addressed to a first cloud computing environment instance metadata service (IMS) having destination data with an IP address of 169.254.169.254 to a universal IMS (UIMS) different from the first cloud computing environment IMS, route a second network call from the workload addressed to a destination other than the first cloud computing environment IMS to the destination indicated by the second network call, respond to the first network call with credentials valid for accessing a cloud service provided in a second cloud computing environment. The workload can access the cloud service from the first cloud computing environment, and access the cloud service from a third cloud computing environment different from the first cloud computing environment.

Abstract: A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

Abstract: Methods and systems for managing access to data stored in data storage systems are disclosed. An end device and/or user thereof may require access to sensitive data of varying sensitivity levels stored in a data storage system. To prevent malicious parties from gaining access to the sensitive data, an access control system may be implemented. The access control system may include a registration process that registers end device and user combinations and assigns cryptographic key pairs to each registered combination. The key pairs may be generated using information specific to the sensitivity level of the data and managed using a key tree structure. Before sensitive data may be accessed, a requesting device and its associated user may be authenticated using the key pairs generated during registration. The sensitive data may be encrypted using sensitivity level and device-specific encryption.

Abstract: Methods and systems for managing computing infrastructure compliance with standards are disclosed. The computing infrastructure may provide computer implemented services that may be at elevated risk if the computing infrastructure fails to comply with various standards such as security or redundancy standards. To manage compliance with standards, a cross-standard compliance coverage model may be used. The cross-standard compliance coverage model may use information regarding infrastructure components of the computing infrastructure to ascertain compliance with any number of standards.

Abstract: Systems and methods may provide for receiving web content and determining a trust level associated with the web content. Additionally, the web content may be mapped to an execution environment based at least in part on the trust level. In one example, the web content is stored to a trust level specific data container.

Abstract: Techniques are described for managing secrets for accessing resources of a computing service provider by a client computing device. Two secrets are created that are valid for accessing the resource by the client computing device. When one of the two secrets are invalid for accessing the resource, the client computing device can use the second of the two secrets to gain access to the resource.

Abstract: Examples described herein relate to portable playback devices, such as smart headphones and earbuds, and ultra-portable devices having built-in voice assistants. Some example techniques relate to user interaction with voice assistants. Further example techniques relate to voice guidance played back by the headphones to guide the user under certain conditions.

Abstract: Users can be logged in to modern workspaces using different cloud identity providers and single sign-on. A login manager can be provided on a user computing device to obtain a user's login credentials via a custom login screen. The login manager can then inject the login credentials into an authentication interface of a cloud identity provider to authenticate the user for purposes of logging in to the user computing device. The login manager can leverage this authentication to perform single sign-on for all resources of a modern workspace such that the user can be logged in to the modern workspace via any cloud identity provider.

Abstract: An application for dynamic, granular access permissions can include a database interface, a user interface, a login process, an administrator, an event handler and an authorization process. The database interface can be an interface to an access control permissions database that stores roles, actions, or policies for users of the application. The login process can authenticate a user and determine a default set of access control permissions for that user when they are using the user interface. The administrator can provide access control permissions for a user by using the database interface. The event handler can dynamically modify access to functionality in the user interface based on an event. The authorization process can determine whether a request from the user interface is authorized before process the request. The authorization process can use access control permissions from the administrator and either a scope limited or a temporally limited access permission.

Abstract: A text mining engine running on an artificial platform is trained to perform conversation role identification, semantic analysis, summarization, language detection, etc. The text mining engine analyzes words in a transcript that represent unique characteristics of a conversation and, based on the unique characteristics and utilizing classification predictive modeling, determines a conversation role for each participant of the conversation and metadata describing the conversation such as tonality of words spoken by a participant in a particular conversation role. Outputs from the text mining engine are indexed and useful for various purposes. For instance, because the system can identify which speaker in a customer service call is likely an agent and which speaker is likely a customer, words spoken by the agent can be analyzed for compliance reasons, training agents, providing quality assurance for improving customer service, providing feedback to improve the performance of the text mining engine, etc.

Abstract: An image forming apparatus includes an authentication application device that registers information acquired from an authentication system, and indicating a normal application accessible by a user when the user logs in in the image forming apparatus, in temporary user information, and a normal application device that decides, upon being requested to activate itself, whether the user who has logged in in the image forming apparatus is authorized to utilize the normal application device, on a basis of the temporary user information.

Abstract: The present disclosure relates to systems, methods, and non-transitory computer-readable media that detect synthetic user accounts of a digital system via machine learning. For instance, the disclosed systems can utilize a machine learning model to analyze account features that are related to a user account and generate an indication that the user account is synthetic based on the analysis. The disclosed systems can further disable (e.g., suspend or close) the user account based on determining that the user account is synthetic. In some cases, the machine learning model provides a precision score that indicates a likelihood that the user account is synthetic, and the disclosed systems disable the user account if the precision score satisfies a threshold. In some implementations, the disclosed systems generate the machine learning model using synthetic user accounts detected via one or more rules and other user accounts that are associated with those synthetic user accounts.

Abstract: A method at a first domain for obtaining at least one insight from a second domain, the method including registering an application with an anchor in the first domain; providing, from the anchor to the application, a first message signed by the anchor; sending, from the first domain to a network domain, the signed message; receiving, from the network domain, at least one signed token, each of the at least one signed token being for a synthetic sensor on the second domain, where the synthetic sensor provides an insight; sending a request message to the second domain, the request message requesting the insight and including the at least one token; and receiving the insight from a synthetic sensor associated with the at least one token.

Abstract: An information processing device includes: a hardware processor that executes a license check of software, wherein the hardware processor detects a request for remote access to the software, extracts a description about remote access from a license agreement of the software to which a request for remote access is requesting access, and determines, based on the extracted description about the remote access, whether the remote access is a license violation.

Abstract: Techniques are disclosed pertaining to determining whether execution of a transaction will exceed a system resource threshold. A computer system stores a precomputed permissions data structure in association with particular data stored in a database. That precomputed data structure may be used to determine whether a user can access the particular data. The computer system may capture metric information that pertains to parameters involved in different types of transactions that can be performed to recompute the precomputed permissions data structure. Upon receiving a request to perform a transaction that involves recomputing the permissions data structure, the computer system, may determine, based on the metric information and the transaction's particular type, whether an execution of the transaction will exceed the system resource threshold.

Abstract: Systems, methods, network devices, and machine-readable media disclosed herein include encoding data for storage or transmission by encoding the data according to a tamper-resistant data encoding scheme that renders the data secure against unbounded polynomial size attacks. The present disclosure further includes subsequently determining whether the data has been tampered with, and notifying a processor when the data has been modified or compromised.

Abstract: For increased device security, a security policy manager is used to configure permissions for applications installed on mobile computing devices. In one approach, an evaluation server receives data associated with a context for a computing device. Based on the received data, a policy that is applicable for the current context of the computing device is identified. The identified policy has rules regarding access permissions for software installed on computing devices. The server determines a current policy implemented on the computing device, which includes determining an access permission for software installed on the computing device. The server determines that the access permission for the installed software does not comply with the policy applicable to the current context. Based on this determination, the server revokes the access permission for the installed software.

Abstract: Devices, systems and methods are provided for remotely managing configuration of a networking device. One method of managing configuration of a networking device involves obtaining resources associated with one or more graphical user interface (GUI) displays of a web application for configuring the networking device, receiving a request to access the web application, and in response to the request, determining a representative value for the resources as a function of a current state of the resources, obtaining a reference value for the resources that reflects a validated state of the resources, and instantiating the web application using the resources when the representative value matches the reference value.

Abstract: A method for preventing data leakage may include: identifying data that is generated by at least one framework application in response to a data request from a first machine learning (ML) engine of a plurality of ML engines; creating a plurality of data blocks based on the generated data, a category of the first ML engine, and a tag associated with the first ML engine and the at least one framework application; determining whether the plurality of data blocks are valid to share with the first ML engine using an activity block chain associated with each of the plurality of framework applications; based on the plurality of data blocks being valid, sharing the plurality of data blocks with the first ML engine, and otherwise discarding the plurality of data blocks not to share with the first ML engine.

Abstract: A secure communication system enabling secure transport of information is disclosed. The system comprises a secure network with one or more packet processing units connected by links through an internal communication system. The secure network transports packets of information between credentialed and authenticated agents. Each packet is associated with a visa issued by a visa service. The visa specifies the procedures governing the processing of the packet by the packet processing units as it is transported along a compliant flow, between agents thorough the network, according to a set of policies specified in a network configuration. Packet processing units include docks and forwarders. Adaptors serving the agents communicate with the network through tie-ins to docks. The system also includes and admin service, accessible to one more admins, that facilitates configuration and management of the network.

Abstract: A device management service may enforce compliance of remote devices with device specifications by disabling or enabling use of client certificates by applications installed on the devices. The device management service receives configuration data from an agent installed on the remote device. If the device management service determines that the device is no longer compliant with specifications for the device, then the device management service may prevent subsequent use of client certificate(s) by applications on the device to establish certificate-based connections. For example, the device management service may disable or revoke a client certificate or may instruct the device to disable or remove the client certificate. If the device becomes compliant at a subsequent time, then the device management service may enable the client certificate or cause a new client certificate to be sent to the device.

Abstract: Techniques and mechanisms for identifying unmanaged cloud resources with endpoint and network logs and attributing the identified cloud resources to an entity of an enterprise that owns the cloud resources. The process collects data from sources, e.g., endpoint and network logs, with respect to traffic in a computer network and based at least in part on the data, extracts relationships related to the traffic. The process applies rules to the relationships to extract destinations in the computer network that provide cloud resources in a cloud environment, wherein the cloud resources are owned by an enterprise. One or more users or business entities of the enterprise are identified as accessing the cloud resources.

Abstract: The present disclosure relates to managing services by a managed service provider (MSP) in a cloud based infrastructure. A control plane of the MSP is established in a first tenancy, and a first access plane of the MSP is established in a second tenancy of a cloud environment. The control plane is configured to manage a plurality of services offered by the MSP to a first host machine included in the second tenancy. A first request is transmitted from the control plane to the first access plane, where the first request is forwarded by the first access plane to the first host machine, and corresponds to a service utilized by the first host machine and managed by the control plane of the MSP. In response to the first request being validated, a first state of the first host machine is modified in the second tenancy based on the first request.

Abstract: A system and method is provided that enables voice recognition for legacy operating systems of a computing device. An exemplary method includes receiving speech-based instructions from a user of mobile device that indicate a request for executing a task. The speech-based instructions are then analyzed by an intelligent personal assistant running on the mobile device to determine an intent of the user. If the intent of the user identifies a specialized client software module installed on the mobile, the software module will generate a command object that includes parameters relating to the execution of the task. The command object is then transmitted by the first computing device to a personal computer with a legacy operating system where the command object causes a software agent installed on the personal computer to execute the task based on the parameters included in the command object.