Abstract: A system may include a plurality of inhalers, where each inhaler comprising medicament, a processor, memory, and a transmitter, multiple processing modules that may reside at least partially on a user device, a digital health platform (DHP) that is configured to receive and aggregate inhaler data from inhalers that are associated with a plurality of different users and a plurality of different medicament types. The DHP may determine a subset of the usage events based on the determined medication type, the determined time of day, and/or the determined date range. The DHP may determine a filtered list of users out of the plurality of users based on a comparison of the selected inhalation count threshold with the number of usage events that are associated with the same user and medication type.

Abstract: Described are techniques for grouping user profiles onto Virtual Private Networks (VPNs) including a computer-implemented method comprising creating a user profile at a VPN manager and associating the user profile with a set of demographically similar user profiles based on characteristics of the user profile. The computer-implemented method further comprises assigning the user profile to least one VPN server that is associated with the set of demographically similar user profiles. The computer-implemented method further comprises providing encrypted internet access to a device associated with the user profile via the at least on VPN server. The computer-implemented method further comprises transmitting resources to the device associated with the user profile via the at least one VPN server, where the resources are customized for the set of demographically similar user profiles.

Abstract: A method and a system for providing a catalogue of smart contracts deployed on a blockchain that is available to authenticated users is provided. The method includes: accessing each node of the blockchain; identifying all smart contracts that have been deployed within each respective node; indexing the identified smart contracts by assigning each respective smart contract to a corresponding category; generating a catalogue that includes an indexed listing each of the identified smart contracts; receiving a user request for access to the catalogue with an authorization credential; authenticating the user; and providing the requested catalogue access to the user. The method may also include receiving a search request; providing a list of smart contracts that corresponds to the criteria included in the search request; and monitoring the list for subsequent transactional activity.

Abstract: This disclosure enables a rule engine programmed for (i) expressing complex logic, (ii) handling time/event synchronization, (iii) providing insights into rule execution, and (iv) modeling uncertainties, while also enabling user actions to authenticate, approve, initiate, or decline certain workflows. Such configuration is technologically advantageous, because of its enablement in providing guidance to end users in completing transactions with user actions.

Abstract: A secure web gateway is deployed on the cloud between a web client and a web server. The secure web gateway sends the web client a redirect response status code with a replacement server location in response to a Hypertext Transfer Protocol (HTTP) request sent by the web client to access a target resource on the web server. The secure web gateway thereafter receives from the web client a Hypertext Transfer Protocol Secure (HTTPS) request to access the target resource, the HTTPS request includes the replacement server location. The secure web gateway sends the HTTPS request as an HTTP request to the web server. The secure web gateway receives an HTTP response from the web server, and forwards the HTTP response as an HTTPS response to the web client.

Abstract: A first access network device allocates, to a second access network device based on an obtained quantity, supported by a terminal, of data radio bearers (DRBs) to which a data frame compression function is applied, a quantity of DRBs the second access network device can configure for the terminal and to which the function is applied can configure, and notifies the second access network device of an allocation result.

Abstract: Context-aware authentication may be provided. First, a request may be received for content service. The request may comprise information associated with a context of a household from which the request came. Next, the request may be authenticated based on the information associated with the context of the household from which the request came. Then the content service may be provided in response to authenticating the request.

Abstract: A network device may receive a subscription request to subscribe to a multimedia priority service (MPS) for a user device, and may generate an MPS profile for the user device based on the subscription request. The network device may store the MPS profile in a data structure, and may receive, from the user device, a request to generate an MPS token for the user device. The network device may retrieve the MPS profile from the data structure based on the request to generate the MPS token, and may generate the MPS token based on the MPS profile. The network device may provide the MPS token to the user device.

Abstract: Provided are systems, methods, and apparatuses initiating outbound communications and receiving inbound communications. The system may include at least one processor programmed or configured to detect a communication between a user device and a remote entity, the user device operated by a user, determine a security risk based on the communication, and in response to determining the security risk, automatically block at least one function within at least one application on at least one of the following: the user device, another user device associated with the user, or any combination thereof.

Abstract: Techniques for using contextual information to manage data that is subject to one or more data-handling requirements are described herein. In many instances, the techniques capture or depend upon the contextual information surrounding the creation and/or subsequent actions associated with the data. The contextual information may be updated as the data is handled in various manners. The contextual information may be used to identify data-handling requirements that are applicable to the data, such as regulations, standards, internal policies, business decisions, privacy obligations, security requirements, and so on. The techniques may analyze the contextual information at any time to provide responses regarding handling of the data to requests from requestors, such as administrators, applications, and others.

Abstract: An authentication request message from a user conducting an interaction at a resource provider computer is received. It is determined that data representing an indication that the resource provider is trusted by the user and including a trusted marker is present in a database. Authentication to the user is provided, and information indicating that the user has been authenticated and the trusted marker are sent so that authorization request message for the interaction that includes the trusted marker is generated. The trusted marker is validated, and the authorization request message including information related to the interaction and the validated trusted marker is sent to an authorizing entity computer.

Abstract: Disclosed are example methods, systems, and devices that allow for executing machine-learning models for real-time and secure analysis of digital metrics. The techniques include generating metrics for identity elements stored in digital profiles of users. A subset of profiles can be identified that have metrics that fall below a predetermined thresholds, with which a training dataset can be generated. Machine-learning models can be executed over the training dataset to train an artificial intelligence agent that receives digital profiles as input and outputs translational elements corresponding to identity elements in the digital profiles. After training, additional profiles can be input to the machine-learning models of the artificial intelligence agent to identify a second subset of digital profiles with corresponding metrics. Electronic messages corresponding to the second subset can be generated and transmitted to one or more computing devices identified in the second subset of digital profiles.

Abstract: A method for authenticating a digital version of the Quran includes receiving a digital file containing a copy of the Quran therein, transmitting the received digital file to a first trusted party, reviewing, by the first trusted party, the copy of the Quran contained in the received digital file, determining, by the first trusted party, that the copy of the Quran contained in the received digital file is an authentic copy of the Quran, marking the received digital file containing the authentic copy of the Quran as an approved file, digitally signing the approved file by a second trusted party and issuing a digital certificate of authenticity for the approved file, and timestamping the digitally signed approved file, the digital certificate of authenticity for the approved file, and the security feature when the approved file contains text or images of the Quran.

Abstract: Techniques for creating consent contracts for devices that indicate whether the devices consent to receiving network-based communications from other devices. Further, the techniques include enforcing the consent contracts such that network-based communications are either allowed or disallowed in the network-communications layer prior to the network communications reaching the devices. Rather than simply allowing a device to communicate with any other device over a network, the techniques described herein include building in consent for network-based communications where the consent is consulted at one or more points in a communication process to make informed decisions about network-based traffic.

Abstract: A server and a device can conduct mutually authenticated post-quantum cryptography (PQC) key encapsulation mechanisms (KEM) that also support forward secrecy. The device can store a trusted server public key (PK.server) and the server can store a trusted device public key (PK. device). The device can generate (i) a first KEM ciphertext and (ii) a first key with PK.server and encrypt an ephemeral public key (ePK. device) using the first key. The server can generate (i) a second KEM ciphertext and (ii) a second key with ePK. device. The server can generate (i) a third KEM ciphertext and (ii) a third key with PK.device. The server can encrypt an ephemeral public key (ePK. server) using the first, second, and third keys. The device can generate (i) a fourth KEM ciphertext and (ii) a fourth key with ePK. server. The device can encrypt application data using at least the first, second, third, and fourth keys.

Abstract: Systems and methods for authentication may include an authenticator. The authenticator may include a processor and a memory. The processor may be configured to: receive one or more challenges; generate a first instruction, the first instruction including a request to retrieve a first Fast Identity Online (FIDO) key; transmit the first instruction; receive the first FIDO key; sign the one or more challenges using the first FIDO key; and transmit one or more signed challenges for validation using a second FIDO key.

Abstract: A method for replicating a set of parent resources from an administrator namespace to a set of tenant namespaces is described. The method includes receiving, by the administrator namespace, a global object that includes a set of object fields that reference (1) a set of parent resources and (2) the set of tenant namespaces; monitoring, by an operator controller of the administrator namespace, the global object to determine whether a change has been made to the global object; and replicating, by the operator controller, the set of parent resources to the set of tenant namespaces as child resources based on the global object in response to detecting a change to the global object.

Abstract: A trusted device, such as a wristwatch, is provided with authentication circuitry, used to perform an authentication operation to switch the trusted device into an authenticated state. Retention monitoring circuitry monitors the physical possession of the trusted device by the user following the authentication operation and switches the trusted device out of an authenticated state if the trusted device does not remain in the physical possession of the user. While the trusted device remains in the physical possession of the user, communication triggering circuitry is used to detect a request to establish communication with a target device that is one of a plurality of different target devices and communication circuitry is used to communicate with that target device using an authenticated identity of the user.

Abstract: Some embodiments provide a novel method for dynamically processing data message flows using different non-uniform memory access (NUMA) nodes of a processing system. Each NUMA node includes a memory and processors that can access data other memories of other NUMA nodes. A load balancing application associated with a first NUMA node receives flows destined for an endpoint application. The flows are assigned to the first NUMA node to be forwarded to the endpoint application. The load balancing application monitors a central processing (CPU) usage of the first NUMA node to determine whether the CPU usage of the first NUMA node exceeds a particular threshold. When the CPU usage of the first NUMA node exceeds the particular threshold, the load balancing application reassigns at least a subset of the flows to the second NUMA node for processing.

Abstract: Technology for identifying that a communication is from a verified enterprise includes receiving, by a device associated with a user, a data packet from a phone network. The data packet can be included in a communication to the device, which can have an application configured to verify communications from at least one enterprise. A token within the data packet can be identified by the application, and the application can compare the token to at least one token identifier associated with the at least one enterprise. In response to the token corresponding to at least one token identifier, the application can verify that the communication is from the at least one enterprise. In response to the communication being verified, the application can display a validation image on the device.

Abstract: Systems and methods for tokenless authorization are provided. Obtaining an electronic representation of an initial biometric sampling of a registrant. Applying the initial electronic representation to a template data construct producing a unique digital identifier (UDI). Obtaining account information constructs corresponding to an account by the registrant with a third party. Generating a unique secure identification number (SIN) using the UDI and the account information constructs. Storing a unique link from the UDI to the account information constructs. Receiving a request for service and an electronic representation of a second biometric sampling. Forming the UDI by applying the second electronic representation to the template data construct. Verifying the UDI corresponds to the stored UDI to reconstruct the unique SIN from the UDI and using this unique SIN to retrieve the account information constructs using the indexed data structure. Transmitting the request and the unique SIN to the third party.

Abstract: A secure digital network environment is provided by integrating OTP keys as part of quantum-safe data systems solutions (QPN Solutions), including the use of one-time-pad (OTP) keys to encrypt data, support multi-factor authentication and secure all communications between devices in the secure digital network environment. The OTP keys are “pre-loaded” to endpoint (EP) devices to render them quantum-safe (QS) when connected into the secure digital network environment, or are otherwise provided through removable media to be loaded into user supplied appliances, devices and accessories to render them QS when connected into the secure digital network environment. The application of QPN Solutions refers to the application of QPN enabled technologies to provide a secure digital network environment includes risk assessment and management solutions for establishing and managing cyber security insurable risks and policies.

Abstract: A method includes sending a challenge data structure to a user computer system. The challenge data structure defines a challenge user interface to be presented to a user of the user computer system. The challenge user interface includes a playback control area for playing an audio clip comprising a plurality of sounds. The challenge user interface prompts the user to select two or more answers corresponding to two or more sounds from a multiple choice answer area of the challenge user interface. The method includes obtaining a user input to the challenge user interface that represents a selection of at least one image from the plurality of images, and providing access to a computer resource for the user computer system based on whether the at least one image is consistent with the correct image.

Abstract: A network access method and apparatus for improving network access accuracy of a terminal device are disclosed.

Abstract: A conference system enables a communication session between two or more participants. During the communication session, a participant device displays a visual code that is scanned by the device in which the identity is unknown. Based on the scan of the visual code, the conference system transfers the communication session such that it is continued between the device in which the identity is unknown and the one or more devices of the remaining participants of the conference.

Abstract: Systems, computer program products, and methods are described herein for dynamic communication channel switching based on preconfigured network security protocols.

Abstract: An example embodiment may involve: obtaining a representation of an access control list (ACL), wherein the ACL includes an entry that defines user capabilities with respect to a computing resource; determining a user class based on the entry and one or more rules, wherein the one or more rules are based on whether the computing resource is a database table for a task-based application, and wherein the one or more rules are based on whether the computing resource is read accessible or write accessible; and providing, for display on a graphical user interface, an indication of the user class.

Abstract: A power receiving apparatus for receiving power transmitted by wireless power transmission from a power transmitting apparatus, comprises a first communication unit for communicating with the power transmitting apparatus, and a second communication unit for performing communication at a speed higher than the first communication unit. The power receiving apparatus determines, by communication via the first communication unit, whether the power transmitting apparatus has a function of transmitting/receiving, via the second communication unit, information for device authentication with the power transmitting apparatus, and enables the second communication unit to execute transmission/reception of the information for the device authentication with the power transmitting apparatus via the second communication unit if it is determined that the power transmitting apparatus has the function and the second communication unit is in a disabled state.

Abstract: A set of software components has been created to form a path of execution outside of a kernel that triggers the authentication process based on MAC address determination for connected stations and separately managing that authentication per controlled port shared across stations. The architecture of the set of software components includes a control daemon that interacts with objects and services of the network access point OS or kernel to leverage dynamic host configuration protocol (DHCP) snooping and MAC address learning to determine MAC addresses. The control daemon instantiates an authenticator object/service for each controlled port and interacts with the authenticator object/service to cause an authenticator service of the OS to perform the authentication process for stations. The control daemon also leverages an Ethernet frames rules table of the kernel to authorize traffic of authenticated stations via the controlled port.

Abstract: Some implementations of the disclosed systems, apparatus, methods and computer program products may provide for chatbots configured to perform tasks requiring end user identification on behalf of users. Such a chatbot may be authenticated through tokens with custom claims. The custom claims may include identifying or authenticating tokens received by the chatbot or server system and the chatbot may create and/or provide such tokens for authentication. The custom claim may be configured to provide user identifying data, allowing for the chatbot to be provided with end user credentials. Accordingly, chatbots may be utilized to perform sensitive tasks that require user credentials while continuing to provide security for users.

Abstract: Systems, methods, and messages of the present invention provides IP-based messages associated with the grid elements, wherein each IP-based message includes an internet protocol (IP) packet that is generated autonomously and/or automatically by the grid elements, intelligent messaging hardware associated with the grid elements, at least one coordinator, and/or a server associated with the electric power grid and its operation, energy settlement, and/or financial settlement for electricity provided or consumed, transmitted, and/or curtailed or reduced. The IP packet preferably includes a content including raw data and/or transformed data, a priority associated with the IP-based message, a security associated with the IP packet, and/or a transport route for communicating the IP-based message via the network.

Abstract: In a server configured to operate on a network, secured access to shared digital content may be implemented by analyzing information about a first user and a second user with a neural network trained with a machine learning algorithm to determine a relationship between the first and second users. The first user may be granted access to one or more content items belonging to the second user based on the determined relationship and the second user's access to the one or more content items may be disabled. The first user's access to the content items may be disabled when the second user requests access to them and access of the content items may be returned to the second user after access for the first user to the one or more content items has been disabled.

Abstract: A method may include storing, using a data management application on a user device, personal data that is associated with a user and a first data variable. The method may further include obtaining, from a requesting application and by the data management application, a data request for a second data variable. The method may further include determining, by the data management application, whether the first data variable associated with the personal data matches the second data variable associated with the data request. The method may further include transmitting, by the data management application and in response to determining that the first data variable matches the second data variable, the personal data to various intermediary nodes. One intermediary node among the intermediary nodes may transmit the personal data to the requesting application using a distributed ledger.

Abstract: A method is disclosed for authorization of resources clustered into one or more resource groups, each resource group comprising functionally interdependent resources. The method includes receiving an authorization request signal indicative of a first resource for authorization, wherein the first resource is comprised in a first resource group, determining—for each mandatory resource of the first resource group—whether the resource is authorized, and transmitting an authorization response signal. The authorization response signal is indicative of successful authorization of the first resource when all mandatory resources of the first group are determined as authorized. Further, the authorization response signal is indicative of unsuccessful authorization of the first resource when at least one mandatory resource of the first group is determined as unauthorized. Corresponding apparatus, authorization server, network node and computer program product are also disclosed.

Abstract: In one general aspect, a method can include displaying, on a display device included in a computing device, content in an application executing on the computing device. The method can further include displaying, in a user interface on the display device, at least one identifier, receiving a selection of the at least one identifier, and initiating casting in response to receiving the selection of the at least one identifier.

Abstract: Applications supporting operations of an autonomous vehicle fleet can be implemented on and supported by cluster infrastructure. These applications have endpoints where data traffic runs in and out of these applications. Securing access to these endpoints can prevent unauthenticated and unauthorized access to these endpoints and the protected resources accessible through these endpoints. Securing access to these endpoints, managing entitlements and security policies, and maintaining security systems that can enforce the security policies are not trivial tasks. One solution addresses some of these challenges by offering a simple frontend for users to define the entitlements and security policies, leveraging an open source security solution, and ensuring backwards compatibility to other security solutions in the cluster infrastructure.

Abstract: A system and method for detecting a cybersecurity risk of an artificial intelligence (AI), is presented. The method includes: inspecting a computing environment for an AI model deployed therein; generating a representation of the AI model in a security database, the security database including a representation of the computing environment; inspecting the AI model for a cybersecurity risk; generating a representation of the cybersecurity risk in the security database, the representation of the cybersecurity risk connected to the representation of the AI model in response to detecting the cybersecurity risk; and initiating a mitigation action based on the cybersecurity risk.

Abstract: The antenna hub of a satellite gateway has limited space. Existing frequency conversion utilize bulky components that consume significant space and are costly to maintain in terms of complexity, time, and expense. Accordingly, a compact and flexible frequency conversion system is disclosed. This frequency conversion system consumes less space, provides built-in automated software-controlled configurability and redundancy, and provides easy replaceability at both a channel level and a device level.

Abstract: Various techniques and mechanisms for sharing remote resources among a trusted group are disclosed. A credential management agent utilizes a resource credential for a first user to access a secure resource corresponding to the first user for a second user by at least validating a second user and validating a consent of the first user to allow the second user to access the secure resource using the resource credential for the first user. The secure resource resides on a remote server system accessible via one or more application program interfaces (APIs). A platform management agent provides an interface for shared resource-agnostic credential sharing. The platform management agent validates credentials for the second user as belonging to a trusted group and forwards a request for access to the secure resource for the second user to the credential management agent.

Abstract: Provided is a security key input system using a one-time keypad. The security key input system may include: a keypad input unit configured to output a security keypad including one or more null keys each having no identification mark written thereon, and receive a security key from a user; a control unit comprising a one-time keypad generator configured to generate a one-time keypad; an input terminal comprising an NFC recognition unit configured to provide the one-time keypad generated by the one-time keypad generator to an output terminal through NFC with the output terminal contacted with the input terminal; a display module; an NFC recognition module configured to receive the one-time keypad from the input terminal through the NFC recognition unit; and the output terminal comprising a controller configured to output the one-time keypad received from the NFC recognition module through the display module.

Abstract: Authorization for access to an application server and associated communication service can be desirably managed. When a device attempts to access an application server and service, an authorization server generates an encrypted token, comprising device identifier information, and communicates the token to the device. The device communicates the token to the application server. The application server communicates the token to the authorization server. The authorization server determines whether the device is validated to access the application server and service based on the encrypted token, private decryption key, and initialization vector, and based on subscriber-related information. The authorization server does not share the private decryption key or initialization vector with the application server. If validated, the authorization server communicates validation-related information, including a permitted portion of subscriber-related information, to the application server.

Abstract: Methods and systems are described herein for generating and assigning resources based on timestamps. A plurality of permission messages associated with a plurality of authorization events may be received with each permission message including an authorization timestamp indicating a generation time of a corresponding permission message. In addition, a plurality of data records may be received with each data record including a corresponding plurality of parameters. Based on the permission messages and the data records, a resource multiplier is generated, and resources assigned to each data record are multiplied based on the resource multiplier.

Abstract: Dynamic multi-network security controls are provided herein. A method can include receiving a report of malicious network traffic observed by first network equipment operating in a first communication network, where the report indicates a second communication network distinct from the first communication network as an originating network of the malicious network traffic, identifying second network equipment operating in the second communication network as a source of the malicious network traffic, and based on the identifying, blocking communications from the second network equipment for a defined time interval.

Abstract: A system and method for altering client fingerprint that includes editing data components of network communication from a client device to a server, which comprises editing network protocol data from the client during negotiation of a cryptographic protocol; selectively enabling access to library components specified in the edited client network protocol data; and sending a client communication to the server using the edited client network protocol data.

Abstract: This disclosure describes techniques including, by a domain name service (DNS), receiving a name resolution request from a client computing device and, by the DNS, providing a nonce to the client computing device, wherein a service is configured to authorize a connection request from the client computing device based at least in part on processing the nonce. This disclosure further describes techniques include a method of validating a connection request from a client computing device, including receiving the connection request, the connection request including a nonce. The techniques further include determining that the nonce is a valid nonce. The techniques further include, based at least in part on determining that the nonce is a valid nonce, authorizing the connection request and disabling the nonce.

Abstract: A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

Abstract: A system for cross cloud workload identity virtualization including a program having instructions to route a first network call from a workload in a first cloud computing environment addressed to a first cloud computing environment instance metadata service (IMS) having destination data with an IP address of 169.254.169.254 to a universal IMS (UIMS) different from the first cloud computing environment IMS, route a second network call from the workload addressed to a destination other than the first cloud computing environment IMS to the destination indicated by the second network call, respond to the first network call with credentials valid for accessing a cloud service provided in a second cloud computing environment. The workload can access the cloud service from the first cloud computing environment, and access the cloud service from a third cloud computing environment different from the first cloud computing environment.

Abstract: Methods and systems for managing computing infrastructure compliance with standards are disclosed. The computing infrastructure may provide computer implemented services that may be at elevated risk if the computing infrastructure fails to comply with various standards such as security or redundancy standards. To manage compliance with standards, a cross-standard compliance coverage model may be used. The cross-standard compliance coverage model may use information regarding infrastructure components of the computing infrastructure to ascertain compliance with any number of standards.

Abstract: Systems and methods may provide for receiving web content and determining a trust level associated with the web content. Additionally, the web content may be mapped to an execution environment based at least in part on the trust level. In one example, the web content is stored to a trust level specific data container.

Abstract: Methods and systems for managing access to data stored in data storage systems are disclosed. An end device and/or user thereof may require access to sensitive data of varying sensitivity levels stored in a data storage system. To prevent malicious parties from gaining access to the sensitive data, an access control system may be implemented. The access control system may include a registration process that registers end device and user combinations and assigns cryptographic key pairs to each registered combination. The key pairs may be generated using information specific to the sensitivity level of the data and managed using a key tree structure. Before sensitive data may be accessed, a requesting device and its associated user may be authenticated using the key pairs generated during registration. The sensitive data may be encrypted using sensitivity level and device-specific encryption.