Abstract: There are provided systems and methods for a computational platform using machine learning for integration data sharing platforms. A user may engage in a transaction with another user, such as a purchase of goods, services, or other items from a merchant. A service provider may provide a data feed to the user via integrated computational platforms that allows the user to post data including information regarding the processed transaction. The post may include a share code that links back to the user and their corresponding transaction. Thereafter, the post may be viewed by other users and the share code may be used by the other users in order to perform similar transaction processing, where these later transactions are linked back to the original user. Tracking of these later transactions may be done through application extensions that allow the computational platforms to track user data over different online interactions.

Abstract: Techniques, methods and/or apparatuses are disclosed that enable passive scanning of a network. Through the disclosed techniques, methods and/or apparatuses, endpoint passive scanners are deployed at endpoints of the network to provide more comprehensive view of assets and asset information of the network. Also, this can enable better correlation of network data to location, and also enable improved vulnerability analysis for endpoint products.

Abstract: An instruction output device facilitates coping with risks on security by including a first acquisition unit for acquiring, in response to input of risk information indicating contents of a risk related to security of an information processing terminal, one or more instructions corresponding to the risk information; a second acquisition unit for acquiring, for each of the instructions acquired by the first acquisition unit, a message indicating contents of the instruction corresponding to a security-related skill level of a user of the information processing terminal; and an output unit for outputting the message acquired by the second acquisition unit to the user.

Abstract: A computer system controls access to network devices. One or more user interface elements associated with one or more network devices that are within a view of a user are displayed to the user via an augmented reality display. Input from the user is received comprising instructions to execute a command at a network device of the one or more network devices. The user is determined, according to a security policy, to be authorized to execute the command at the network device. In response to determining that the user is authorized to execute the command, the command is executed at the network device. Embodiments of the present invention further include a method and program product for controlling access to network devices in substantially the same manner described above.

Abstract: A data analytics system to authenticate and authorize access to multiple sources of data for access to the multiple data sources for one or more requesting devices. The system may duplicate and/or access rule sets included in the metadata of the corresponding data source and read identifiers of authorized users maintained by each of the multiple data sources. The access rule sets and authenticated identifiers may be synchronized or otherwise correlated to requesting device identifiers maintained by the data analytics system such that, as requests to access data obtained from one or more of the multiple data sources are received, the system may control access to or otherwise manage the requesting devices interactions with the data from the multiple data systems, reducing the authorization and authentication actions needed to be taken or executed by the requesting devices and the data sources.

Abstract: There is provided an authentication system for validating identity credentials of a user attempting to access a resource provided by a remote resource provision system. The authentication system includes an input configured to receive, from the resource provision system, an authentication request comprising a cryptographic representation of digital identity data of the user and an associated token identifier, where the digital identity data comprises at least one image of an identity credential of the user. The system also includes a processor configured to: determine a pre-stored cryptographic identifier corresponding to the token identifier; and compare the received cryptographic representation with the pre-stored cryptographic identifier.

Abstract: Various embodiments relate to a method performed by a first wireless device for announcing operating capabilities to a second wireless device, wherein the first wireless device and second wireless device support a first protocol and a second protocol, including: announcing by the first device original capabilities to the second device; receiving an announcement of capabilities from the second device; receiving frames from the second device in PHY Protocol Data Units (PPDUs) following the first protocol and the second protocol; announcing by the first device a change in its capabilities to the second device; and receiving frames from the second device in PPDUs transmitted using the changed capabilities following the first protocol and the second protocol, wherein the change in the capabilities includes a change in a one of a puncture parameter, bandwidth parameter, mode and coding scheme (MCS) parameter, and a number of simultaneous streams (Nss) parameter.

Abstract: Technologies for proving packet transit through uncompromised nodes are provided. An example method can include receiving a packet including one or more metadata elements generated based on security measurements from a plurality of nodes along a path of the packet; determining a validity of the one or more metadata elements based on a comparison of one or more values in the one or more metadata elements with one or more expected values calculated for the one or more metadata elements, one or more signatures in the one or more metadata elements, and/or timing information associated with the one or more metadata elements; and based on the one or more metadata elements, determining whether the packet traversed any compromised nodes along the path of the packet.

Abstract: Various approaches for securing networks against access from off network devices. In some cases, embodiments discussed relate to systems and methods for identifying potential threats included in a remote network by a network access device prior to requesting access to a known secure network via the remote network.

Abstract: Embodiments herein relate to the field of communications, and more particularly to key matching for extensible authentication protocol over local area network (EAPOL) handshaking using distributed computing. Other embodiments may be described and claimed.

Abstract: A consent system enables a consumer to save consent choices so that the publisher can retrieve the consumer consent choices when the consumer visits the publisher site, without requiring the consumer to make additional selections corresponding to consent choices. The consumer can save consent choices as a consent system first party cookie or in an account at the consent system. The consumer can save consent choices when visiting a publisher site or by accessing the consent system. The publisher can retrieve the consumer consent choices from the consent system first party cookie or from the account at the consent system. Multiple publishers can retrieve the consumer consent choices saved in an account with the consent system, enabling “cross-platform consent.

Abstract: Systems and methods are described for pre-authentication access request screening. A server computer may receive a request for access to a resource comprising access data. The server computer may transmit, to an authentication computer, an authentication request message comprising at least a subset of the access data and receive an authentication response message comprising authentication data. The server computer may determine an access score based on the authentication data. Alternatively, the server computer may determine the access score based on the access data without using/receiving authorization data. The server computer may generate an access indicator based on the access score. The server computer may prepare and transmit an authorization request message comprising the access indicator to an authorization computer. The authorization computer may approve or decline the access to the resource based on the access indicator.

Abstract: A method by a security analysis server to generate a traffic monitoring rule. The method includes receiving, from a database agent because of a current configuration of the database agent, counts of an amount of traffic sent over a first set of one or more of the database connections being monitored by the database agent and generating a traffic monitoring rule that indicates database connections for which the database agent is to send counts of an amount of traffic, rather than all the traffic, sent over those database connections to the security analysis server because those database connections have been determined by the security analysis server to be of an application database connection type based on an analysis by the security analysis server of the counts. The method further includes applying the traffic monitoring rule by sending instructions to the database agent to alter the current configuration.

Abstract: A wireless key device including a wireless transceiver and antenna configured to communicate with an access terminal, and a processor configured to execute instructions to implement a method of managing digital credentials for a wireless key device. The method includes authenticating the key device with a server, retrieving a plurality of digital credentials from a server, the plurality of digital credentials associated with a plurality of access terminals within a selected geographic proximity to the key device, polling an access terminal of the plurality of access terminals via the wireless transceiver and antenna for an access terminal identification which uniquely identifies the access terminal, identifying a digital credential of the plurality of digital credentials associated with the access terminal based on the access terminal identification, and transmitting the selected digital credential to the access terminal.

Abstract: A method, apparatus, and server for generating a user score based on social networking information is provided. In the disclosed method, by processing circuitry of an information processing apparatus, default annotation information of a plurality of sampled users, an ith user score and an ith relative user score for each of the sampled users are obtained. A user score model is trained according to the ith user score of the respective sampled user, the ith relative user score of the respective sampled user, and the default annotation information of the respective sampled user. An (i+1)th user score of the respective sampled user is subsequently calculated and a trained user score model, for each of the sampled users, is obtained when the (i+1)th user score for the respective sampled user satisfies a training termination condition, The method provides a solution to evaluate the user score for a use when personal information of the user is missing or incorrect.

Abstract: Systems and methods of improving AI governance are disclosed. One or more sub-contexts associated with a plurality of users are generated from one or more data sources. The one or more sub-contexts represent one or more changes in data that are relevant to assessing one or more risks associated with the plurality of users. One or more sub-contexts are provided as training data to a plurality of models. Each of the models is associated with a confidence score. A probabilistic assessment of the one or more risks associated with the plurality of users is generated based on an application of the plurality of models to additional data pertaining to the plurality of users received in real time. The probabilistic assessment is presented in a dashboard user interface, the dashboard user interface having user interface elements configured to provide insight into how the probabilistic assessment was generated.

Abstract: Provided is a device unit, including a module, which can configure the device unit with an operating state from among different operating states during the start-up process and/or during ongoing operation of the device unit, wherein a first protected operating state of the different operating states is designed to allow the execution of at least one operating process which can be predefined and to optionally protect the operating process by means of defined cryptographic means, wherein at least one second operating state of the different operating states is designed to deactivate the first protected operating state and to allow at least one other changeable operating process and to optionally protect the operating process by means of specifiable cryptographic means.

Abstract: A system may include one or more tangible, non-transitory computer-readable media having stored thereon instructions, the instructions when executed to instruct one or more processors to: receive a platform-independent access binding data structure (a PIAB data structure), the PIAB data structure comprising a platform-independent representation of a subject class, a verb, an object, and a binding comprising a permission for the subject class to perform the verb on the object; convert the PIAB data structure to a first platform-specific binding for a first target platform; and cause the first platform-specific binding to be implemented on the first target platform.

Abstract: A computer-implemented method includes: connecting, by a computing device, to a database using an outbound connection, wherein the computing device is an information technology (IT) product in a private network and the database is outside the private network; receiving, by the computing device, a response from the database, the response including a command; executing, by the computing device, the command; and sending, by the computing device, result data to the database, wherein the result data is data that results from executing the command on the computing device.

Abstract: The present disclosure generally relates to systems and methods that provide a network environment that enables reassignment platforms to provide authentic access rights for reassignment to user devices. More specifically, the present disclosure relates to systems and methods in which a reassignment platform can execute a protocol implemented using code (e.g., an Application Programming Interface (API)) to validate the authenticity of access rights made available for reassignment, and once reassigned, reissue the access rights to a new user and transmit those access rights to user devices natively in a mobile application.

Abstract: Implementations of the present disclosure relate to method and device for managing a storage system. The method comprises in response to receiving a write request at a storage system, determining whether storage units allocated to a logic storage unit of the storage system are sufficient for data associated with the write request. The method also comprises in response to determining that the allocated storage units are insufficient, allocating a new storage unit to the logic storage unit. The method further comprises updating metadata associated with allocation of the storage units of the storage system, the metadata indicating a mapping between the logic storage unit and the storage units. The method also comprises encrypting the updated metadata. Other implementations of the present disclosure also involve corresponding method, device and computer-readable medium for decryption metadata and recovering the logic storage unit using the decrypted metadata.

Abstract: Systems and methods are disclosed that provide for secure communications between a user device and an authentication system. The systems and methods create a dynamic identification for the device that is stored in both the device and authentication system.

Abstract: The present disclosure relates to a method, apparatus, system and storage medium for access control policy configuration. The method includes receiving a request for creating a target resource; determining, based on the request, whether an access control policy inheritance attribute is set for the target resource, the access control policy inheritance attribute indicating an inheritance relationship between access control policies of the target resource and its parent resource; and configuring the access control policy of the target resource according to a result of the determination. Thus, the efficiency of configuring an access control policy for a resource is improved.

Abstract: Methods and systems are described for analyzing and attesting physical access to a location. In an example, an administrator can create a survey for users in an organization. The survey can be sent to a user device as a notification. The user can complete the survey, and the user's physical access rights can be determined based on the survey answers. When the user attempts to gain access to a location of the organization, the user can provide a digital access badge. The digital access badge can be mapped to the user's access permissions. The user can be granted or denied access depending on whether the user answered the survey and, if answered, what answers the user provided.

Abstract: According to one embodiment, a computing device executes an application including processing of inputting information from a nonvolatile memory unit and outputting information to the nonvolatile memory unit. The computing device includes a processing unit. The processing unit executes processing of receiving an I/O request to the nonvolatile memory unit from the application and generating one or more control commands for controlling the nonvolatile memory unit based on the I/O request. The processing unit executes processing of acquiring authorization information from a server. The processing unit executes processing of inserting or associating the acquired authorization information into or with the I/O request or the one or more control commands.

Abstract: An initialization geo-locking system includes a chassis housing a location determination subsystem and an initialization management subsystem. During an initialization process that begins in response to receiving initialization power, the initialization management system determines that geo-locking is activated and, in response, causes power to be provided to the location determination subsystem and then subsequently identifies a first current location determined by the location determination subsystem. The initialization management subsystem then determines whether the first current location determined by the location determination subsystem corresponds to an authorized initialization location stored in the initialization management subsystem and, if so, halts the initialization process while, if not, allows the initialization process to complete.

Abstract: The present invention relates to methods and apparatus for dynamically detecting and/or mitigating threats in communications systems. Exemplary methods and apparatus of the present invention allow for a combination of automated and operator controlled responses to threats. While an operator is provided an opportunity to provide input on how to respond to a threat, after one or more threats of a given type are identified, the system will automatically take corrective action without waiting for operator input and/or in the absence of operator input following notification of a threat.

Abstract: Authorization is divided between a control plane and a data plane for sharing database data. A producer database engine can create a shared database via a data plane interface. A producer can then authorize access to the shared database via a control plane interface to a consumer. A consumer can associate the authorization granted to the consumer with a consumer database engine via the control plane interface.

Abstract: Systems and methods for embodiments of a graph based artificial intelligence systems for identity management are disclosed. Embodiments of the identity management systems disclosed herein may utilize a network graph approach to analyzing roles of a distributed networked enterprise computing environment. Specifically, in certain embodiments, an artificial intelligence based identity management systems may utilize role graphs to assess the role structure of a distributed enterprise computing environment.

Abstract: Enterprise applications need to store and evaluate permissions on per User, per Entity and per Action basis for hundreds of Users and thousands of permissions. Most of the times this data takes up to 5 database tables to store the Role Based Access Control (RBAC) permissions. Selecting permissions for user from database consumes time while any User attempts to perform any Action. Sometimes the time taken to check permission is more than time taken to perform the required Action. Thus the current approaches for RBAC are inefficient in all—computation TIME, runtime MEMORY and database STORAGE. Binary arithmetic is known for being vast in scalability, smallest in memory and fastest in speed. This paper describes a new method which uses binary data structure and binary arithmetic to accurately check User permissions. We also claim that this method is the most scalable and fastest possible for Role Based Access Control.

Abstract: Embodiments of this application provide a network security management method and an apparatus. The method includes: receiving, by a first network device, a session request sent by a terminal device, where the session request is used to request establishment of a first session with a first data network, the session request includes first authentication information for the first session, and the first authentication information includes identifier information of the first data network; obtaining, by the first network device, second authentication information for a second session of the terminal device, where the second authentication information includes identifier information of a second data network to which the second session is connected; and if the identifier information of the first data network is the same as the identifier information of the second data network, authorizing the terminal device to establish the first session with the first data network.

Abstract: A method of setting an operational authority for an electric motorcycle is proposed, the method including a product registration step of pre-registering mapping information of an ID of an electric motorcycle and manager information in a management server; a manager registration step of completing manager registration with the electric motorcycle using the mapping information when the management server receives the ID from the electric motorcycle; a driver registration step of performing driver registration in the electric motorcycle through pairing with the electric motorcycle, when the management server receives driver information from a driver terminal; and an operational authority registration step of completing, when the management server receives a registration request for operational authority information from a manager terminal, a registration of the operational authority information for the electric motorcycle through pairing with the electric motorcycle, by the driver terminal, using the operational

Abstract: A service providing system, a login setting method, and an information processing system. The service providing system includes an information processing system that stores a set value indicating whether a login is valid for each of the authentication methods, and transmits the set value for each of the authentication methods to the electronic device in response to a request from the electronic device, and the electronic device receives the set value for each of the authentication methods from the information processing system and changes a set value stored in the electronic device according to the set value of at least one of the authentication methods received from the information processing system.

Abstract: Methods and systems for routing data payloads through a plurality of microservices are disclosed. The method may comprise: receiving a data payload and first data; predicting, by a trained machine learning model based on the first data, a path through a plurality of microservices associated with the data payload; generating a modified data payload by modifying, via the orchestrator service, the data payload to include: a first header, wherein the first header comprises a first microservice destination address associated with a first microservice of the plurality of microservices and a second header nested within the first header, wherein the second header comprises a second microservice destination address associated with a second microservice of the plurality of microservices; forwarding the modified data payload to the first microservice based on the first header for processing; and forwarding the modified data payload to the second microservice based on the second header for processing.

Abstract: A method is disclosed. For example, the method executed by a processor of a shared device includes receiving an identification of a user, connecting to a remote server that stores authentication modules and applications, requesting an authentication module and an application stored on the remote server that is associated with the identification of the user, storing the authentication module and the application temporarily on a non-resident memory of the shared device, and executing the application in response to authentication of the user based on log-in information that was received via the authentication module.

Abstract: A device implementing a system to associate a user account with a content output device includes at least one processor configured to receive an invitation to access content associated with a first user account on another device associated with a second user account, the other device being connected to a local area network. The at least one processor is further configured to send, to a server, a request for authorization to access the content associated with the first user account on the other device associated with the second user account, the request comprising information included with the invitation, and to receive, from the server, the authorization to access the content. The at least one processor is further configured to access, based at least in part on the authorization, the content associated with the first user account on the other device associated with the second user account.

Abstract: Disclosed are techniques for securing electronic control units (ECUs) in a vehicle. A security platform for a vehicle includes a key distribution center (KDC) for the vehicle. The KDC is configured to verify that a digital certificate associated with a first electronic control unit (ECU) on the vehicle is a valid certificate, where the digital certificate indicates a first security level of the first ECU. The KDC is configured to generate, based on the first security level of the first ECU, one or more security keys for secure communication between the first ECU and a set of ECUs on the vehicle, and provision the one or more security keys to the first ECU and the set of ECUs. In some embodiments, the KDC uses the provisioned keys to authenticate each ECU when the vehicle is powered up.

Abstract: An apparatus, method and computer program product facilitate selective searching of at least a portion of a database. With respect to a method, a query is received that has a query context. In response to the query, the method reviews one or more data source tables including a first data source table that defines each of a plurality of data sources of data stored by the database. In reviewing the one or more data source tables, the method identifies one or more data sources that are accessible in response to the query. The method also searches the database for responsive data that: (i) was provided by the one or more data sources that were identified to be accessible in response to the query and (ii) is responsive to the query. Further, the method responds to the query with a representation of the responsive data.

Abstract: An apparatus and method for temporarily sharing a non-fungible token (NFT), the apparatus includes at least a processor, a memory communicatively connected to the at least processor, wherein the memory containing instructions configuring the at least processor to receive a data collection, wherein the data collection comprises a plurality of data objects associated with at least one NFT, verify the at least one NFT as a function of the data collection, identify an in-force time element as a function of the at least one NFT, determine at least one designated utility of the at least one NFT, and generate a self-executing action protocol for interests to the at least one NFT as a function of the in-force time element and the at least one designated utility of the at least one NFT.

Abstract: A pluggable cloud security system includes a plurality of nodes. Each node has a memory and a processor. At least one memory is configured to store rules indicating criteria for allowing communication between user applications and a hosted application executed by a cloud infrastructure. At least one processor is configured to receive data to be communicated to the cloud application, determine a source of the received data as a first user application, determine a channel used to transmit the received data, and determine, using the rules, whether the source and the channel satisfy criteria for allowing communication between the first user application and the hosted application. If it is determined that the source satisfies the first criteria, transmission of the data is allowed. Otherwise, transmission of the data is prevented.

Abstract: A wireless testing system is provided that tests Wi-Fi signal strength of devices of a local network to determine distribution of network devices within the local network. In particular, one or more Wi-Fi-based devices may be located within or near a premises in which a wireless network is present. The devices are configured to automatically connect to a particular test broadcast signal from a modem and provide signal strength data. An application may log into or otherwise access the information obtained by the modem concerning the Wi-Fi signal strength of the wireless devices. The application may analyze the Wi-Fi signal strength information and may execute a recommendation engine to provide one or more recommendations/directions for installing components of the wireless network, such as wireless devices, modems, etc. to improve the coverage of the wireless network and provide a more robust wireless experience for devices within the wireless network.

Abstract: A device, method or executable instructions that include receiving, over a network, an authentication request from a user device for performing a function utilizing a first authentication method, obtaining network intelligence data for a mobile network over the network, and identifying a risk for each of multiple authentication methods in response to analyzing device security behavior and the network intelligence data. Further embodiments include identifying a first risk for the first authentication method and identifying a second risk for the function, determining the first risk is higher than the second risk, and identifying a second authentication method that is associated with the second risk. Additional embodiments include notifying the user device of the second risk for the function, and providing a recommendation to the user device to utilize the second authentication method to perform the function. Other embodiments are disclosed.

Abstract: Embodiments are disclosed for a method for a wearable secure data device. The method includes setting an operational mode for the wearable secure data device that stores a plurality of secure data items. The method also includes receiving a request for at least one of the secure data items from a client device that is communicating with a third-party device. Additionally, the method includes determining if the operational mode is associated with allowing access to the secure data items. Further, the method includes providing a response based on the determination.

Abstract: A tracking device can use a permanent encryption key pair to encrypt a temporary private key that corresponds to a set of diversified temporary public keys. When a community mobile device subsequently detects the tracking device, the central tracking system provides a diversified temporary public key to the community mobile device. The community mobile device uses the diversified temporary public key to encrypt location data representative of a location of the community mobile device, and provides the encrypted location data to the central tracking system. When a user subsequently requests a location of the tracking device from the central tracking system, the central tracking system provides the encrypted temporary private key and the encrypted location data to a device of the user, and the device can decrypt the encrypted temporary private key using the permanent encryption key pair, and decrypt the encrypted location data using the decrypted temporary private key.

Abstract: A system includes at least one processor and at least one memory including instructions that, when executed by the at least one processor, cause the at least one processor to perform operations. The operations include providing a secure link to an auditable, machine-readable dataset to a client device of a user, the auditable, machine-readable dataset comprising data. At least one policy constraint is provided to at least a portion of the data in the dataset. In response to detecting activation of the secure link at the client device, one or both of the user and the client device is authenticated based on the policy constraint. Streaming access is provided to the auditable, machine-readable dataset in real-time.

Abstract: Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with providing adaptive authentication for federated environment includes receiving a request to access an application from a client. Next, one of a plurality of web application servers in which the requested application is executing is identified and data associated with the requesting client is obtained. An authentication request comprising an index based on the identified web application server and the obtained client data is generated. The requesting client using the generated authentication request including the index is authenticated.

Abstract: A device and method for provided access to distributed data sources includes a cloud security server configured to associate any number of data sources and client devices with a cloud security server account. The cloud security server assigns trust levels to the data sources and the client devices. A client device requests data from the cloud security server. The cloud security server authenticates the client device and verifies the trust levels of the client device and the requested data. If verified, the cloud security server brokers a connection between the client device and the data source, and the client device accesses the requested data. Data sources may include cloud service providers and local storage devices. The cloud security server may assign a trust level to a client device for a limited time or revoke a trust level assigned to a client device. Other embodiments are described and claimed.

Abstract: A system and method for determining consent user interface validity for a provided consent user interface of a web form presenting consent information, comprising: accessing a consent user interface presented on a web form; determining one or more configuration attributes of the consent user interface; accessing one or more privacy regulations associated with presenting consent information; comparing the one or more configuration attributes of the consent user interface to each of the one or more privacy regulations; determining whether the consent user interface is compliant with each of the one or more privacy regulations; and in response to determining that the consent user interface is not compliant with one or more privacy regulations, flagging the consent user interface.

Abstract: Typically, clients request a service from a computer hosting multiple services by specifying a destination port number associated with the desired service. In embodiments, the functionality of such a host computer is enhanced by having it condition client access to services available at a particular port number based on client authentication and/or authorization. A host computer can change the service(s) available at a given port number on a client by client basis, enabling access to service(s) for trusted clients unavailable to untrusted clients. Preferably, client trust is based on client authentication via a certificate and a valid, signed transport layer security (TLS) handshake (or similar mechanism in other protocol contexts). In some embodiments, an authorization step can be added following authentication. The systems and methods disclosed herein find wide uses in bundling services on ports, as well as protecting access to services from untrusted and/or malicious clients, among others.

Abstract: Systems and methods mediate permissions for applications on user devices using predictive models. Data communications are monitored on a user device for permission requests and responses. A predictive model is trained with these permission requests and responses until a threshold is met. Then, a default permission response is provided on behalf of the user device in response to a permission request.