Abstract: A graphical user interface is configured to guide a user through a method of creating a RESTful API protocol-compliant URL, without requiring that the user be familiar with syntax of the RESTful API protocol. The graphical user interface includes a URL output that indicates to the user features within a user-edited URL that render the user-edited URL non-compliant with the RESTful API protocol. The graphical user interface includes a set of graphical input devices to solicit and receive from the user input specifying a set of query options, which user input is used to define the RESTful API protocol-compliant URL. The graphical user interface is automatically customized to solicit and receive from the user input only for options available from a specific data service.

Abstract: A server system stores data associating a secret of the memory device configured in an endpoint, a first identification, and device information of the endpoint. After receiving a request to bind a second identification to the endpoint, the server system can tie identity data of the endpoint to the second identification. For example, after receiving a validation request containing identity data generated by the memory device, the server system can verify a verification code in the identity data based at least in part on the secret of the memory device. The verification code is generated from a message presented in the identity data and a cryptographic key derived at least in part from the secret. Based on validating the identity data, the server system can provide a validation response to indicate that the identity data is generated by the endpoint having the second identification.

Abstract: One example method of operation may include determining whether a data request initiated by a client device to obtain data from a remote server should be forwarded by a virtual private network (VPN) server or outside of the VPN server, forwarding, via the client device, a data fetch outside of the virtual private network (VPN) server in communication with the client device, to obtain the data from the remote server, and the remote server is identified on a list identifying servers requiring non-VPN communications, receiving the data from the remote server, via the client device, outside of the VPN server, forwarding, via the client device, a request for additional data to the VPN server, and receiving the additional data from the VPN server at the client device.

Abstract: Systems, methods, and computer-readable media are disclosed for dynamically onboarding a UE between private 5G networks. In one aspect, a private 5G (P5G) federation system can receive a request from a user device for registration with a serving private 5G network, which is part of a P5G federation system. The P5G federation system can further determine that the user device is authenticated with a home private 5G network of the user device, which is also part of the P5G federation system. The P5G federation system can transmit, to the serving private 5G network, a security profile of the user device that is received from the home private 5G network. As follows, the P5G federation system can facilitate onboarding of the user device to the serving private 5G network with the security profile.

Abstract: A method for assessing vulnerability to predatory internet attacks determined using new technologies in the evaluation of personal psychological assessments so as to pinpoint vulnerable persons. Once pinpointed, those with high user risk may not be hired, or if employed already, may be provided additional information/training or have computer software protection installed at their station. Persons are administered a battery of personality/psychological evaluation questions with various statistical and data mining techniques used for common psychological assessments applied to their responses. This algorithmic model uses multiple psychological assessments for a combined measure of user risk.

Abstract: A method and system for determining a custom personal identification number (PIN) for a user based on an ordered series of events are disclosed, comprising generating the custom PIN for the user based on a set of stored events of the user, each event associated with a point in time and authenticating the user responsive to receiving information that matches the custom PIN. A chronological order of a selected subset of events can be determined. A chronological identifier can be assigned representative of a position of the respective event in the determined chronological order. The custom PIN can be determined as an arrangement of the chronological identifiers. The selected subset of events can be presented to the user in the arranged order. The user can be authenticated responsive to determining that a received indication of a chronological arrangement matches the determined PIN.

Abstract: Authentication of a user of an OAuth client by an OAuth authorization server, comprising exposing an authentication state machine, where the states of the state machine are hypermedia-based representations of login resources, and transitions between states are represented by hypermedia links, wherein the authentication state machine is exposed to the client by an API adhering to the principles of REpresentational State Transfer (REST). When the final state of the state machine has been reached, a secondary access token is issued to the client, thereby authenticating the user, wherein hypermedia representations which are sent to the client are encoded so as to be readily parsable by the client.

Abstract: Managing a software multi-ownership account including operations of registering software, setting a usage authority, and transferring a usage authority. The operation of registering the software includes the operations of: receiving, by a reception unit of a management server, a software registration request from a software manufacturer server; checking whether an authentication unit of the management server is a pre-approved manufacturer; and generating a smart contract transaction using time information at which the authentication unit of the management server is requested to register the software and string information of a software name. An authority can be effectively transferred to use software between users to another person by using a sub-access token interworked to a system user account, and by additionally issuing a sub-access token for multiple access authorities for one piece of software, a user is able to have multiple access authorities, thereby broadening the scope of software utilization.

Abstract: The present application discloses a method, system, and computer system for providing access to data. The method includes receiving, by a data manager service from a data requesting service, a request using an identifier for a high-level data object to access a set of data associated with the high-level data object, determining, by the data manager service, low-level data object(s) corresponding to the set of data based on the identifier for the high-level data object, determining whether a user associated with the request has permission to access at least a subset of the low-level data object(s), and in response to determining that the user associated has permission to access the at least the subset of the low-level data object(s), generating, by the data manager service, a uniform resource locator (URL) via which the at least the subset of the one or more low-level data objects is accessible by the user.

Abstract: According to examples, an apparatus may include a processor that may determine that an application was accessed through a portal. Based on a determination that the application was accessed through the portal, the processor may determine whether a first credential type or a second credential type was supplied to access the application, in which the first credential type may include a set of personal credentials of a user and the second credential type may include a set of single sign-on credentials that the user may use to access multiple applications. The processor may also output a trace that may indicate an identification of the application that was accessed and the type of the credential supplied to access the application, in which a backed entity may analyze the data included in the trace.

Abstract: A method for performing secure transactions is disclosed. The method includes: providing an access controller between a core application and a third-party application, where the access controller prevents the third-party application from unauthorized access to the core application; receiving, by the access controller, a command from the third-party application to access the core application; transmitting, by the access controller, an authorization request to a secure application storing credentials of a user; providing, by the access controller, the third-party application with access to the core application in response to the access controller receiving notification from the secure application that the command is authorized; and preventing, by the access controller, the third-party application from accessing the core application in response to the access controller receiving notification from the secure application that the command is unauthorized.

Abstract: One example method of operation may include receiving potential emergency event communications from one or more emergency monitoring entities targeting a potential emergency location, comparing the potential emergency event communications to one or more emergency event thresholds, determining a level of severity of the potential emergency event, and transmitting one or more notifications to one or more emergency response entities based on the one or more emergency events thresholds being exceeded and the level of severity.

Abstract: In one embodiment, a device including a processor, and a memory to store data used by the processor, wherein the processor is operative to run a manufacturer usage description (MUD) controller operative to obtain a MUD profile of an Internet of Things (IoT) device from a MUD server, the MUD profile of the IoT device including: access rights of the IoT device, and any one or more of the following a default device username and/or a default device password of the IoT device, a recommended/required device password complexity of the IoT device, at least one service that should be enabled/disabled on the IoT device, and/or allowed security protocols and/or ciphers for communication to and/or from the IoT device, enforce security of the IoT device according to the MUD profile of the IoT device. Related apparatus and methods are also described.

Abstract: A system and method for securing the development of software applications are provided.

Abstract: A security platform architecture is described herein. The security platform architecture includes multiple layers and utilizes a combination of encryption and other security features to generate a secure environment.

Abstract: Described herein are systems, methods, and software to manage new and updated containerized network functions (CNFs). In one implementation, a management service identifies a CNF in a first repository. Once identified, the management service identifies one or more configuration parameters associated with the CNF and updates one or more files for the CN with the one or more configuration parameters. The management service then stores at least the one or more files for the CNF in a second repository. In some implementations, the management service will monitor the first repository for modifications associated with the CNF and will update the files in the second repository based on the modifications.

Abstract: Techniques are described for providing session management functionalities using an access token (e.g., an Open Authorization (OAuth) access token). Upon successful user authentication, a session (e.g., a single sign-on session) is created for the user along with a user identity token that includes information identifying the session. The user identity token is presentable in an access token request sent to an access token issuer authority (e.g., an OAuth server). Upon receiving the access token request, the user identity token is parsed to identify and validate the session against information stored for the session. The validation can include various session management-related checks. If the validation is successful, the token issuer authority generates the access token. In this manner, the access token that is generated is linked to the session. The access token can then be used by an application to gain access to a protected resource.

Abstract: Systems and methods of managing information technology infrastructure are described. A method includes identifying a run trigger between a first node and a second node, each node maintaining a configuration for a portion of a cloud computing infrastructure associated with executing a portion of a cloud-based application. The run trigger initiates in response to an action at the first node and comprises a source identifier identifying the first node and a destination identifier identifying the second node. Then a run is queued on the second node based on the run trigger, the run including a process executed on the second portion of the cloud computing infrastructure with data received by the second node and associated with a run source identifier. The run on the second node is then planned and executed, causing the cloud computing infrastructure to modify infrastructure resources associated with the second portion of the cloud computing infrastructure.

Abstract: In an embodiment, a list of domains is received that includes one or more categories for each domain. The categories are assigned to each domain using a classifier that is trained using features extracted from webpages known to be associated with particular categories. An administrator creates access rules for users, or groups of users, that control the categories of domains that each user is permitted to access or not access. When a user makes a request for a webpage, access rules associated with the user are retrieved, and one or more categories associated with the domain of the requested webpage are determined using the list of domains. If any of the one or more categories of the domain violate an access rule associated with the user, the request for the webpage is denied. Otherwise the user is allowed to access the webpage.

Abstract: A credential manager imports credentials for a network slice in response to deployment of the network slice. The credentials are not known to other network slices. A repository is configured to store the credentials and protect the credentials based on credential protection policies that are defined by a service profile of the network slice. The repository is implemented in the credential manager, an authentication, authorization, and accounting (AAA) server, or other location. Properties of the credentials are modified in response to a modification trigger and the credentials are withdrawn in response to a withdrawal trigger.

Abstract: Described are a computer-implementable method, system and computer-readable storage medium for providing common identity and access management of applications based on role-based access control (RBAC) model and access-based control (ABAC) model. A common model based on the ABAC model is implemented to support RBAC workflows and ABAC workflows. An RBAC management user interface receives the RBAC workflows which are converted to an ABAC model structure and implemented by the common model. An ABAC management user interface receives the ABAC workflows and is implemented by the common model.

Abstract: Disclosed herein are system, method, and device embodiments for implementing password suggestion. An embodiment operates by selecting one or more random terms from dictionary information, generating an alphanumeric string based on a password requirement, combining the one or more random terms and the alphanumeric string to form a generated password, determining a password strength of the generated password based on compromised password information, and presenting the generated password for selection by a user device when the password strength meets or exceeds a threshold value.

Abstract: System and method for anonymizing logs generated in applications running in a computing environment detects log data being generated in an application and compares the log data to a set of predefined search pattern policies to find sensitive information contained in the log data. The sensitive information contained in the log data is converted into anonymous information to produce anonymized log data within the application. The anonymized log data is then written to a destination.

Abstract: A process can include transmitting a pre-trained machine learning model to an edge compute unit associated with a request. The edge compute unit can perform inference using the pre-trained machine learning model and one or more sensor data streams obtained at an edge location. One or more batch uploads of information can be received, associated with inference performed by the edge compute unit and using the pre-trained machine learning model. One or more updated machine learning models can be generated, based on using the batch uploads of information from the edge compute unit to retrain or finetune the pre-trained machine learning model. The one or more updated machine learning models can be transmitted to the edge compute unit, wherein transmission of the updated machine learning model is responsive to receiving the one or more batch uploads of information.

Abstract: A method includes receiving, at a native application, access credential data and providing the access credential data from the native application to a headless browser. The method also includes initiating a secured connection from the headless browser to a remote server that hosts a website. The remote server supports access to secured data without relying on an application programming interface. The method also includes sending, by the headless browser via the secured connection, the access credential data to the remote server. The method also includes receiving first web page data of the website from the remote server via the secured connection and parsing the first web page data to identify user-specific data. The method further includes receiving, by the headless browser via the secured connection, at least a portion of the secured data.

Abstract: Providing and using a user login protection service can include detecting, during a login creation process, input that indicates that a computing device has opted-in for protection for a login being created. During the login creation process, the login can be stored at a first data storage location, the login including an address that identifies a location of a distributed ledger and a password, and a reset password at a second data storage location comprising a secure data storage device. In response to detecting an attempt to log in to the third party device to access the resource, a value associated with the distributed ledger can be obtained, the value indicating a status of a trigger condition associated with the login. If the value is zero, the attempt to log in can be allowed to proceed. If the value is one, the attempt to log in can be blocked.

Abstract: An ambient transaction system is described for facilitating various transactions types between a management system and a connected device over a transaction platform. Based on a variety of different triggering conditions, the transaction platform may establish an integrated session among the transaction platform, the management system, and the connected device. The transaction platform includes integrated logic of the management system such that a presentment layer provided to the connected device by the transaction platform via the integrated session includes features of the management system associated with the transaction type. When the transaction is a payment transaction, the features may include a payment feature through which checkout options may be selected for payment via the connected device.

Abstract: A computer-implemented method includes: receiving user identifying data; launching a virtual environment including an interactive graphical user interface configured to receive user selection inputs; in the virtual environment: receiving a first user selection input selecting an avatar corresponding to a payment device reward; associating the avatar and the payment device reward with the user; displaying payment device design components; receiving a second user selection input selecting a payment device design component; and associating the payment device design component with the user; and redirecting the user to an issuer system by communicating a payment device issuance request to generate and issue a payment device to the user, where the payment device issuance request contains at least one of the following: the user data, the first user selection input, the second user selection input, and/or any combination thereof.

Abstract: A control system (100) for a device (105) for making possible a process control for a process carried out on the device, with a reception module (110) and with a processing module (120). The reception module is configured to receive process information (112). The process information pertains to currently carried out process steps (114) of the process. The processing module is configured to assign a sequence number (122) to the received process information and to generate a visible protocol signature (128) based on the sequence number, of the process information, of time information (124) and a secret system code (126) and to assign it to the process information, and to output the process information with the assigned visible protocol signature. The secret system code is stored n this case exclusively in an internal memory (125) of the control system.

Abstract: Methods, systems, devices and computer-readable media for granting remote access to an electronic device are described herein. An electronic device obtains an encrypted password comprising a password encrypted with a public encryption key. The electronic device outputs the encrypted password for a device user computer to transmit the encrypted password to a support computer to have the encrypted password decrypted with a private encryption key corresponding to the public encryption key. The electronic device receiving an access request comprising the password from the support computer. The electronic device grants the support computer access thereto when the password of the access request from the support computer corresponds to the password at the electronic device.

Abstract: Disclosed are apparatuses, systems, and techniques that improve efficiency and decrease latency of processing of authorization requests by a cloud service. The techniques include obtaining, from an access server, a snapshot associated with processing an authorization request to evaluate an access to a resource of the cloud service and generating, using the snapshot, preemptive authorization requests by modifying the authorization request with a new user identity or a new resource identity. The techniques further include receiving, from the cloud service, a subsequent authorization request to evaluate an authorization of a user to access a particular resource of the cloud service, determining that the subsequent authorization request corresponds to one of preemptive authorization requests, and providing, to the cloud service, an authorization response for the user to access the resource, based on evaluation of this preemptive authorization request.

Abstract: Embodiments of the present invention relate to apparatuses, systems, methods and computer program products for a dynamic quarantine engine integration with a validated network resource component library for network security. Specifically, the system typically is structured for real time deconstruction of incoming data and dynamic analysis of deconstructed components, and preventing unsuccessfully validated network resource components in a distributed network. In some aspects, in response to a successful first dynamic deconstructed validation of the first network program resource component, the system constructs a first categorical network program resource component record associated with the first network component at network resource structure database. The system then typically initiates a second dynamic deconstructed validation of the first categorical network program resource component record associated with the first network component.

Abstract: Systems and methods described herein for providing cross-region resource management for regional infrastructure resources in a cloud infrastructure environment. Systems and methods can provide a cross-region resource management tool that can provide searching, viewing, and management capabilities for any resource in any of the regions to which the cross-region resource management tool has access to. A user (having sufficient access levels, such as an administrator or other privileged user) can access the cross-region resource management tool to view and manage all customer resources in any region of the cloud infrastructure, no matter which region the user is located in.

Abstract: Systems and methods are provided for suggesting a charging station for an electric vehicle. A destination of the electric vehicle is determined, and a schedule of a user of the electric vehicle is accessed. An event scheduled during a travel period to reach the destination is identified in the schedule of the user, and a suggested charging station is selected based at least on the destination and the identified scheduled event. The suggested charging station is generated for presentation at a display.

Abstract: A streamlined workflow for digital rights management (DRM) licensing for content such as media assets is achieved via an authentication server establishing an authenticated session that is referenced by other processes, whereby a content grant may include a key to desired encrypted content with a portion of the content or content meta-data. The authentication server verifies the user's identity and provides a session grant including a session security mechanism, such as a token, session key, or negotiated secret. The session grant may be used to obtain a content authorization from a content router. The content authorization includes an address at which the content may be found and may be decorated with security mechanisms. The session grant and/or content authorization may include an entitlement record reflecting the user's entitlements to access content. The session grant and/or content authorization may be used to obtain a content grant from a content server.

Abstract: A method may include a method of automating processes for remote work. The method may include receiving, at a server, first login data from a client software application. The client software application may be executing on a user device of a remote worker user. The method may include authenticating the remote worker user based on the first login data. The method may include receiving, at the server, command data from the client software application. The command data may include data indicating to the server to launch a software application. The method may include launching, on the server, the software application. The method may include inputting, using a robotic process automation (RPA) process, second login data of the remote worker user into the software application. The method may include key site information, speech-to-text functionality, onboarding functionality, automated support, or activity logging.

Abstract: Systems and methods can enable select virtual session capabilities on a user device configured to access a virtual session, which is an instance of a virtual machine. The user device can receive and forward to a gateway sever, a request to launch a virtual session. Based on the virtual session launch request, the gateway server can obtain a compliance profile determined from operational data for the user device and compare it to a minimum access policy (“MAP”). The MAP can include threshold or binary values for states of a group of user device operational aspects. Where the compliance profile satisfies the MAP, the gateway can permit user device access a virtual session hosted on a virtual machine (“VM”) server. The virtual session can be configured at the VM server based on the compliance profile so as to allow access to a portion of a full virtual session capability scheme.

Abstract: Example embodiments of systems and methods for secure online order pick up and data transmission system between transmitting and receiving devices are provided. In an example embodiment, a user may be required to confirm his or her identity prior to using an application, utilizing enhanced or restricted features of an application or device, viewing sensitive information, or taking certain actions. A transmitting device, such as a contactless card, may be employed as means for confirming a user's identity and access these features.

Abstract: The present disclosure relates to knowledge based authentication whereby a user is authenticated through third-party linked accounts. The method includes receiving an authentication request from a merchant computer, assessing one or more data fields to generate an authentication challenge for the user, connecting to one or more third-party account service provider to extract user-related data, generating the authentication challenge based on the extracted user-related data from the third-party account service provider, posing the authentication challenge to the user on a user device, receiving a response to the authentication challenge, and returning the authentication response to the merchant.

Abstract: This disclosure describes techniques for device authentication and/or pairing. A display system can comprise a head mountable display, computer memory, and processor(s). In response to receiving a request to authenticate a connection between the display system and a companion device (e.g., controller or other computer device), first data may be determined, the first data based at least partly on audio data spoken by a user. The first data may be sent to an authentication device configured to compare the first data to second data received from the companion device, the second data based at least partly on the audio data. Based at least partly on a correspondence between the first and second data, the authentication device can send a confirmation to the display system to permit communication between the display system and companion device.

Abstract: A tracking device can use a permanent encryption key pair to encrypt a temporary private key that corresponds to a set of diversified temporary public keys. When a community mobile device subsequently detects the tracking device, the central tracking system provides a diversified temporary public key to the community mobile device. The community mobile device uses the diversified temporary public key to encrypt location data representative of a location of the community mobile device, and provides the encrypted location data to the central tracking system. When a user subsequently requests a location of the tracking device from the central tracking system, the central tracking system provides the encrypted temporary private key and the encrypted location data to a device of the user, and the device can decrypt the encrypted temporary private key using the permanent encryption key pair, and decrypt the encrypted location data using the decrypted temporary private key.

Abstract: A system and method for a global approach for multifactor authentication incorporating user and enterprise preferences. An example method includes receiving a request from an enterprise computer for authentication of a user to access a resource of the enterprise. The example method also includes requesting available authentication methods and/or credentials at a point of authentication for the user. The example method also includes determining a set of authentication credentials to apply. The example method also includes receiving a requested set of authentication credentials from the point of authentication. The example method also includes authenticating the user based on the received set of authentication credentials from the point of authentication, and providing the user authenticated identity to the enterprise for access to the resource of the enterprise after authenticating the user.

Abstract: The present disclosure generally relates to visually varying an image using parallax image layers, and more specifically, relates to visually varying presentation of an access right displayed on a mobile device to enhance verification of access to resources. The variation of multiple layers of an image may be based on sensor data detected at the mobile device.

Abstract: A method of authenticating a request from an IoT device includes the step of receiving a request from an IoT device for restricted access information. A location of an authorized user of the restricted access information is identified based on at least one location criteria of the authorized user. Access of the restricted access information to the IoT device is granted when the authorized user satisfies the at least one location criteria and denying access to the IoT device of the restricted access information when the authorized user fails the at least one location criteria.

Abstract: A user apparatus has a determiner configured to determine whether a relationship degree indicative of a degree of depth of relationship between a first user who manages the user apparatus and a second user who manages an external apparatus that is located within a predetermined range from the user apparatus is at or above a threshold; an acceptor configured to, when a determination result by the determiner is affirmative, accept an input of an instruction that permits lending to the second user a usage authorization to use a service that is available to the first user on the user apparatus; and a lender configured to, when the acceptor accepts the input of the instruction, provide the external apparatus with authorization information to enable the service to be used on the external apparatus.

Abstract: Methods, systems, apparatuses, and computer-readable storage mediums described herein enable executable code of a hardware security platform (HSP) circuit to communicate with a hypervisor in a separate processor. The hypervisor generates and manages virtual machines. The HSP code comprises trusted platform module (TPM) logic, that processes TPM commands received via the hypervisor, and in response to the processing, communicates security information (e.g., measurements, keys, authorization data) with the virtual machines via the hypervisor. The TPM logic receives security information related to a virtual machine from the hypervisor and stores the security information in non-volatile memory of the HSP circuit, where security information from a particular VM is distinguishable from security information from another VM in the HSP memory.

Abstract: In some examples, a method includes generating, by an interconnection platform for an exchange, an interconnection token representing authorization for an interconnection to or from a resource of the exchange, wherein the interconnection token comprises a unique identifier and token data for requesting and provisioning an interconnection using the resource. The method also includes outputting a first indication of the unique identifier of the interconnection token. The method also includes provisioning, by the interconnection platform, in response to receiving, from a customer of an exchange provider of the exchange, a second indication of the unique identifier of the interconnection token and based on the authorization, an interconnection in a network device of the exchange, the interconnection including, or connecting to or from, the resource.

Abstract: A system wherein a cloud server assigns a customer site as a tenant with an organization number of the customer site and notifies a customer administrator of the organization number; an MFP notifies the cloud server of the organization number entered by the customer administrator and queries the cloud server about a subdirectory name of the customer site; the cloud server notifies the MFP of the subdirectory name associated with the notified organization number; the MFP notifies the customer site accessed using the notified subdirectory name of a serial number of the MFP; and the customer site manages the notified serial number.

Abstract: A computerized system automatically ensures that data from a data partner has been ethnically sourced. The system reviews websites associated with URLs provided by the data provider, and privacy policy data is extracted and captured. A keyword set is used to analyze the privacy terms of websites associated with the URLs. URLs associated with websites that ethically collect data are stored in a URL database, or the URLs are given a flag or score, such that these URLs need not be checked each time a new data partner identifies these URLs as the source of its data. The system may periodically re-check the URLs to ensure that no changes have been made to the corresponding website's data collection practices.

Abstract: A requestor and a responder may conduct secure communication by making API calls based on a secure multi-party protocol. The requestor may send a request data packet sent in a API request to the responder, where the request data packet can include at least a control block that is asymmetrically encrypted and a data block that is symmetrically encrypted. The responder may return a response data packet to the requestor, where the response data packet can include at least a control block and a data block that are both symmetrically encrypted. The requestor and the responder may derive the keys for decrypting the encrypted portions of the request and response data packets based on some information only known to the requestor and the responder. The secure multi-party protocol forgoes the need to store and manage keys in a hardware security module.