Abstract: The invention comprises a universal session protocol configured to initiate, authenticate, and manage the session of an application data stream. The universal session protocol governs the interaction between sending applications and sending agents as well as receiving applications and receiving agents to establish authenticated data streams between applications or systems.

Abstract: A method and system for communicating artificial intelligence (AI) tasks between AI resources are provided. The method includes establishing a connection between a first AI resource and a second AI resource; encapsulating a request to process an AI task in at least one request data frame compliant with a communication protocol, wherein the at least one request data frame is encapsulated at the first AI resource; transporting the at least one request data frame over a network using a transport protocol to the second AI resource, wherein the transport protocol is different than the communication protocol; and using a credit-based flow control mechanism to transfer messages between the first AI resource and the second AI resource over the transport protocol, thereby avoiding congestion on compute resources.

Abstract: A technique of authenticating an operator of a wireless terminal device is presented, wherein the first terminal device comprises a subscriber identity module (SIM) and wherein a subscription identifier is stored in the SIM. A method aspect of this technique comprises receiving the subscription identifier or a temporary identifier associated with the subscription identifier. The method aspect also comprises receiving a first set of biometric data of the operator, wherein the first set of biometric data has been entered by the operator at the terminal device, and sending a database request towards a subscriber database in a core network domain of a wireless communication system, the database request including the subscription identifier or the temporary identifier.

Abstract: A method and system for data transport of artificial intelligence (AI) tasks between AI resources are provided. The method includes establishing a connection between an AI client and an AI server with a storage element capabilities; encapsulating a request to process an AI task in a command capsule compliant with a storage data transfer protocol, wherein the command capsule is encapsulated at the AI client; and transporting the command capsule to an AI server over a transport link using the storage data transfer protocol.

Abstract: Systems and methods cross device application discovery and/or control. Cross device application discovery and/or control can provide for simple detection and activation of applications on remote devices. Cross device application discovery and/or control can provide for the control of remote applications in a master and slave configuration. Responsive to an activation message, an application can execute a task in an application, the task being displayed on a target device. Responsive to an activation message, an application can execute a task in an application on a target device, a task context data for the task being streamed to the source device for presentation on a display. Cross device application discovery and/or control can be enabled on a single operating system, or across a plurality of operating systems.

Abstract: A method and system are provided for securely onboarding a Bluetooth Low Energy peripheral device or other peripheral device operating over a personal area network (PAN) onto a cloud-based network system. The method includes providing a private-public key pair, wherein the private key is stored on the peripheral device and the public key is stored on a database within the cloud-based network system. Upon user activation, the peripheral device begins advertising, using a PAN communications protocol, a first hash value generated with the private key, which is received at the cloud-based processor and verified with the corresponding public key. In response to verifying the first hash value, the cloud-based processor transmits a public key encrypted random code, which is received at the peripheral device and decrypted with the private key.

Abstract: A system can be provided that can determine a first subset of external identity providers associated with permitted access to software applications of an internal computing system. The system can also determine a second subset of external identity providers associated with denied access to the software applications. Additionally, the system can generate a mapping that associates permitted access to the software applications with the first subset of external identity providers and associates denied access to the software applications with the second subset of external identity providers. The system can further receive, from the user device, authentication data. The user device can obtain the authentication data using an external identity provider. The system can detect the external identity provider from the authentication data and, in response to detecting the external identity provider, the system can control access for the user device to the software applications based on the mapping.

Abstract: Systems for distributed controlled access to data stored across a plurality of sources are disclosed. A plurality of content providers maintain user databases. A first distributed database contains a master identifier for each user of each content provider. Stored in relation to the master identifier are the locations of the user's data in each of the content providers. A second distributed database comprises data identifying for each of the users, entities that are authorized to access the user's data. In response to a request from an entity, the second database is queried and, based upon access rights data, user's whose data the requesting entity may view are determined. The first distributed database is queried to determine for the identified user, the location of user data. The data is retrieved and stored at a location accessible by the entity. The second distributed database is updated to record the data access.

Abstract: Disclosed is a computer implemented system for digitally authenticating, registering, and enrolling a consumer in a secure online identity verification system that prevents identity fraud and provides public anonymity to the consumer based on the consumer's live feed dynamic biometric information gathered via the Internet, the system wherein the system includes a simultaneous use security system designed for individual consumer identity verification with an encoded display during an active Internet session and at least one or more individual consumer legal identity and verified aliases assigned to the at least one or more of a nom de plume, icon, badge, and avatar and selected for the individual consumer's public identity. The system and method are further designed to allow notarization including self-notarization.

Abstract: Example techniques describe may facilitate a playback device applying a determined audio setting. An example implementation involves a first playback device receiving, over an unsecure network, a message indicating that a second playback device is available to join a playback network, wherein the first playback device is connected to the playback network. Based on a pre-existing configuration table, the first playback device determines an audio setting corresponding to a playback configuration for the second playback device, the playback configuration including the second playback device playing back audio synchronously with the first playback device in the playback network. The first playback device transmits, to the second playback device, one or more messages instructing the second playback device to apply the determined audio setting upon joining the playback network.

Abstract: In some embodiments, a client application at a client device can receive, from a browser application at the client device, a first message including a unique identifier associated with a session of the browser application at a website associated with a content management system. The client application can extract the unique identifier from the first message, and establish a connection between the client application and the content management system by sending, from the client application to the content management system, a second message including the unique identifier. The client application can then receive, from the content management system through the connection, a third message relayed by the content management system from the website, where the third message is associated with the unique identifier.

Abstract: Whether a connected drive is an unauthorized drive or not can be judged before it becomes possible for the connected drive to access a memory for a storage controller. When a storage device is connected, an information processing apparatus forms a first communication channel via a first interface incapable of accessing a built-in memory even when the communication connection is established; and a second communication channel via a second interface capable of accessing the built-in memory when the communication connection is established.

Abstract: Embodiments described herein provide systems and methods for secure and efficient user authentication across a variety of computing devices, such as desktops, laptops, smartphones, and tablets across operating systems such as Windows, MacOS, IOS, Android, and iPadOS. The system incorporates an authenticator application configured to communicate with internal or external user identifier scanners, such as RFID/NFC readers, fingerprint scanners, facial recognition cameras, and QR/Barcode scanners, using transport protocols like USB, BLE, or NFC. The authenticator application serves as a third-party passkey provider by interfacing with platform WebAuthn APIs, enabling WebAuthn-based authentication for native applications, browsers, and services, or alternatively as a browser extension, intercepting WebAuthn API calls directly within a browser environment.

Abstract: Techniques and architecture are described for protecting non-http and TCP/UDP applications in a zero trust network access (ZTNA)/web virtual private network (VPN) environment by establishing a secure communication channel between a native application and an application server providing an application service. More particularly, the present disclosure describes techniques and architecture that leverage the firewall wherein a thin client on a client device enables a client desktop, establishes a secure channel from a native application, e.g., the client desktop, to the firewall, and acts as a proxy.

Abstract: An information processing apparatus according to an exemplary embodiment of the present disclosure provides a service. In a case where the information processing apparatus receives a registration request for registering an image forming apparatus in the service, the information processing apparatus issues an access token based on an output authority of an instructing user who has given an instruction to transmit the registration request, and transmits the issued access token to the image forming apparatus.

Abstract: Systems and methods include a computer-implemented method for presenting a model of cybersecurity. Questionnaire answers corresponding to individual components of each of three elements contributing to cybersecurity risk and maturity for a computer system are received by a four-dimensional cybersecurity assurance model application. Three scores corresponding to dimensions of cybersecurity assurance for the computer system are generated by the four-dimensional cybersecurity assurance model application using the questionnaire answers. A three-dimensional graph presenting a four-dimensional model of cybersecurity assurance for the computer system is generated by the four-dimensional cybersecurity assurance model application using the three scores and temporal information.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for transmitting/processing requests to control information stored at multiple content platforms/servers. In one aspect, a client device can send a request to verify the device's trustworthiness to a device trustworthiness server. The client device can receive, from the device trustworthiness server, data indicating that the client device is trustworthy, in response to which, the client device can send, to a relay server, a request to control user data stored at a plurality of servers. The client device can receive, via the relay server, a response from each of the plurality of servers. Based on the responses, the client device can determine that at least a subset of the plurality of servers that included the user data has performed the action specified in the request to control the user data.

Abstract: Systems and methods for remote command access in a hybrid cloud to on-premises devices are described. An example method includes receiving, by a gateway service, a request for a connection between a remote support service agent and an on-premises device. The method further includes receiving, by the gateway service, consent from an authorized user associated with the on-premises device. The method further includes creating, by the gateway service, a first session with the on-premises device, where a scope of the consent is limited to the first session. The method further includes provisioning, by the gateway service, a device-specific hybrid connection endpoint for the first session. The method further includes forming, by the gateway service a secure session by binding the device-specific hybrid connection endpoint with a second session, the secure session allowing for transport of data and a set of commands based on a scope of the consent.

Abstract: Systems and methods are presented for adaptive biometric authentication. According to one example method, a failure of a first type of biometric authentication is detected. In response to detecting the failure of the first type of biometric authentication, an alternative type of authentication is completed. In response to completing the alternative type of authentication, a biometric characteristic of a biometric signature is selectively modified in a stored user profile for processing a subsequent attempt of the first type of biometric authentication.

Abstract: Systems, methods, and computer-readable storage devices that enable secured data access from a mobile device executing a native mobile application and a headless browser. One aspect of the technology includes interactions between one or more APIs, a secure connection, a headless browser, that utilize one or more of website data, fingerprint data file locations and additional web page data.

Abstract: In order to extend an OAuth 2.0 framework in a way that an application programming interface (API) is to be protected with two-factor authentication, an API provider may be presented with a set of options for different types of second authentication factors that can be used to carry out the two-factor authentication for the API, and then after the API provider selects its desired type of second authentication factor, an OAuth resource endpoint or an OAuth token endpoint may function to perform a second-factor authentication of each client application attempting to access the API based on a second authentication factor of the type selected by the API provider. Other comparable technology for protecting APIs may be extended to allow for two-factor authentication in a similar manner.

Abstract: Techniques for probing for Cobalt Strike TeamServer detection are disclosed. In some embodiments, a system/process/computer program product for probing for Cobalt Strike TeamServer detection includes monitoring HyperText Transfer Protocol (HTTP), HTTPS, and/or Domain Name System (DNS) network traffic at a firewall; prefiltering the monitored HTTP, HTTPS, and/or DNS network traffic at the firewall to select a subset of the HTTP, HTTPS, and/or DNS network traffic to forward to a cloud security service; performing HTTP, HTTPS, and/or DNS probing of a target to detect whether the target is a Cobalt Strike TeamServer; and performing an action in response to detecting that the target is the Cobalt Strike TeamServer.

Abstract: Described herein is a data security system for enabling tokenized access to sensitive data, including a token provider configured to connect to a remote client computing device over a secure communication channel, and cause display, at the remote client computing device, of a token request user interface including a selection form listing sensitive data elements associated with a first data subject. The token provider is also configured to receive a request for an access token, including a user selection of a subset of the sensitive data elements and one or more access authorization parameters, and generate an access token that enables access to only the subset of the sensitive data elements according to the authorization parameters. The token provider also stores the access token in a token database with the one or more authorization parameters, and transmits, to the remote client computing device, a response including the access token.

Abstract: A method and apparatus for inputting verification information, and a storage medium. The method is performed by a first terminal, and includes: sending, in response to a verification information request operation triggered by a user, a verification information request message to a verification server, where the verification information request message includes user communication identifier information, such that the verification server may generate verification information according to the verification information request message, and send the verification information to a second terminal corresponding to the user communication identifier information; receiving the verification information synchronized with the second terminal; and inputting the verification information into a displayed verification information input page.

Abstract: Described herein is a presence service for a cloud-based contact center platform that is designed to facilitate communications between customers and agents over a variety of communication channels. The presence service is designed with a two-layer architecture. A first layer uses a highly scalable, low latency memory cache to store a high volume of message-related data for tracking the temporal connectivity status of agents. When a connection status change is detected for an agent, the first layer publishes an event message to a queue of a distributed streaming message service. The second layer receives and processes the message to update the online/offline status of the agent in a system of record.

Abstract: A method and system for eradicating programmatical errors in engineering programs for a controller device is provided. The method includes capturing, by a processing unit, a plurality of input-output signals associated with a controller device. Further, the method includes simulating, by the processing unit, a plurality of input signals which are predicted to be received by the controller device during a future scan cycle of execution of the engineering program. The method further includes predicting an error state in the controller device in the future scan cycle, by execution of the engineering program in a digital twin of the controller device. The method further includes generating corrected engineering program by application of an Artificial intelligence model on the engineering program.

Abstract: An embodiment method includes performing pilot authentication based on a first challenge-response process with an authentication server, transmitting first flight information to the authentication server, receiving a first authentication token provided in response to verification of the first flight information in the authentication server, transmitting the first authentication token to an aircraft system, receiving a second authentication token from the aircraft system, the second authentication token being transmitted by the aircraft system to the authentication server when authentication for a security manager boarding the aircraft succeeds based on a second challenge-response process performed between the aircraft system and the authentication server, wherein the second authentication token corresponds to that provided to the aircraft system in response to verification by the authentication server for second flight information, and sharing a session key and a message authentication code key with the aircr

Abstract: Disclosed herein is a system and a method of providing access to at least one password protected device (D1-D5) via a password management system (100). The password management system (100) comprises first and second password management servers (200), each comprising a memory for storing an active password and a reserve password. The first and second password management servers (200) communicate the active and reserve passwords via a communication link (220). Either one of the first and second password management servers (200) requests access to the password protected device using the active password stored in the memory, and if the active password does not provide access, requests access using the reserve password.

Abstract: Embodiments of the present disclosure include an information processing apparatus including a processor configured to store an operation history of the information processing apparatus as a log, a first memory configured to store a program to be executed by the processor, a detector configured to detect modification of the program stored in the first memory, a second memory configured to store a recovery program for recovering the program in response to the detector detecting modification of the program, and a third memory configured to store information indicating the modification of the program detected by the detector. The processor stores as the log the information stored in the third memory.

Abstract: An example computer system for authenticating a user in a metaverse can include one or more processors; and non-transitory computer-readable storage media encoding instructions which, when executed by the one or more processors, causes the computer system to: receive an authentication credential from the user; determine whether the authentication credential is valid; upon determining that the authentication credential is valid, update authentication status of the user; and maintain the authentication status of the user across multiple login attempts by the user.

Abstract: Examples described herein relate to converting and printing tags such as radio-frequency identification (“RFID”) tags. An example device can execute an application to be used for the process. The application can receive information associated with a first physical label, including a first product code, a company indication, and a product indication. A GUI associated with the application displays a graphical element representing the first physical label in a second information format different from the first. This second information format incorporates information associated with both the company indication and the product indication. The application generates a new value to be encoded into the memory storage of a second physical label and instructs an encoding device to encode the second physical label with the new value. The application can also instruct that human-readable elements associated with the new value be printed onto the second physical label.

Abstract: Examples described herein include systems and methods for authenticating a voice-activated device. An example method can include receiving, at an application server, a request from a user device to authenticate the voice-activated device. The application server can provide a first temporary key and session ID to the user device. The method can further include communicating the first temporary key from the user device to the voice-activated device, such as by reading it aloud or having the user device communicate the key in some manner. The voice-activated device can then provide the key to the application server, which generates a second temporary key and sends it back to the voice-activated device. The second temporary key can then be transferred to the user device, which closes the loop by providing the key back to the application server. The application server can then authenticate and provide access to the voice-activated device.

Abstract: Methods, systems, and media for providing media guidance are provided.

Abstract: An electronic device and method for authentication of users based on re-entry of passwords is provided. The electronic device retrieves a pre-stored password associated with a user and a predefined number associated with the retrieved pre-stored password. The retrieved predefined number corresponds to a number of times an entry of a correct password is required for an authentication of the user. The electronic device receives a set of user inputs that corresponds to an entered password associated with the user. The electronic device compares, for the number of times associated with the user, the entered password in each user input with the retrieved pre-stored password. The electronic device determines that the entered password in each user input corresponds to the retrieved pre-stored password, based on the comparison. The electronic device authenticates the user based on the determination and controls a display device to render authentication information based on the authentication.

Abstract: The disclosure includes a system and method for detecting liveness including: generating, using one or more processors, a first cue for presentation to a user via a client device, the first cue for inducing a first action when the user is live; receiving, using the one or more processors, a first set of sensor data for a time subsequent to the first cue and representing a user response to the first cue; determining, using the one or more processors, a first liveness signal based on the first set of sensor data; and acting, using the one or more processors, based on the first liveness signal.

Abstract: Password-less authentication and login onto an application are disclosed. A processor extracts Digital Driver's License (DDL) data from a user's computing device; extracts the DDL data of the user from an external database (i.e., DMV); validates the DDL data by comparing with the DDL data from the external database; creates, in response to validating, a DDL secret private key; allows successful registration of the computing device to utilize DDL data for login; and stores the DDL secret private key onto an internal database and a secured environment of the computing device. At login request by the user, when the processor determines that the computing device is successfully registered, it validates the DDL secret private key by comparing with data from the internal database; creates a new DDL secret private key and updates the internal database and the secured environment with the new DDL secret private key for subsequent login.

Abstract: Methods, systems, and computer-readable media (CRM) are disclosed for facilitating the electronic signing of a document. The disclosure includes methods, systems and CRM for performing at least the following: i) identifying an eligible witness electronic device from a signature request initiated by a signor electronic device associated with a signor; ii) verifying the signor electronic device with the witness electronic device based on at least one parameter associated with the signature request before making a document available to the signor electronic device; iii) transmitting the document to the signor electronic device upon verification; and iv) receiving an electronic signature of the signor through the signor electronic device.

Abstract: Methods, systems, and devices for data processing in a computing system are described. The computing system may receive a notification of an update to network security objects hosted in diverse substrates within the computing system. The computing system may retrieve a network security policy for a service instance impacted by the update. The computing system may update the network security policy for the service instance according to a network security configuration of the hosting substrate. The computing system may translate the updated network security policy into access control lists (ACLs) for network entities managing communications between service instances within the computing system. The computing system may store the ACLs in respective data repositories that are accessible to the network entities. The computing system may transmit a notification that the ACLs are available for deployment, thereby causing the network entities to retrieve the ACLs from the respective data repositories.

Abstract: Electronic apparatus and associated network connection establishment methods include after establishing a data channel with a second device, a first device periodically updates a session key, and sends a first session key to the second device through the data channel; the first device establishes a first network channel with the second device; and when a second session key is received within first preset duration through the first network channel, and the second session key is the same as the first session key, the first device sends response information to the second device through the first network channel.

Abstract: The present invention provides a method for message authentication, in particular in case of low of transmission or storage capacities. The present invention further provides corresponding devices for generating or sending authenticated messages and for receiving or retrieving authenticated messages as well as a system comprising such devices. In an embodiment, the method may comprise (a) preparing a data block having an uncompressed length; (b) compressing the data block so that the data block has a compressed length smaller than the uncompressed length; (c) determining an available length from at least the compressed length and a maximum length of a data frame; (d) calculating a message authentication code, MAC, from at least the data block, having a MAC length not greater than the available length; and (e) creating the data frame, comprising the data block and the MAC.

Abstract: The present disclosure provides methods and systems for secure logon. One or more method includes: determining, via authentication information provided by a user of an electronic device, that the user is authorized to access an online account provided by the online account provider; providing the user with a selectable option to enable an expedited logon process by which the user can access the online account by solely providing a particular authentication item of the user; receiving a verification credential in response to a next logon attempt using the expedited logon process; and verifying that the received verification credential matches an assigned verification credential provided to the user for use in conjunction with the next logon attempt using the expedited logon process.

Abstract: We disclose a blockchain e-voting system, where keeping the basic principles of voting does not require trusted-third parties. The system includes at least two vote nodes each having two sets of private and public keys, a voter management node, two smart contract modules, and a blockchain. A voter management node is configured to provide a cryptographic base for public key generation and to pre-register DIDs of vote nodes. A first smart contract module is configured to perform self-identification of vote nodes, encryption of votes, and generation of zero-knowledge proofs for the validity of their results, and to upload all the outputs to a blockchain. For the purpose, a vote node executes the first smart contract module, taking a voting decision, an asserted DID, the two sets of public and private keys as inputs, where one set of keys is for the self-identification, and another set is for the encryption.

Abstract: A method for authenticating a user is provided. The method comprises: providing first biometric enrollment data of the user to a first enrollment system of a plurality of enrollment systems; receiving a first enrollment identifier identifying the first enrollment system; storing the first enrollment identifier identifying the first enrollment system into a digital wallet of the user; in response to a request to access content on a relying party system, providing a biometric marker of the user and the first enrollment identifier from the digital wallet of the user to the relying party system; based on the relying party system identifying the first enrollment system using the first enrollment identifier and verifying the biometric marker of the user with the first enrollment system, accessing the requested content associated with the relying party system.

Abstract: A one-way data migration system may shift authentication data from a legacy database to a current database. The system may include one or more databases, a mobile device, a mobile device processor, a backend server, a backend receiver, a backend processor, and a backend transmitter. The backend transmitter may transmit requests to the mobile device. The backend receiver may receive the usernames and passwords. The backend processor may authenticate the input usernames and passwords using a hash previously stored within a first database. The backend processor may create a current or updated hash for the password. The system may change the underlying pathway from a pathway associated with the hash previously stored within the first database to a current pathway associated with the current hash. A second database may store the current hash. Following storage of the current hash, the processor may flag the username and/or password as migrated.

Abstract: Systems and methods are provided to re-authenticating an electronic device. The systems and methods (1) receive from an electronic device, a request to access a local access network on-board a vehicle, the request including a device identifier of the electronic device; (2) query, using the device identifier, an access profile assigned to the electronic device to determine that the electronic device has previously been authenticated during a first communication session, wherein the access profile is assigned to the electronic device based upon an indication of a user selection received from the electronic device; (3) monitor network usage associated with the electronic device during a second communication session; and (4) automatically re-authenticate the electronic device based on the monitoring.

Abstract: The method 10 for mobile cryptocurrency wallet connectivity can include facilitating a blockchain transaction S100 and establishing an initial connection between a mobile client and a web client S200. The system 20 for mobile cryptocurrency wallet connectivity can include a browser 110, one or more websites 120, a web client 130, a mobile application 140, and a backend server 150.

Abstract: A system and method for cloud native virtual machine (VM) runtime protection. The method includes creating a normal behavior model for a cloud native VM by training a machine learning model using a training data set including training activities performed by the cloud native VM, the cloud native VM being configured to provide at least one service, wherein the normal behavior model defines at least one capability of each service based on a set of capabilities for respective known services stored within a library of service-to-capability mappings, wherein each capability of a service indicates a plurality of discrete behaviors required by the service; and monitoring an execution of the cloud native VM to detect a deviation from the normal behavior model, wherein the deviation is caused by at least one abnormal behavior of one of the services that is not among the discrete behaviors defined in capabilities for the service.

Abstract: A method, a non-transitory computer readable medium, and a computer system for accessing protected resources. The method includes receiving, by a processor, a request from an OpenID-unaware application for access to a protected resource; authenticating, by the processor, the OpenID-unaware application; establishing, by the processor, an OpenID connection with an OpenID relying party upon authentication of the OpenID-unaware application; and receiving, by the processor, an access token issued by an OpenID identity provider for the OpenID-unaware application for access to the protected resource.

Abstract: A network system includes at least one server device and at least one terminal device that accesses any of the at least one server device. The terminal device authenticates a network address between the terminal device and any of the at least one server device and communicates data with any of the at least one server device. When the server device receives a request from the terminal device, it provides a service in accordance with the authenticated network address held by the terminal device that has issued the request.

Abstract: Customers at a premises attempting to connect a new wireless device, such as a mobile phone or tablet to an available wireless network (Wi-Fi), receive network login information such as an Wi-Fi SSID (service set identification) and Password through a system generated equivalent QR code that can then be scanned to automatically connect to the Wi-Fi network. The system receives a request for Wi-Fi settings at a premises, identifies customer equipment associated with the premises, identifies an Wi-Fi SSID (Service Set Identification) and password associated with the customer equipment, generates a QR (Quick Response) code representing the Wi-Fi SSID and password, sends the QR code to one or more devices associated with the premises for display and subsequent scanning at the premises.