Abstract: Techniques for probing for Cobalt Strike TeamServer detection are disclosed. In some embodiments, a system/process/computer program product for probing for Cobalt Strike TeamServer detection includes monitoring HyperText Transfer Protocol (HTTP), HTTPS, and/or Domain Name System (DNS) network traffic at a firewall; prefiltering the monitored HTTP, HTTPS, and/or DNS network traffic at the firewall to select a subset of the HTTP, HTTPS, and/or DNS network traffic to forward to a cloud security service; performing HTTP, HTTPS, and/or DNS probing of a target to detect whether the target is a Cobalt Strike TeamServer; and performing an action in response to detecting that the target is the Cobalt Strike TeamServer.

Abstract: Described herein is a data security system for enabling tokenized access to sensitive data, including a token provider configured to connect to a remote client computing device over a secure communication channel, and cause display, at the remote client computing device, of a token request user interface including a selection form listing sensitive data elements associated with a first data subject. The token provider is also configured to receive a request for an access token, including a user selection of a subset of the sensitive data elements and one or more access authorization parameters, and generate an access token that enables access to only the subset of the sensitive data elements according to the authorization parameters. The token provider also stores the access token in a token database with the one or more authorization parameters, and transmits, to the remote client computing device, a response including the access token.

Abstract: Described herein is a presence service for a cloud-based contact center platform that is designed to facilitate communications between customers and agents over a variety of communication channels. The presence service is designed with a two-layer architecture. A first layer uses a highly scalable, low latency memory cache to store a high volume of message-related data for tracking the temporal connectivity status of agents. When a connection status change is detected for an agent, the first layer publishes an event message to a queue of a distributed streaming message service. The second layer receives and processes the message to update the online/offline status of the agent in a system of record.

Abstract: A method and apparatus for inputting verification information, and a storage medium. The method is performed by a first terminal, and includes: sending, in response to a verification information request operation triggered by a user, a verification information request message to a verification server, where the verification information request message includes user communication identifier information, such that the verification server may generate verification information according to the verification information request message, and send the verification information to a second terminal corresponding to the user communication identifier information; receiving the verification information synchronized with the second terminal; and inputting the verification information into a displayed verification information input page.

Abstract: An embodiment method includes performing pilot authentication based on a first challenge-response process with an authentication server, transmitting first flight information to the authentication server, receiving a first authentication token provided in response to verification of the first flight information in the authentication server, transmitting the first authentication token to an aircraft system, receiving a second authentication token from the aircraft system, the second authentication token being transmitted by the aircraft system to the authentication server when authentication for a security manager boarding the aircraft succeeds based on a second challenge-response process performed between the aircraft system and the authentication server, wherein the second authentication token corresponds to that provided to the aircraft system in response to verification by the authentication server for second flight information, and sharing a session key and a message authentication code key with the aircr

Abstract: A method and system for eradicating programmatical errors in engineering programs for a controller device is provided. The method includes capturing, by a processing unit, a plurality of input-output signals associated with a controller device. Further, the method includes simulating, by the processing unit, a plurality of input signals which are predicted to be received by the controller device during a future scan cycle of execution of the engineering program. The method further includes predicting an error state in the controller device in the future scan cycle, by execution of the engineering program in a digital twin of the controller device. The method further includes generating corrected engineering program by application of an Artificial intelligence model on the engineering program.

Abstract: Embodiments of the present disclosure include an information processing apparatus including a processor configured to store an operation history of the information processing apparatus as a log, a first memory configured to store a program to be executed by the processor, a detector configured to detect modification of the program stored in the first memory, a second memory configured to store a recovery program for recovering the program in response to the detector detecting modification of the program, and a third memory configured to store information indicating the modification of the program detected by the detector. The processor stores as the log the information stored in the third memory.

Abstract: Disclosed herein is a system and a method of providing access to at least one password protected device (D1-D5) via a password management system (100). The password management system (100) comprises first and second password management servers (200), each comprising a memory for storing an active password and a reserve password. The first and second password management servers (200) communicate the active and reserve passwords via a communication link (220). Either one of the first and second password management servers (200) requests access to the password protected device using the active password stored in the memory, and if the active password does not provide access, requests access using the reserve password.

Abstract: An example computer system for authenticating a user in a metaverse can include one or more processors; and non-transitory computer-readable storage media encoding instructions which, when executed by the one or more processors, causes the computer system to: receive an authentication credential from the user; determine whether the authentication credential is valid; upon determining that the authentication credential is valid, update authentication status of the user; and maintain the authentication status of the user across multiple login attempts by the user.

Abstract: Examples described herein include systems and methods for authenticating a voice-activated device. An example method can include receiving, at an application server, a request from a user device to authenticate the voice-activated device. The application server can provide a first temporary key and session ID to the user device. The method can further include communicating the first temporary key from the user device to the voice-activated device, such as by reading it aloud or having the user device communicate the key in some manner. The voice-activated device can then provide the key to the application server, which generates a second temporary key and sends it back to the voice-activated device. The second temporary key can then be transferred to the user device, which closes the loop by providing the key back to the application server. The application server can then authenticate and provide access to the voice-activated device.

Abstract: Examples described herein relate to converting and printing tags such as radio-frequency identification (“RFID”) tags. An example device can execute an application to be used for the process. The application can receive information associated with a first physical label, including a first product code, a company indication, and a product indication. A GUI associated with the application displays a graphical element representing the first physical label in a second information format different from the first. This second information format incorporates information associated with both the company indication and the product indication. The application generates a new value to be encoded into the memory storage of a second physical label and instructs an encoding device to encode the second physical label with the new value. The application can also instruct that human-readable elements associated with the new value be printed onto the second physical label.

Abstract: An electronic device and method for authentication of users based on re-entry of passwords is provided. The electronic device retrieves a pre-stored password associated with a user and a predefined number associated with the retrieved pre-stored password. The retrieved predefined number corresponds to a number of times an entry of a correct password is required for an authentication of the user. The electronic device receives a set of user inputs that corresponds to an entered password associated with the user. The electronic device compares, for the number of times associated with the user, the entered password in each user input with the retrieved pre-stored password. The electronic device determines that the entered password in each user input corresponds to the retrieved pre-stored password, based on the comparison. The electronic device authenticates the user based on the determination and controls a display device to render authentication information based on the authentication.

Abstract: Methods, systems, and media for providing media guidance are provided.

Abstract: Methods, systems, and devices for data processing in a computing system are described. The computing system may receive a notification of an update to network security objects hosted in diverse substrates within the computing system. The computing system may retrieve a network security policy for a service instance impacted by the update. The computing system may update the network security policy for the service instance according to a network security configuration of the hosting substrate. The computing system may translate the updated network security policy into access control lists (ACLs) for network entities managing communications between service instances within the computing system. The computing system may store the ACLs in respective data repositories that are accessible to the network entities. The computing system may transmit a notification that the ACLs are available for deployment, thereby causing the network entities to retrieve the ACLs from the respective data repositories.

Abstract: Password-less authentication and login onto an application are disclosed. A processor extracts Digital Driver's License (DDL) data from a user's computing device; extracts the DDL data of the user from an external database (i.e., DMV); validates the DDL data by comparing with the DDL data from the external database; creates, in response to validating, a DDL secret private key; allows successful registration of the computing device to utilize DDL data for login; and stores the DDL secret private key onto an internal database and a secured environment of the computing device. At login request by the user, when the processor determines that the computing device is successfully registered, it validates the DDL secret private key by comparing with data from the internal database; creates a new DDL secret private key and updates the internal database and the secured environment with the new DDL secret private key for subsequent login.

Abstract: Methods, systems, and computer-readable media (CRM) are disclosed for facilitating the electronic signing of a document. The disclosure includes methods, systems and CRM for performing at least the following: i) identifying an eligible witness electronic device from a signature request initiated by a signor electronic device associated with a signor; ii) verifying the signor electronic device with the witness electronic device based on at least one parameter associated with the signature request before making a document available to the signor electronic device; iii) transmitting the document to the signor electronic device upon verification; and iv) receiving an electronic signature of the signor through the signor electronic device.

Abstract: The disclosure includes a system and method for detecting liveness including: generating, using one or more processors, a first cue for presentation to a user via a client device, the first cue for inducing a first action when the user is live; receiving, using the one or more processors, a first set of sensor data for a time subsequent to the first cue and representing a user response to the first cue; determining, using the one or more processors, a first liveness signal based on the first set of sensor data; and acting, using the one or more processors, based on the first liveness signal.

Abstract: Electronic apparatus and associated network connection establishment methods include after establishing a data channel with a second device, a first device periodically updates a session key, and sends a first session key to the second device through the data channel; the first device establishes a first network channel with the second device; and when a second session key is received within first preset duration through the first network channel, and the second session key is the same as the first session key, the first device sends response information to the second device through the first network channel.

Abstract: The present invention provides a method for message authentication, in particular in case of low of transmission or storage capacities. The present invention further provides corresponding devices for generating or sending authenticated messages and for receiving or retrieving authenticated messages as well as a system comprising such devices. In an embodiment, the method may comprise (a) preparing a data block having an uncompressed length; (b) compressing the data block so that the data block has a compressed length smaller than the uncompressed length; (c) determining an available length from at least the compressed length and a maximum length of a data frame; (d) calculating a message authentication code, MAC, from at least the data block, having a MAC length not greater than the available length; and (e) creating the data frame, comprising the data block and the MAC.

Abstract: The present disclosure provides methods and systems for secure logon. One or more method includes: determining, via authentication information provided by a user of an electronic device, that the user is authorized to access an online account provided by the online account provider; providing the user with a selectable option to enable an expedited logon process by which the user can access the online account by solely providing a particular authentication item of the user; receiving a verification credential in response to a next logon attempt using the expedited logon process; and verifying that the received verification credential matches an assigned verification credential provided to the user for use in conjunction with the next logon attempt using the expedited logon process.

Abstract: We disclose a blockchain e-voting system, where keeping the basic principles of voting does not require trusted-third parties. The system includes at least two vote nodes each having two sets of private and public keys, a voter management node, two smart contract modules, and a blockchain. A voter management node is configured to provide a cryptographic base for public key generation and to pre-register DIDs of vote nodes. A first smart contract module is configured to perform self-identification of vote nodes, encryption of votes, and generation of zero-knowledge proofs for the validity of their results, and to upload all the outputs to a blockchain. For the purpose, a vote node executes the first smart contract module, taking a voting decision, an asserted DID, the two sets of public and private keys as inputs, where one set of keys is for the self-identification, and another set is for the encryption.

Abstract: A method for authenticating a user is provided. The method comprises: providing first biometric enrollment data of the user to a first enrollment system of a plurality of enrollment systems; receiving a first enrollment identifier identifying the first enrollment system; storing the first enrollment identifier identifying the first enrollment system into a digital wallet of the user; in response to a request to access content on a relying party system, providing a biometric marker of the user and the first enrollment identifier from the digital wallet of the user to the relying party system; based on the relying party system identifying the first enrollment system using the first enrollment identifier and verifying the biometric marker of the user with the first enrollment system, accessing the requested content associated with the relying party system.

Abstract: The method 10 for mobile cryptocurrency wallet connectivity can include facilitating a blockchain transaction S100 and establishing an initial connection between a mobile client and a web client S200. The system 20 for mobile cryptocurrency wallet connectivity can include a browser 110, one or more websites 120, a web client 130, a mobile application 140, and a backend server 150.

Abstract: Systems and methods are provided to re-authenticating an electronic device. The systems and methods (1) receive from an electronic device, a request to access a local access network on-board a vehicle, the request including a device identifier of the electronic device; (2) query, using the device identifier, an access profile assigned to the electronic device to determine that the electronic device has previously been authenticated during a first communication session, wherein the access profile is assigned to the electronic device based upon an indication of a user selection received from the electronic device; (3) monitor network usage associated with the electronic device during a second communication session; and (4) automatically re-authenticate the electronic device based on the monitoring.

Abstract: A one-way data migration system may shift authentication data from a legacy database to a current database. The system may include one or more databases, a mobile device, a mobile device processor, a backend server, a backend receiver, a backend processor, and a backend transmitter. The backend transmitter may transmit requests to the mobile device. The backend receiver may receive the usernames and passwords. The backend processor may authenticate the input usernames and passwords using a hash previously stored within a first database. The backend processor may create a current or updated hash for the password. The system may change the underlying pathway from a pathway associated with the hash previously stored within the first database to a current pathway associated with the current hash. A second database may store the current hash. Following storage of the current hash, the processor may flag the username and/or password as migrated.

Abstract: A method, a non-transitory computer readable medium, and a computer system for accessing protected resources. The method includes receiving, by a processor, a request from an OpenID-unaware application for access to a protected resource; authenticating, by the processor, the OpenID-unaware application; establishing, by the processor, an OpenID connection with an OpenID relying party upon authentication of the OpenID-unaware application; and receiving, by the processor, an access token issued by an OpenID identity provider for the OpenID-unaware application for access to the protected resource.

Abstract: A system and method for cloud native virtual machine (VM) runtime protection. The method includes creating a normal behavior model for a cloud native VM by training a machine learning model using a training data set including training activities performed by the cloud native VM, the cloud native VM being configured to provide at least one service, wherein the normal behavior model defines at least one capability of each service based on a set of capabilities for respective known services stored within a library of service-to-capability mappings, wherein each capability of a service indicates a plurality of discrete behaviors required by the service; and monitoring an execution of the cloud native VM to detect a deviation from the normal behavior model, wherein the deviation is caused by at least one abnormal behavior of one of the services that is not among the discrete behaviors defined in capabilities for the service.

Abstract: A network system includes at least one server device and at least one terminal device that accesses any of the at least one server device. The terminal device authenticates a network address between the terminal device and any of the at least one server device and communicates data with any of the at least one server device. When the server device receives a request from the terminal device, it provides a service in accordance with the authenticated network address held by the terminal device that has issued the request.

Abstract: Customers at a premises attempting to connect a new wireless device, such as a mobile phone or tablet to an available wireless network (Wi-Fi), receive network login information such as an Wi-Fi SSID (service set identification) and Password through a system generated equivalent QR code that can then be scanned to automatically connect to the Wi-Fi network. The system receives a request for Wi-Fi settings at a premises, identifies customer equipment associated with the premises, identifies an Wi-Fi SSID (Service Set Identification) and password associated with the customer equipment, generates a QR (Quick Response) code representing the Wi-Fi SSID and password, sends the QR code to one or more devices associated with the premises for display and subsequent scanning at the premises.

Abstract: A system, method, and computer-readable medium for performing a data center monitoring and management operation. The data center monitoring and management operation includes: embedding a unique identifier within a data center asset, the unique identifier including a signed certificate; providing the data center asset to a customer; establishing a secure communication channel between an onboarding system and the data center asset, the secure communication channel using the signed certificate; exchanging information between the onboarding system and the data center asset via the secure communication channel, the information including a data center asset ownership voucher; and, using the data center asset ownership voucher to associate the data center asset to the customer.

Abstract: The present disclosure generally relates to enrolling a biometric feature for use with a peripheral device. While a computer system is connected to an external device, the computer system receives a first request to enroll a biometric feature. In response to receiving the request and in accordance with a determination that the request satisfies a first set of one or more criteria, the computer system displays a user interface object prompting a user to provide an authorization input to one or more input devices physically connected to the computer system. While displaying the first user interface object, the computer system receives user input. In response to receiving the user input and in accordance with a determination that the user input includes the authentication input, the computer system initiates a process to enroll the biometric feature using a biometric sensor that is integrated with the external device.

Abstract: A computer-implemented method for executing a user instruction may include obtaining identification data of a user via a device associated with the user, wherein the identification data comprises at least a password, a user name, and biometric data of the user; determining, via the one or more processors, a login status based on the identification data; demonstrating, to the user, historical account data based on the login status, wherein the historical account data comprises at least historical biometric data associated with one or more historical logins; receiving, via the one or more processors, the user instruction based on the historical account data, wherein the user instruction comprises at least one of revoking a historical login, changing password, or signing out a historical device associated with a historical login of the one or more historical logins; and executing, via the one or more processors, the user instruction.

Abstract: An apparatus comprises a processing device configured to receive, at a web browser from a web-based service running on a web server, a request for signature of one or more messages using at least one cryptographic key pair comprising a public key made accessible to the web-based service running on the web server and a private key maintained in secure storage accessible to the web browser. The processing device is also configured to generate, at the web browser, one or more interface features permitting a given user to accept or deny the request for signature and, responsive to the given user accepting the request for signature of a given message, digitally signing the given message utilizing the private key of the cryptographic key pair. The processing device is further configured to provide, from the web browser to the web-based service, a response comprising the digital signature of the given message.

Abstract: A redundant decentralized microservice architecture, in which each of at least selected some of the microservices is executed multiple times by multiple microservice computing nodes acting as mirror sites after reaching a distributed consensus regarding the correct way/order in which the microservices are to be executed. Clusters of redundant microservice computing nodes work in intra-cluster consensus when responding to remote procedure calls (RPCs) by activating the associated microservices multiple times, and then sending multiple RPCs to additional clusters of redundant microservice computing nodes.

Abstract: Systems for packet handling over a network, the systems including a client device configured to communicate over a network, the client device further including a Multi Tenant Module-Client module (MTM-Client module) having processor-readable instructions to direct at least one client device processor to determine whether a packet is a Synchronize packet and, if so, the MTM-Client module opens a pair of streams with consecutive stream IDs to communicate over the network, and the first stream of the pair carries a 5-tuple and metadata for the communication from the client device, and the second stream of the pair carries the TCP packet for the communication from the client device.

Abstract: A system and method for interacting with a voice-assisted member interface hosted by a provider backend server of a provider using a voice enabled-apparatus hosted by an apparatus vendor separate and distinct from the provider, the voice-enabled apparatus including a microphone unit, a speaker and a processor coupled to the microphone unit and the speaker, the processor configured to cause the voice-enabled apparatus to perform one or more functions in response to audio signals received at the microphone unit.

Abstract: There is disclosed in an example a gateway device, including a hardware computing platform, and a secure domain name system (DNS) engine having circuitry and stored instructions to-program the circuitry, the secure DNS engine to communicatively couple to an endpoint via a local network, begin a secure DNS transaction with the endpoint, determine whether the endpoint supports delegated credentials, and after determining that the endpoint supports delegated credentials, establish a secure DNS session with the endpoint using a delegated credential.

Abstract: This disclosure is directed to devices, systems, and techniques for enforcing access to resources within a computer network. In some examples, a system includes a network managed by a service provider and configured to provide a plurality of microservices to a plurality of tenants each having one or more users and a controller having access to the network. The controller is configured to output, to a user interface, data indicative of a plurality of capabilities for presentation by the user interface and receive, from the user interface, data indicative of a user selection of a set of capabilities and a user selection of a new role identifier. The controller is further configured to create, based on the set of capabilities and the role identifier, a role which enables access to a set of actions within a computer network, the set of actions corresponding to the set of capabilities.

Abstract: Privilege capabilities can be implemented for devices used for container native function (CNF) operations according to some aspects described herein. In one example, a system can receive a request for executing a CNF using a device in a computing cluster. The CNF can involve an operation associated with a privileged capability. The system can determine the CNF is associated with a first credential for the privileged capability based on a data structure that stores process-level capabilities for the CNF and file handle level capabilities for the device. The system can determine the device is associated with a second credential for the privileged capability based on the data structure. In response to determining that the CNF is associated with the first credential and the device is associated with the second credential, the system can execute the CNF using the device in the computing cluster.

Abstract: A network device for providing a LAN GUI to a client device. The network device receives a request for access by the client device to the LAN GUI. The network device analyzes a LAN GUI access whitelist and determines whether the client device is in the LAN GUI access whitelist. The client device is granted access to the LAN GUI without receiving a password from the client device when the client device is determined to be in the LAN GUI access whitelist. An address entry page may be presented to add the MAC address of the client device to the LAN GUI access whitelist and a password page may be presented to display the LAN GUI password. When the client device is not in the LAN GUI access list, a login page is presented for entering the password to obtain access to the LAN GUI.

Abstract: A networking method for a household appliance, a household appliance, and a terminal device are provided. The household appliance is provided with a network module. According to the method, the network module receives router information and the account and the password of a router transmitted by a mobile terminal. The router information contains time-related data required for logging into the router; according to the router information and the account and the password of the router, log into the router.

Abstract: Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key.

Abstract: One or more network communications to discover one or more controllable devices on a network with which a premises automation system is associated is sent automatically. A set of one or more controllable devices on the network is determined based at least in part on a response received from said one or more network communications. An assigned name that is unique within the premises automation system is assigned automatically to each of said set of one or more controllable devices.

Abstract: Aspects of the present disclosure are directed toward systems, methods an apparatuses for hand off of clinical data during a medical event. Certain embodiments of the present disclosure include a first medical device configured to, during a first part of a medical event, monitor a patient and store clinical information and a second medical device. A second medical device may display at least some of the clinical information, modify operation of the second medical device, or store the clinical information.

Abstract: In order to use zero trust network resources distributed across multiple gateways, an agent is deployed on an endpoint of an enterprise network. The agent maps requests for specific applications to corresponding gateways. The agent may also multiplex or otherwise aggregate communications among different network applications and gateways in order to provide seamless, transparent access to the distributed resources at a single endpoint, and/or within a single interface.

Abstract: A data processing system for controlling data access to a secured resource of a distributed system implements receiving, from a first user device of a first user, a first request to access a secured resource and a first security token, the first security token including group information for one or more first access control groups associated with the secured resource of which the first user is a member; accessing group access policy information for groups associated with the secured resource; determining, based on the group information included in the first security token and the group access policy information, that the first user is a member of at least one group that is permitted to access the secured resource; and permitting the first user device of the user to access the secured resource responsive to determining that the first user is a member of at least one group that is permitted to access the secured resource.

Abstract: A communication method for a user terminal and a device terminal to exchange packets through a message broker, comprises the user terminal wrapping a first packet of a first communication protocol into a second packet with a second communication protocol and sending the second packet to the message broker, and the device terminal receiving the second packet from the message broker and obtaining the first packet wrapped in the second packet; or the device terminal wrapping a third packet of the first communication protocol into a fourth packet with the second communication protocol and sending the fourth packet to the message broker, and the user terminal receiving the fourth packet from the message broker and obtaining the third packet wrapped in the fourth packet. The first communication protocol is a communication protocol supported by the device terminal; the second communication protocol is a communication protocol supported by the message broker.

Abstract: A method including transmitting, by an infrastructure device to a user device, an invitation link to enable the user device to receive network services from the infrastructure device; transmitting, by the infrastructure device to the user device based at least in part on the user device activating the invitation link, seed information to be utilized by the user device to determine authentication information; receiving, by the infrastructure device from the user device during an active communication session, a user request related to an action to be performed regarding receiving the network services, the user request being signed based at least in part on utilizing a first portion of the authentication information; and enabling, by the infrastructure device, performance of the action regarding receiving the network services based at least in part on verifying that the communication session is currently active is disclosed. Various other aspects are contemplated.

Abstract: A method including receiving, by a user device from an infrastructure device, an invitation link to enable the user device to receive network services from the infrastructure device; receiving, by the user device from the infrastructure device based on the user device activating the invitation link, seed information to be utilized by the user device to determine authentication information; transmitting, by the user device to the infrastructure device during an active communication session and based on determining the authentication information, a user request related to an action to be performed regarding receiving the network services, a portion of the user request being signed based on utilizing a first portion of the authentication information; and performing, by the user device, the action regarding receiving the network services based on a verification that the communication session is currently active is disclosed. Various other aspects are contemplated.

Abstract: Service information (e.g., enhanced broadcast service (eBCS) information) may be distributed. Service (e.g., eBCS) capabilities may be advertised (e.g., by an access point (AP)), for example, by broadcasting a public action frame. A public action frame may include per-service information. A public action frame may be transmitted on a per service basis. A public action frame may combine authentication information and service information. Enhanced broadcast service origin authentication may be performed on a per service basis (e.g., using origin authentication information to authenticate broadcast data frames for a consumed service). Origin authentication information may be common to frames associated with different services. Services may be consumed without querying a service originating device. Stations (e.g., with and without association with an AP) may report consumption or usage of services, Reporting may be unsolicited or solicited (e.g., in response to a request from an AP).