Abstract: An electronic device and method for authentication of users based on re-entry of passwords is provided. The electronic device retrieves a pre-stored password associated with a user and a predefined number associated with the retrieved pre-stored password. The retrieved predefined number corresponds to a number of times an entry of a correct password is required for an authentication of the user. The electronic device receives a set of user inputs that corresponds to an entered password associated with the user. The electronic device compares, for the number of times associated with the user, the entered password in each user input with the retrieved pre-stored password. The electronic device determines that the entered password in each user input corresponds to the retrieved pre-stored password, based on the comparison. The electronic device authenticates the user based on the determination and controls a display device to render authentication information based on the authentication.

Abstract: Methods, systems, and media for providing media guidance are provided.

Abstract: The disclosure includes a system and method for detecting liveness including: generating, using one or more processors, a first cue for presentation to a user via a client device, the first cue for inducing a first action when the user is live; receiving, using the one or more processors, a first set of sensor data for a time subsequent to the first cue and representing a user response to the first cue; determining, using the one or more processors, a first liveness signal based on the first set of sensor data; and acting, using the one or more processors, based on the first liveness signal.

Abstract: Methods, systems, and computer-readable media (CRM) are disclosed for facilitating the electronic signing of a document. The disclosure includes methods, systems and CRM for performing at least the following: i) identifying an eligible witness electronic device from a signature request initiated by a signor electronic device associated with a signor; ii) verifying the signor electronic device with the witness electronic device based on at least one parameter associated with the signature request before making a document available to the signor electronic device; iii) transmitting the document to the signor electronic device upon verification; and iv) receiving an electronic signature of the signor through the signor electronic device.

Abstract: Password-less authentication and login onto an application are disclosed. A processor extracts Digital Driver's License (DDL) data from a user's computing device; extracts the DDL data of the user from an external database (i.e., DMV); validates the DDL data by comparing with the DDL data from the external database; creates, in response to validating, a DDL secret private key; allows successful registration of the computing device to utilize DDL data for login; and stores the DDL secret private key onto an internal database and a secured environment of the computing device. At login request by the user, when the processor determines that the computing device is successfully registered, it validates the DDL secret private key by comparing with data from the internal database; creates a new DDL secret private key and updates the internal database and the secured environment with the new DDL secret private key for subsequent login.

Abstract: Methods, systems, and devices for data processing in a computing system are described. The computing system may receive a notification of an update to network security objects hosted in diverse substrates within the computing system. The computing system may retrieve a network security policy for a service instance impacted by the update. The computing system may update the network security policy for the service instance according to a network security configuration of the hosting substrate. The computing system may translate the updated network security policy into access control lists (ACLs) for network entities managing communications between service instances within the computing system. The computing system may store the ACLs in respective data repositories that are accessible to the network entities. The computing system may transmit a notification that the ACLs are available for deployment, thereby causing the network entities to retrieve the ACLs from the respective data repositories.

Abstract: The present invention provides a method for message authentication, in particular in case of low of transmission or storage capacities. The present invention further provides corresponding devices for generating or sending authenticated messages and for receiving or retrieving authenticated messages as well as a system comprising such devices. In an embodiment, the method may comprise (a) preparing a data block having an uncompressed length; (b) compressing the data block so that the data block has a compressed length smaller than the uncompressed length; (c) determining an available length from at least the compressed length and a maximum length of a data frame; (d) calculating a message authentication code, MAC, from at least the data block, having a MAC length not greater than the available length; and (e) creating the data frame, comprising the data block and the MAC.

Abstract: Electronic apparatus and associated network connection establishment methods include after establishing a data channel with a second device, a first device periodically updates a session key, and sends a first session key to the second device through the data channel; the first device establishes a first network channel with the second device; and when a second session key is received within first preset duration through the first network channel, and the second session key is the same as the first session key, the first device sends response information to the second device through the first network channel.

Abstract: The present disclosure provides methods and systems for secure logon. One or more method includes: determining, via authentication information provided by a user of an electronic device, that the user is authorized to access an online account provided by the online account provider; providing the user with a selectable option to enable an expedited logon process by which the user can access the online account by solely providing a particular authentication item of the user; receiving a verification credential in response to a next logon attempt using the expedited logon process; and verifying that the received verification credential matches an assigned verification credential provided to the user for use in conjunction with the next logon attempt using the expedited logon process.

Abstract: A method for authenticating a user is provided. The method comprises: providing first biometric enrollment data of the user to a first enrollment system of a plurality of enrollment systems; receiving a first enrollment identifier identifying the first enrollment system; storing the first enrollment identifier identifying the first enrollment system into a digital wallet of the user; in response to a request to access content on a relying party system, providing a biometric marker of the user and the first enrollment identifier from the digital wallet of the user to the relying party system; based on the relying party system identifying the first enrollment system using the first enrollment identifier and verifying the biometric marker of the user with the first enrollment system, accessing the requested content associated with the relying party system.

Abstract: We disclose a blockchain e-voting system, where keeping the basic principles of voting does not require trusted-third parties. The system includes at least two vote nodes each having two sets of private and public keys, a voter management node, two smart contract modules, and a blockchain. A voter management node is configured to provide a cryptographic base for public key generation and to pre-register DIDs of vote nodes. A first smart contract module is configured to perform self-identification of vote nodes, encryption of votes, and generation of zero-knowledge proofs for the validity of their results, and to upload all the outputs to a blockchain. For the purpose, a vote node executes the first smart contract module, taking a voting decision, an asserted DID, the two sets of public and private keys as inputs, where one set of keys is for the self-identification, and another set is for the encryption.

Abstract: The method 10 for mobile cryptocurrency wallet connectivity can include facilitating a blockchain transaction S100 and establishing an initial connection between a mobile client and a web client S200. The system 20 for mobile cryptocurrency wallet connectivity can include a browser 110, one or more websites 120, a web client 130, a mobile application 140, and a backend server 150.

Abstract: Systems and methods are provided to re-authenticating an electronic device. The systems and methods (1) receive from an electronic device, a request to access a local access network on-board a vehicle, the request including a device identifier of the electronic device; (2) query, using the device identifier, an access profile assigned to the electronic device to determine that the electronic device has previously been authenticated during a first communication session, wherein the access profile is assigned to the electronic device based upon an indication of a user selection received from the electronic device; (3) monitor network usage associated with the electronic device during a second communication session; and (4) automatically re-authenticate the electronic device based on the monitoring.

Abstract: A one-way data migration system may shift authentication data from a legacy database to a current database. The system may include one or more databases, a mobile device, a mobile device processor, a backend server, a backend receiver, a backend processor, and a backend transmitter. The backend transmitter may transmit requests to the mobile device. The backend receiver may receive the usernames and passwords. The backend processor may authenticate the input usernames and passwords using a hash previously stored within a first database. The backend processor may create a current or updated hash for the password. The system may change the underlying pathway from a pathway associated with the hash previously stored within the first database to a current pathway associated with the current hash. A second database may store the current hash. Following storage of the current hash, the processor may flag the username and/or password as migrated.

Abstract: A method, a non-transitory computer readable medium, and a computer system for accessing protected resources. The method includes receiving, by a processor, a request from an OpenID-unaware application for access to a protected resource; authenticating, by the processor, the OpenID-unaware application; establishing, by the processor, an OpenID connection with an OpenID relying party upon authentication of the OpenID-unaware application; and receiving, by the processor, an access token issued by an OpenID identity provider for the OpenID-unaware application for access to the protected resource.

Abstract: A system and method for cloud native virtual machine (VM) runtime protection. The method includes creating a normal behavior model for a cloud native VM by training a machine learning model using a training data set including training activities performed by the cloud native VM, the cloud native VM being configured to provide at least one service, wherein the normal behavior model defines at least one capability of each service based on a set of capabilities for respective known services stored within a library of service-to-capability mappings, wherein each capability of a service indicates a plurality of discrete behaviors required by the service; and monitoring an execution of the cloud native VM to detect a deviation from the normal behavior model, wherein the deviation is caused by at least one abnormal behavior of one of the services that is not among the discrete behaviors defined in capabilities for the service.

Abstract: Customers at a premises attempting to connect a new wireless device, such as a mobile phone or tablet to an available wireless network (Wi-Fi), receive network login information such as an Wi-Fi SSID (service set identification) and Password through a system generated equivalent QR code that can then be scanned to automatically connect to the Wi-Fi network. The system receives a request for Wi-Fi settings at a premises, identifies customer equipment associated with the premises, identifies an Wi-Fi SSID (Service Set Identification) and password associated with the customer equipment, generates a QR (Quick Response) code representing the Wi-Fi SSID and password, sends the QR code to one or more devices associated with the premises for display and subsequent scanning at the premises.

Abstract: A system, method, and computer-readable medium for performing a data center monitoring and management operation. The data center monitoring and management operation includes: embedding a unique identifier within a data center asset, the unique identifier including a signed certificate; providing the data center asset to a customer; establishing a secure communication channel between an onboarding system and the data center asset, the secure communication channel using the signed certificate; exchanging information between the onboarding system and the data center asset via the secure communication channel, the information including a data center asset ownership voucher; and, using the data center asset ownership voucher to associate the data center asset to the customer.

Abstract: A network system includes at least one server device and at least one terminal device that accesses any of the at least one server device. The terminal device authenticates a network address between the terminal device and any of the at least one server device and communicates data with any of the at least one server device. When the server device receives a request from the terminal device, it provides a service in accordance with the authenticated network address held by the terminal device that has issued the request.

Abstract: The present disclosure generally relates to enrolling a biometric feature for use with a peripheral device. While a computer system is connected to an external device, the computer system receives a first request to enroll a biometric feature. In response to receiving the request and in accordance with a determination that the request satisfies a first set of one or more criteria, the computer system displays a user interface object prompting a user to provide an authorization input to one or more input devices physically connected to the computer system. While displaying the first user interface object, the computer system receives user input. In response to receiving the user input and in accordance with a determination that the user input includes the authentication input, the computer system initiates a process to enroll the biometric feature using a biometric sensor that is integrated with the external device.

Abstract: A computer-implemented method for executing a user instruction may include obtaining identification data of a user via a device associated with the user, wherein the identification data comprises at least a password, a user name, and biometric data of the user; determining, via the one or more processors, a login status based on the identification data; demonstrating, to the user, historical account data based on the login status, wherein the historical account data comprises at least historical biometric data associated with one or more historical logins; receiving, via the one or more processors, the user instruction based on the historical account data, wherein the user instruction comprises at least one of revoking a historical login, changing password, or signing out a historical device associated with a historical login of the one or more historical logins; and executing, via the one or more processors, the user instruction.

Abstract: A redundant decentralized microservice architecture, in which each of at least selected some of the microservices is executed multiple times by multiple microservice computing nodes acting as mirror sites after reaching a distributed consensus regarding the correct way/order in which the microservices are to be executed. Clusters of redundant microservice computing nodes work in intra-cluster consensus when responding to remote procedure calls (RPCs) by activating the associated microservices multiple times, and then sending multiple RPCs to additional clusters of redundant microservice computing nodes.

Abstract: An apparatus comprises a processing device configured to receive, at a web browser from a web-based service running on a web server, a request for signature of one or more messages using at least one cryptographic key pair comprising a public key made accessible to the web-based service running on the web server and a private key maintained in secure storage accessible to the web browser. The processing device is also configured to generate, at the web browser, one or more interface features permitting a given user to accept or deny the request for signature and, responsive to the given user accepting the request for signature of a given message, digitally signing the given message utilizing the private key of the cryptographic key pair. The processing device is further configured to provide, from the web browser to the web-based service, a response comprising the digital signature of the given message.

Abstract: Systems for packet handling over a network, the systems including a client device configured to communicate over a network, the client device further including a Multi Tenant Module-Client module (MTM-Client module) having processor-readable instructions to direct at least one client device processor to determine whether a packet is a Synchronize packet and, if so, the MTM-Client module opens a pair of streams with consecutive stream IDs to communicate over the network, and the first stream of the pair carries a 5-tuple and metadata for the communication from the client device, and the second stream of the pair carries the TCP packet for the communication from the client device.

Abstract: A system and method for interacting with a voice-assisted member interface hosted by a provider backend server of a provider using a voice enabled-apparatus hosted by an apparatus vendor separate and distinct from the provider, the voice-enabled apparatus including a microphone unit, a speaker and a processor coupled to the microphone unit and the speaker, the processor configured to cause the voice-enabled apparatus to perform one or more functions in response to audio signals received at the microphone unit.

Abstract: There is disclosed in an example a gateway device, including a hardware computing platform, and a secure domain name system (DNS) engine having circuitry and stored instructions to-program the circuitry, the secure DNS engine to communicatively couple to an endpoint via a local network, begin a secure DNS transaction with the endpoint, determine whether the endpoint supports delegated credentials, and after determining that the endpoint supports delegated credentials, establish a secure DNS session with the endpoint using a delegated credential.

Abstract: This disclosure is directed to devices, systems, and techniques for enforcing access to resources within a computer network. In some examples, a system includes a network managed by a service provider and configured to provide a plurality of microservices to a plurality of tenants each having one or more users and a controller having access to the network. The controller is configured to output, to a user interface, data indicative of a plurality of capabilities for presentation by the user interface and receive, from the user interface, data indicative of a user selection of a set of capabilities and a user selection of a new role identifier. The controller is further configured to create, based on the set of capabilities and the role identifier, a role which enables access to a set of actions within a computer network, the set of actions corresponding to the set of capabilities.

Abstract: Privilege capabilities can be implemented for devices used for container native function (CNF) operations according to some aspects described herein. In one example, a system can receive a request for executing a CNF using a device in a computing cluster. The CNF can involve an operation associated with a privileged capability. The system can determine the CNF is associated with a first credential for the privileged capability based on a data structure that stores process-level capabilities for the CNF and file handle level capabilities for the device. The system can determine the device is associated with a second credential for the privileged capability based on the data structure. In response to determining that the CNF is associated with the first credential and the device is associated with the second credential, the system can execute the CNF using the device in the computing cluster.

Abstract: A network device for providing a LAN GUI to a client device. The network device receives a request for access by the client device to the LAN GUI. The network device analyzes a LAN GUI access whitelist and determines whether the client device is in the LAN GUI access whitelist. The client device is granted access to the LAN GUI without receiving a password from the client device when the client device is determined to be in the LAN GUI access whitelist. An address entry page may be presented to add the MAC address of the client device to the LAN GUI access whitelist and a password page may be presented to display the LAN GUI password. When the client device is not in the LAN GUI access list, a login page is presented for entering the password to obtain access to the LAN GUI.

Abstract: A networking method for a household appliance, a household appliance, and a terminal device are provided. The household appliance is provided with a network module. According to the method, the network module receives router information and the account and the password of a router transmitted by a mobile terminal. The router information contains time-related data required for logging into the router; according to the router information and the account and the password of the router, log into the router.

Abstract: Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key.

Abstract: One or more network communications to discover one or more controllable devices on a network with which a premises automation system is associated is sent automatically. A set of one or more controllable devices on the network is determined based at least in part on a response received from said one or more network communications. An assigned name that is unique within the premises automation system is assigned automatically to each of said set of one or more controllable devices.

Abstract: Aspects of the present disclosure are directed toward systems, methods an apparatuses for hand off of clinical data during a medical event. Certain embodiments of the present disclosure include a first medical device configured to, during a first part of a medical event, monitor a patient and store clinical information and a second medical device. A second medical device may display at least some of the clinical information, modify operation of the second medical device, or store the clinical information.

Abstract: In order to use zero trust network resources distributed across multiple gateways, an agent is deployed on an endpoint of an enterprise network. The agent maps requests for specific applications to corresponding gateways. The agent may also multiplex or otherwise aggregate communications among different network applications and gateways in order to provide seamless, transparent access to the distributed resources at a single endpoint, and/or within a single interface.

Abstract: A data processing system for controlling data access to a secured resource of a distributed system implements receiving, from a first user device of a first user, a first request to access a secured resource and a first security token, the first security token including group information for one or more first access control groups associated with the secured resource of which the first user is a member; accessing group access policy information for groups associated with the secured resource; determining, based on the group information included in the first security token and the group access policy information, that the first user is a member of at least one group that is permitted to access the secured resource; and permitting the first user device of the user to access the secured resource responsive to determining that the first user is a member of at least one group that is permitted to access the secured resource.

Abstract: A communication method for a user terminal and a device terminal to exchange packets through a message broker, comprises the user terminal wrapping a first packet of a first communication protocol into a second packet with a second communication protocol and sending the second packet to the message broker, and the device terminal receiving the second packet from the message broker and obtaining the first packet wrapped in the second packet; or the device terminal wrapping a third packet of the first communication protocol into a fourth packet with the second communication protocol and sending the fourth packet to the message broker, and the user terminal receiving the fourth packet from the message broker and obtaining the third packet wrapped in the fourth packet. The first communication protocol is a communication protocol supported by the device terminal; the second communication protocol is a communication protocol supported by the message broker.

Abstract: A method including transmitting, by an infrastructure device to a user device, an invitation link to enable the user device to receive network services from the infrastructure device; transmitting, by the infrastructure device to the user device based at least in part on the user device activating the invitation link, seed information to be utilized by the user device to determine authentication information; receiving, by the infrastructure device from the user device during an active communication session, a user request related to an action to be performed regarding receiving the network services, the user request being signed based at least in part on utilizing a first portion of the authentication information; and enabling, by the infrastructure device, performance of the action regarding receiving the network services based at least in part on verifying that the communication session is currently active is disclosed. Various other aspects are contemplated.

Abstract: A method including receiving, by a user device from an infrastructure device, an invitation link to enable the user device to receive network services from the infrastructure device; receiving, by the user device from the infrastructure device based on the user device activating the invitation link, seed information to be utilized by the user device to determine authentication information; transmitting, by the user device to the infrastructure device during an active communication session and based on determining the authentication information, a user request related to an action to be performed regarding receiving the network services, a portion of the user request being signed based on utilizing a first portion of the authentication information; and performing, by the user device, the action regarding receiving the network services based on a verification that the communication session is currently active is disclosed. Various other aspects are contemplated.

Abstract: Service information (e.g., enhanced broadcast service (eBCS) information) may be distributed. Service (e.g., eBCS) capabilities may be advertised (e.g., by an access point (AP)), for example, by broadcasting a public action frame. A public action frame may include per-service information. A public action frame may be transmitted on a per service basis. A public action frame may combine authentication information and service information. Enhanced broadcast service origin authentication may be performed on a per service basis (e.g., using origin authentication information to authenticate broadcast data frames for a consumed service). Origin authentication information may be common to frames associated with different services. Services may be consumed without querying a service originating device. Stations (e.g., with and without association with an AP) may report consumption or usage of services, Reporting may be unsolicited or solicited (e.g., in response to a request from an AP).

Abstract: A system includes a processor configured to determine a driver identity. The processor is also configured to receive a request for a change to a driving mode and responsive to the request, enable or deny the driving mode based on mode-correlation to one of a predefined set of permissible driving modes pre-associated with the driver identity.

Abstract: This disclosure includes utilizing a token cryptogram with a browser to facilitate a transaction. A webpage of a website is configured to accept a token cryptogram in fields of the webpage. The webpage of the website may indicate that it is token-aware and is configured to accept the token cryptograms.

Abstract: A third-party server, delegated by organizations to manage application environment, may maintain a plurality of guided workflow plans. At least one of the guided workflow plans may include one or more steps associated with setting up an interaction control policy. The third-party server may receive an interaction report associated with the organization. The interaction report may include metadata of one or more devices that interacted with other devices. The third-party server may identify a particular device to which existing interaction control policies of the organization are inapplicable. The third-party server may search for additional out-of-band information of the particular device using the metadata in the interaction report. The third-party server may select an applicable guided workflow plan for setting up an applicable interaction control policy for the particular device. A guided workflow may be presented via a graphical user interface according to the applicable guided workflow plan.

Abstract: Systems and methods for executing sequential suboperations over multiple communication networks. In some aspects, the system receives, via a first communication network, from an external system, an operation related to an aggregated virtual container. The system generates sequential suboperations including a first suboperation associated with a provider of the aggregated virtual container and the external system and a second suboperation associated with the user and the provider of the aggregated virtual container. If the first suboperation is executed successfully, the system transmits the second suboperation to a user system associated with the aggregated virtual container. If the second suboperation is executed successfully, the system generates a first message indicating that the operation has been executed and transmits the first message via the first communication network to the external system.

Abstract: Embodiments of the present disclosure are directed to dynamic shadow operations configured to dynamically shadow data-plane resources in a network device. In some embodiments, the dynamic resource shadow operations are used to locally maintain a shadow copy of data plane resources to avoid having to read them through a bus interconnect. In other embodiments, the dynamic shadow framework is used to provide memory protection for hardware resources against SEU failures. The dynamic shadow framework may operate in conjunction with adaptive memory scrubbing operations. In other embodiments, the dynamic shadow infrastructure is used to facilitate fast boot-up and fast upgrade operations.

Abstract: A system for managing an authorization for a vehicle includes a vehicle-based memory module, and a communication module. The memory module includes a key list containing a multiplicity of entries for a multiplicity of digital keys, which can be allocated to individual users via a first electronic apparatus. Each digital key represents a vehicle authorization for a user, and each entry in the key list is assigned a unique identifier. The communication module is configured to transfer from the vehicle to the first electronic apparatus at least one identifier assigned to an unallocated entry in the key list.

Abstract: A geo-locations software management utility provides a method and system for passive authentication of an individual's geo-location via a communication network and for user authenticating images and video and social media content. Specifically a communication network based non-fungible token creation platform with integrated creator biometric authentication is disclosed.

Abstract: Disclosed are various approaches for generating a device posture token corresponding to a client device. The device posture token can be used by a verification computing device to determine whether the client device complies with the security policies of a particular facility.

Abstract: A method includes for a plurality of devices, each of the plurality of devices having access to a first video stream from at least one of a plurality of streamers of the first video stream, confirming authorization to access the first video stream from one of the plurality of streamers of the first video stream, selecting a first streamer from the plurality of the streamers, receiving the first video stream from the first streamer, transmitting the first video stream to the plurality of devices having confirmed authorization.

Abstract: Disclosed methods include receiving, by a system, a request from a computing device for an information exchange between a first entity and a second entity, and then generating a first token request for a cryptographic token to be authorized to enable the exchange. In response to receiving an indication that authorization was declined, the system may cause the computing device to identify a different cryptographic token of a connected application. The different cryptographic token may be usable by the connected application to authenticate the first entity to a computer service associated with the connected application. The system may communicate with the computer service to approve use of the different cryptographic token by the system, and then generate a second token request for a substitute cryptographic token using information from the different cryptographic token. The system may complete, using the substitute cryptographic token, the exchange between the first and entities.

Abstract: Secured data access in virtual data processing is described. An example includes instructions to receive a request from an application in a compute node of a compute cluster in a virtual data processing environment to access a secured data source for a user, the virtual data processing environment including a multiple secured data sources that are accessible by compute nodes of the virtual compute cluster; fetch a credential in a current application context and forward the credential for validation; validate the credential with a credential authority; and, upon successfully validating the credential, authenticate the user at the secured data source and establish a connection with the secured data source.