Abstract: The present disclosure relates to an authentication method of a first device by a second device, each first, second device having a processor, at least one memory, and an authentication circuit, in which the authentication circuit is configured to prohibit the processor from reading data stored in at least part of said memory. The authenticating includes generating a first datum, and a second datum. The second device verifies that the first and second data match.

Abstract: The present disclosure provides a method of facilitating authenticating of users. Further, the method includes initiating, using a processing device, an authentication session for a user for an authentication instance. Further, the method includes identifying, using the processing device, authentication prompts for the authenticating of the user based on the initiating. Further, the method includes transmitting, using a communication device, the authentication prompts to user devices. Further, the method includes receiving, using the communication device, data in response to the authentication prompts from the user devices. Further, the method includes analyzing, using the processing device, the data using machine learning models. Further, the method includes generating, using the processing device, an authentication status for the user based on the analyzing. Further, the method includes terminating, using the processing device, the authentication session based on the generating.

Abstract: This application provides a data storage method which is applied to a data storage device and includes: acquiring a first user identification and first user data of a first user; determining, from at least two preset distributed hosts in different areas, a first identification distributed host corresponding to the first user identification and a first data distributed host corresponding to the first user data; sending the first user identification to the first identification distributed host, so that the first identification distributed host stores the first user identification, and generates and stores a first identity identification corresponding to the first user identification; receiving the first identity identification; and sending the first identity identification and the first user data to the first data distributed host, so that the first data distributed host stores them in an associated manner.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for extending application access across devices. In some implementations, an electronic device receives a request to provide access to the electronic device to a particular user that is not registered as a user of the electronic device. The electronic device receives authentication credentials for the particular user. The electronic device provides the authentication credentials to a server system and receives data from the server system that (i) indicates that the providing access to the electronic device in a guest mode is authorized, and (ii) indicates a state of an instance of an application installed on a second device. The electronic device provides access to the electronic device in the guest mode that provides an interface that at least partially recreates the state of the instance of the application installed on the second device.

Abstract: A computerized method electronically verifies identity data of a customer by requesting the customer to provide identity data from a customer identification document during a financial transaction. The method updates an identity profile of the customer by combining the received portion of identity data with different portions of previously received identity data that were previously received from different merchants during different transactions between the customer and the different merchants. The method compares the identity profile to the unverified identity data of the customer when a number of transactions with the account is greater than a first transaction threshold, and approves the financial transaction when the identity profile matches the unverified identity data.

Abstract: Mechanisms are provided to allow efficient delivery of content through a content delivery network (CDN) without taxing an origin server while maintaining fine grained location based access control. Requests to a CDN are augmented with quantized and non-quantized versions of location information. A CDN can use quantized location information in a URI to identify and return content if content corresponding to the URI is available in cache. If the content is not available in cache, the CDN can contact an origin server to obtain a result for the request using non-quantized location information. The origin server examines the non-quantized location information to determine whether to respond to the client request with content. The origin server examines the area corresponding to the quantized location information to determine whether the content should be cached at the CDN.

Abstract: Systems and methods are disclosed for monitoring, evaluating protection against, improving protection against, and simulating phishing threats. Network usage information for users of an organization can be leveraged to determine user-specific network behavior information. This user-specific network behavior information can then be leveraged to better identify incoming threats as well as generate and deploy user-specific phishing lures. Phishing simulation campaigns can be conducted, including by implementing variations in how the phishing lures are presented. Such campaigns can be scored to determine how different presentation variations perform. User-specific phishing lures can be generated using user environment information collected by an agent running on the user's device. Alerts informing users of potential threats can be dynamically updated with different presentation parameters to improve performance.

Abstract: A system to access one or more user profiles that govern one or more vehicle functions. The system cooperates with a processor and verification module which are adapted to verify, using one or more of biometric information, gesture recognition, facial recognition and device identification information, that a user has authority to access the one or more user profiles, where the one or more profiles are stored in one or more of a vehicle, a cloud and a communications device. An edit module is further provided and adapted to allow the user to make one or more edits to the one or more user profiles.

Abstract: An apparatus and method for device security, wherein a fingerprint image is acquired on a touchscreen, and an authentication process is performed based on the first fingerprint image. Thereafter, a second fingerprint image is acquired and a difference between a characteristic of the first and second fingerprint images is determined, and based upon whether this difference is greater than a threshold, a second authentication process is performed.

Abstract: Systems and methods are provided for use in identifying synthetic identities. One example method includes receiving a request from a relying party for an identity asserted by a user to the relying party, where the request includes identity data indicative of the identity, feature data associated with the user asserting the identity, and a device ID for a communication device of the user. The method also includes calculating a fraud profile score, based on the identity data and a data structure of known fraud profiles, and aggregating the fraud profile score and at least one of a device behavior score, a user profile score, and/or an exposure behavior score into a metric indicative of a likelihood that the identity asserted by the user is a synthetic identity. The method then includes transmitting the metric to the relying party.

Abstract: A method for inferring intent and discrepancies in a label coding scheme is described. The method includes compiling data indicating how one or more individuals labeled unstructured content according to the label coding scheme comprising a plurality of labels. The method also includes analyzing a context associated with a content labeled in a particular manner by the one or more individuals. The method further includes detecting discrepancies of meaning for a particular label used by the one or more individuals. The method also includes inferring a strategic thinking of the one or more individuals associated with the discrepancies of meaning detected for the particular label. The method further includes displaying recorded metadata associated with the strategic thinking and the discrepancies of meaning detected for the particular label between the one or more individuals regarding a coded dataset.

Abstract: In an embodiment, systems, methods, and computer-readable mediums for creating applications that issue and verify verifiable credentials are provided. An issuer may desire to create a verifiable credential for certain parties which attest to some fact about which the issuer can speak authoritatively. The issuer provides information about the desired verifiable credential to a credential creating application that creates verification information for the verifiable credential and publishes the verification information to a public datastore such as a blockchain or distributed ledger. The creation application then creates a first application that can be used by the issuer to generate verifiable credentials according to the provided structure and purpose, and a second application that can be used by the verifiers to verify any credentials that they receive from holders using the published verification information. The verifiers may provide some benefit to the holders in response to verifying the credentials.

Abstract: A computer-implemented method executed using a first networked computer and comprising receiving a digitally stored workflow pattern that specifies at least an input data source, a data transformation process, an output data destination, a data quality assertion and a data quality source; the workflow pattern comprising a structured plurality of name declarations and value specifications that are human readable and machine readable; the data transformation process specified in the workflow pattern including one or more references to processing logic, a processing logic source outside the workflow pattern at which the processing logic is stored, and one or more available process engines that are capable of processing the processing logic; machine parsing the workflow pattern and dividing the workflow pattern into a plurality of execution units, each execution unit being associated with a particular process engine among the one or more available process engines; accessing the input data source specified in the

Abstract: Provided are a data processing method and apparatus for a Passive Optical Network (PON) system and a PON system. The method includes: a first partial bandwidth is allocated to a first Optical Network Unit (ONU) within a first time window, the first ONU having completed registration and being in a working state; and a first data frame from the first ONU is received within a time corresponding to the first partial bandwidth, and a second data frame from a second ONU is detected within the first time window, the second ONU having not completed registration.

Abstract: Systems, methods, and other embodiments for decentralized identity with user biometrics are presented herein. In one embodiment, a method includes, in response to a request to access resources of a cloud service provider by a computing device, transmitting a request for a biometric private key to a mobile device associated with a user; in response to receiving the biometric private key, submitting the biometric private key for validation against a blockchain associated with the user and the mobile device; adding a record of the results of the validation to the blockchain; and controlling access to the resources of the cloud service provider based on the record in the blockchain by (i) denying access where the record indicates that validation has failed (ii) granting access where the record indicates that validation has succeeded.

Abstract: Techniques described herein are used to support cross platform data sharing, access, and management between a communication process flow management platform and a communication platform. Specifically, techniques described herein interaction with a communication process flow from a communication platform. The communication process flow management platform may receive, from a communication platform, a request comprising an indication of an action associated with a communication process flow that controls electronic communications between a tenant of a multitenant system and a set of users corresponding to the tenant. The communication process flow management platform may authenticate the request and perform the action that changes the schedule associated with the electronic communications.

Abstract: The disclosed technology teaches aggregating 3rd-party risk measures during an authentication journey, including providing a risk measure aggregation node, a JSON transform, and a configuration for 3rd-party risk measures to request. Responsive to invocation of the risk measure aggregation node during the authentication journey, the method includes setting a timer for receipt of a configured 3rd-party risk measure, wherein expiration of the timer causes the risk measure aggregation node to stop waiting for a timed-out 3rd party risk measure provider and requesting the configured 3rd-party risk measures. Upon receiving at least some of the requested 3rd-party risk measures, included is applying the JSON transform to aggregate the returned 3rd-party risk measures into an aggregate score, and the risk measure aggregation node providing to another node in the authentication journey an aggregated score taking into account the configured 3rd-party risk measures received prior to expiration of the timer.

Abstract: The disclosed apparatus comprises means for performing storing location information of one or more fixed-line user equipment operating in an internet protocol multimedia subsystem. In response to an update of location information at the apparatus for one or more of the fixed-line user equipment, the apparatus comprises means for sending a message to a serving call state control function serving the one or more fixed-line user equipment. The message indicates a location update of the one or more fixed-line user equipment whose location information has been updated at the apparatus.

Abstract: During web browsing, a plurality of web entities associated with browsing activity of a first browsing identity of a first user are received. One or more of the plurality of web entities are selected for sharing. Further, one or more subscriber browsing identities associated with the first browsing identity are selected based on one or more associated trust relationships, and the selected web entities are sent to the selected subscriber browsing identities. The disclosure enhances social interaction and collaborative aspects of web browsing with respect to web browsing activity, enabling users to share browsing activity easily.

Abstract: The present techniques generally relate to a computer implemented method of accessing a remote resource by an internet-connectable device, the method comprising: receiving, at the device from the bootstrap server, a first plurality of identifiers each identifier associated with a respective connectivity server; selecting, at the device, a first identifier from the first plurality of identifiers; authenticating with a first connectivity server associated with the selected first identifier.

Abstract: A system, method and one or more wireless earpieces for authenticating utilization of one or more wireless earpieces. A request is received through the one or more wireless earpieces. Biometric readings are performed for a user utilizing sensors of the one or more wireless earpieces. The biometric readings are analyzed to determine whether a biometric profile authorizes the one or more wireless earpieces to fulfill the request. The request is authenticated in response to determining the biometric profile authorizes fulfillment of the request.

Abstract: An information handling system may include at least one processor and a memory. The information handling system may be configured to: host a container; execute a containerized application within the container, wherein the containerized application executes with privileges associated with a container-internal user; determine an association between the container-internal user and a host user associated with an operating system external to the container, wherein the determining is based on a cache that maintains a mapping between container-internal users and host users; and grant privileges to the containerized application based on the host user.

Abstract: A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory and configured to protect against theft of user credentials. The at least one processor is further configured to recognize a uniform resource locator (URL) to which a web browser is navigating, as a URL for which protection is to be provided. The recognition is based on an absence of the URL from a history of visited URLs for which a password has been entered. The at least one processor is further configured to extract a character sequence of selected length that is entered into a field of a website associated with the recognized URL; compare an encryption of the character sequence to entries in a list of encrypted partial passwords of the same selected length; and perform a security action in response to a match resulting from the comparison.

Abstract: This disclosure describes techniques for threat detection within access control systems having multiple entitlement repositories. An example system includes a first entitlement repository, a second entitlement repository, a third entitlement repository, and a server. The server, in response to receiving an access request to access a service on a network, queries the first, second, and third entitlement repositories based on access characteristics of a user associated with the access request and receives responses from the first, second, and third entitlement repositories. When the responses from the first, second, and third entitlement repositories all match, the server provides authorization for the user to access the service in accordance with the responses.

Abstract: Systems and methods for error detection for an address channel are disclosed. The method includes generating a token, applying the token to a request at a source, and generating a first result. The request with the first result is transmitted to a destination over the address channel. A determination is made, at the destination, whether an error associated with the request has occurred. The determining whether the error has occurred includes: receiving a received request corresponding to the request over the address channel; receiving the first result with the received request; applying the token to the received request and generating a second result; comparing the first result with the second result; and transmitting a signal in response to the comparing.

Abstract: Systems and methods are provided for use in provisioning accounts to mobile devices. One example method includes receiving, at a mobile device, a request to provision an account to a mobile device; prompting a user associated with the account for authentication at a wireless device associated with the account; receiving an account credential from the wireless device, via a local wireless communication between the mobile device and the wireless device, when the user is authenticated at the wireless device; transmitting the account credential toward a first party associated with the account, whereby the account credential is indicative of the authentication of the user; and provisioning the account to the mobile device, in response to an approval received from the first party.

Abstract: Due to the proliferation of protected services that are secured by password wall, a user frequently has to remember multiple complex passwords. There is a need to reduce the number of passwords and maintain adequate security of the protected services. Systems described herein may autogenerate dynamic passwords for those apps that require a password. Protected services may allow user access based on the autogenerated dynamic password. The system may include an API for interacting with multiple apps that each provide protected services. The API may provide dynamic passwords that authenticate a user to access any of the protected services provided by any of the multiple apps.

Abstract: An access analysis system obtains data about user requests to access particular applications, such as identifiers of the particular user and application involved, the time of the request, and (optionally) additional contextual data, and uses that data to generate user access distributions that quantify the distribution of a given user's requests to access applications over time. After one or more distributions have been generated for a particular user, when that user submits a new access request for an application, the access analysis system can compare the request to the previously-generated access distributions to determine whether (or to what degree) the request is anomalous. If the request is sufficiently non-anomalous, it can be granted with little or no additional actions required by the user or the user's device; if, however, the request is sufficiently anomalous, it can be denied, or additional information—such as additional user authentication factors—can be required.

Abstract: Systems, methods, and computer-readable media are provided for processing and settling financial transactions. An example method comprises receiving a transaction from an originator. The transaction comprises information associated with an identification of an initiating user or the account. The method comprises determining the actual account number, transmitting a financial services transaction request comprising the actual account number to a financial institution, receiving a response, and transmitting a response back to the originator. Another method comprises receiving, from a user device, a request to associate a financial account with a user account. The method comprises generating and sending an association message to a payment network and receiving a key associated with the financial account for use in initiating financial transactions. Another method comprises utilizing such a key to generate and process a transaction request. Other systems, methods, and media are also provided.

Abstract: A surveillance camera system includes a power sourcing equipment corresponding to a midspan having one or more of integrated input/output (I/O) and audio port functionality, the power sourcing equipment including processing circuitry, one or more data ports, one or more of an I/O port and an audio port, and a Power over Ethernet (PoE) port. Additionally, the surveillance camera system includes a camera connected to the power sourcing equipment by the PoE port, and a computer connected to the power sourcing equipment by one of the data ports, wherein the computer is configured to receive data from and transmit data to the camera via the power sourcing equipment.

Abstract: Example techniques describe may facilitate a playback device applying a determined audio setting. An example implementation involves a first playback device receiving, over an unsecure network, a message indicating that a second playback device is available to join a playback network, wherein the first playback device is connected to the playback network. Based on a pre-existing configuration table, the first playback device determines an audio setting corresponding to a playback configuration for the second playback device, the playback configuration including the second playback device playing back audio synchronously with the first playback device in the playback network. The first playback device transmits, to the second playback device, one or more messages instructing the second playback device to apply the determined audio setting upon joining the playback network.

Abstract: A terminal not equipped with a SIM is authenticated properly by a mobile core network. A communication system 7 includes a relay device 1 included in a fixed core network 6 and an HSS 56 included in a mobile core network 5. The relay device 1 includes an issuing unit 21 that issues IMSI information corresponding to a subscriber identifier of a non-SIM terminal 3 and authentication information corresponding to the IMSI information, and transmits the subscriber identifier and the IMSI information to the mobile core network 5, and a termination unit 23 that transmits the IMSI information and the authentication information of the non-SIM terminal 3 to the mobile core network 5. The HSS 56 holds the subscriber identifier and the IMSI information in association with each other, and authenticates the IMSI information and the authentication information of the non-SIM terminal.

Abstract: Hardware and software on a computing device is analyzed based on a regulatory profile for the computing device and regulatory compliance for an entity associated with the computing device. A determination is made whether at least one of the hardware and software on the computing device includes at least one regulatory non-compliance issue. In response to determining that at least one of the hardware and software on the computing device includes at least one regulatory non-compliance issue, one or more scripts are executed on the hardware and software on the computing device to cause the hardware and software to resolve the at least one regulatory non-compliance issue based on the regulatory profile for the computing device.

Abstract: A comprehensive system for chain-of-custody for hardware devices and their components. Specifically, as the components, assemblies and the hardware device are manufactured and/or assembled, non-fungible tokens (NFTs) are generated for each component, assembly and the overall hardware device that indicate that the component, assembly or hardware device is in a certified/verified good state (i.e., have not been tampered with). The NFTs are generated using measured authenticity characteristics (e.g., electro-magnetic, heat, weight, dimensions and the like) of a corresponding component, assembly or hardware device as at least a portion of the input to the hash algorithm. The NFTs are subsequently communicated to a distributed trust computing network at which the nodes converge to verify an authenticity and certifiable state of the NFT, and blocks of data are generated within distributed ledgers that store the verified NFT.

Abstract: A service providing apparatus includes a first management unit that manages items of device identification information for identifying devices used by users and items of character identification information for identifying characters of the devices, in such a manner that the items of device identification information are associated with the items of character identification information; a second management unit that manages, for each of the users, one or more items of service identification information for identifying services corresponding to an item of character identification information; and a service providing unit that provides, using an item of service identification information, a service in accordance with a character of a device to a user who uses the device.

Abstract: An apparatus comprises at least one processing device configured to monitor, by a first service in a service chain, a first set of processing queues comprising two or more different processing queues associated with two or more different priority levels. The processing device is also configured to process, by the first service, a given portion of data stored in at least one of the two or more different processing queues in the first set of processing queues. The processing device is further configured to determine prioritization information associated with the given portion of the data and to select, based on the prioritization information, a given one of two or more different processing queues in a second set of processing queues associated with a second service in the service chain, and to store the given portion of the data in the given processing queue in the second set of processing queues.

Abstract: Capillary network devices (i.e., IMSI-less devices) may connect to an EPC through a home WLAN. A WLAN can be configured by the homeowner to accept responsibility for the traffic or a WLAN can indicate to a network that it will allow the traffic if the traffic is sponsored by an application server or if it is compensated for the traffic by the network operator. Where an IMSI-less device has a business relationship with a network operator, a WLAN can allow the device to authenticate with the network and obtain a device identifier from the network. Where an IMSI-less device has a business relationship with a SCS that has a business relationship with the network operator, the WLAN can allow the device to authenticate with the network.

Abstract: Disclosed herein are systems and method for performing failover during a cyberattack. In one exemplary aspect, a method comprises monitoring a computing device for the cyberattack and detecting that the cyberattack is in progress. While the cyberattack is in progress, the method comprises identifying a failover device that corresponds to the computing device, hardening the failover device to prevent the cyberattack from affecting the failover device, and performing failover by switching from the computing device to the failover device.

Abstract: An electronic device according to various embodiments of the present invention comprises: a housing; at least one camera disposed inside the housing; at least one door unit disposed between the housing and a lens of the at least one camera and a driving unit configured to slide the door unit such that the lens of the at least one camera can open/close, wherein the driving unit can comprise a linear actuator moving linearly according to an application of voltage. Other embodiments in addition to the various embodiments of the present invention are possible.

Abstract: A method for recovering a network key, a method for transmitting a network key, and a method for managing recovery of a network key. The method for recovering a network key from a point of access to a network is implemented by a terminal, with the network key allowing the terminal to be associated with the point of access during the first connection of the terminal to the point of access. The recovery method includes receiving, by a terminal, a network key transmitted via a mediation server by a point of access, the terminal having been identified by the mediation server by using an association, prior to the first connection, of an identifier of the terminal and an identifier of the point of access. Thus, the key cannot be easily recovered by a third party and limits intrusions into the private network managed by the point of access.

Abstract: In some examples, with respect to asymmetric-man-in-the-middle capture based application sharing protocol traffic recordation, a dynamic-link library that alters application programming interface calls with respect to communication between an application sharing protocol client and an application sharing protocol server may be injected into the application sharing protocol client. Based on the injected dynamic-link library, data from the communication between the application sharing protocol client and the application sharing protocol server may be ascertained. Further, based on the ascertained data, a test script may be generated to test operation of an application associated with the communication between the application sharing protocol client and the application sharing protocol server.

Abstract: Embodiments of the present disclosure provide systems, methods, and apparatuses for addressing the above problems through the use of access rules that involve analyzing historical access request result data for various data elements individually and in combination over a predefined time interval. An automated determination can be made for whether a transaction can be authenticated based upon the historical access request result data (e.g., ultimately, deciding whether the data element or set of data elements are associated with a valid access request).

Abstract: Embodiments are disclosed for a method. The method includes generating a correction datastore indicating shifts in magnitude representing corresponding characters that uniquely identify hardware comprising a computer processing chip. The method further includes generating security masks based on a correction file. Additionally, the method includes using a correction process for the computer processing chip. The generated security masks include corresponding overlays representing the shifts in magnitude with respect to corresponding product masks for the computer processing chip. The method also includes generating the computer processing chip using the security masks and the product masks.

Abstract: A computer implemented method for executing a first set of computer executable instructions by using a third memory portion (123) of a first computer device (100), the method comprising the steps of executing the first set of computer executable instructions and executing a third set of computer executable instructions. The first set of computer executable instructions comprises instructions which, when the first set of computer executable instructions is executed, cause the first computing device (100) to generate at least a first data item comprising first information.

Abstract: Disclosed are various approaches for providing touchless visitor management. A visitor can complete a visitor registration process using a client device of the visitor and obtain a virtual badge credential to a visitor's device. A physical access control system credential as well as a visitor badge can also be obtained to the visitor's device.

Abstract: Methods, systems, and computer programs are presented for enabling automated secure data sharing from a private cloud region to a public cloud region and vice versa. A cloud data platform confirms a relationship establishment procedure between a provider and a consumer is recorded with a cloud data platform, the provider being associated with a private cloud deployment and the consumer being associated with a public cloud deployment in a public region. The cloud data platform enables disabling of a firewall policy that is preventing data traffic between the private cloud deployment and the public cloud deployment and enables data sharing between the private cloud deployment and the public cloud deployment. The cloud data platform enables data sharing in a database of the cloud data platform.

Abstract: A client device accesses content and performs actions at a remote application server via a user-agent application. The application server directs the user-agent application to a security verification system to retrieve and perform security tests. The security verification system receives information from the user-agent application describing characteristics of the user-agent application, and the security verification system selects a set of security tests to be performed by a security module executing in the user-agent application to verify that the user-agent application is accessing the application server consistent with the described user-agent application. The security verification system compares a set of test results with other user-agent applications and provides a token to the user-agent application to access the application server. The security module may also monitor and actions on the user-agent application to permit the security verification system to revise or revoke the token.

Abstract: In some embodiments, a method can include identifying detection coverage of a set of adversarial techniques based on telemetry data and a detection instance of an environment. The method can further include determining a subset of detection coverage that has a metric value below a metric value threshold and among the detection coverage for the set of adversarial techniques. The method may further include identifying at least one detection instance associated with the subset of detection coverage. The method can further include presenting, via a graphical user interface, a representation of at least one of the subset of detection coverage or the at least one detection instance associated with the subset of detection coverage. The method can further include updating the subset of detection coverage based on the telemetry data, the detection instance, or the at least one detection instance to improve the metric value.

Abstract: A method for securely connecting and providing access to an onboard web service, between an item of client equipment, including a screen, and a mobile device, equipped with a camera. The method, is implemented by the mobile device and includes: establishing a wireless connection with the item of client equipment; transmitting a unique pictogram onto the screen of the item of client equipment; reading the pictogram, displayed on the screen of the item of client equipment, using the camera of the mobile device; authenticating the item of client equipment, by comparing data from the transmitted pictogram with the data from the pictogram that was read by the camera; and opening a secure connection and access to an onboard web service on the mobile device, for the item of client equipment.

Abstract: A method of starting an electronic device includes: receiving a first wireless signal carrying a first identification data by a wireless receiver before the electronic device enters a normal operating state; comparing the first identification data with a valid data; obtaining an account name and a password according to the first identification data if the first identification data matches the valid data and logging in to an operating system with the account name and the password so as to allow the electronic device to enter the normal operating state; and not logging in to the operating system if the first identification data does not match the valid data.