Abstract: Methods and systems are described for managing a user's contact data which use evolving sequential sets of rules where the applicability of each set depends upon adherence or proper application of a prior set. In an embodiment, an initial set of restrictions are generated based on input from a first user, the restrictions relating to contact made by a second user to the first user. These initial restrictions are subsequently modified in response to the second user contacting the first user based on the contact made and a characteristic of the contact. The methods may apply to any form of contact between the first and second users and in an embodiment applies to contact made by the second user to a cellular telephone number belonging to the first user.

Abstract: A guarded storage facility sets up a boundary indicating a range of addresses to be guarded or protected. When a program attempts to access an address in a guarded section defined by the boundary, a guarded storage event occurs. Use of this facility facilitates performance of certain tasks within a computing environment, including storage reclamation.

Abstract: Methods, apparatus, computer program product and computer readable medium are disclosed for trust management in software defined networking. A method comprises: collecting network performance results after a network policy issued by an application is applied; collecting a feedback for the network policy; and calculating a trust value of the application based at least partly on the network performance results and the feedback.

Abstract: The systems and methods provided herein use a rolling voice identifier in a multi-factor authentication system to avoid the security problems present in prior voice activated control systems. By implementing a rolling voice identifier in an access control platform, users may no longer need to be concerned with being overheard or recorded when providing voice authentication commands to an access control platform because the rolling voice identifier that the user will be prompted to speak will be specific to the particular instance of control of an access control platform. An access control platform is a platform that controls operation of a movable barrier by, for example, controlling the state of a movable barrier using a remote control. An access control platform may cause a movable barrier to become opened, closed, locked, or unlocked to permit or prevent access to a physical space by a physical object.

Abstract: Systems and methods for recording and communicating engine data are provided. One example aspect of the present disclosure is directed to a method for communicating engine data. The method includes receiving data. The method includes separating the data into categories. For one or more categories, the method includes creating a file including the separated data. For one or more categories, the method includes naming the file, at least in part, based on the category and based on a file naming convention. The method includes prioritizing the created files. The method includes transmitting an identification file comprising identification information for a wireless communication unit and the file naming convention. The method includes transmitting the created files based on the priority.

Abstract: Disclosed herein is a method for electronic authentication, validation, storage, and third party verification of documents by a document service. The method provides a system for authenticating a user by a process that includes presentation of photo identification by the user and generation of an authenticated user code. The user then requests transfer of a document to the document service. The document service then validates, encrypts, and stores the document and associated metadata. A request for verification by a third party is responded to by the document service if the user sends the authenticated user code to confirm permission for verification by the document service.

Abstract: A device may receive a request from a first user device to access a protected device. The device may verify a user identity of a user of the first device based on user credentials and determine that an authentication code is needed to authenticate the request to access the protected device. The device may dynamically generate multiple codes and transmit the multiple codes to a second user device associated with the user identity of the user of the first device. A first code, of the multiple codes, may correspond to a correct authentication code needed to authenticate the request to access the protected device. The device may transmit a message including an instruction for identifying the correct authentication code from among the multiple codes, receive a second code from the first device, compare the second code and the first code, and selectively authenticate the request to access the protected device.

Abstract: Apparatus and methods are provided for enabling a plurality of applications running on a user device or in communication therewith to share data. In one exemplary embodiment, a single user device is configured to run a plurality of heath-monitoring applications which collect data from a respective plurality of health-monitoring devices and/or via user entry. According to the present disclosure, once the applications are linked, the user accesses, views, and analyzes the plurality of health-related data from the plurality of applications at a single application. Moreover, once the applications are linked, the user may sign-in to one application and be automatically signed into the other applications. In this manner, the user's activity and updated information entered, sensed, or otherwise collected into or by one application may be accessible at the other applications for analysis and display therein as well.

Abstract: Methods, apparatus, systems and articles of manufacture disclosed herein may be used to manage audiovisual recording in a connected vehicle. An example disclosed method includes accessing a profile having a recording parameter and a first quality selected by a user from a recording server. The example method also includes comparing a reading from a vehicle sensor to the recording parameter in the profile to determine whether to record a video. Additionally, the example method includes, in response to determining to record the video, storing the video using the first quality to a memory located in the vehicle.

Abstract: A method, non-transitory computer readable medium, and access policy manager (APM) device that provides access to applications hosted by server computing devices to client computing devices each associated with an authenticated user. Interactions of the client computing devices with the applications are monitored to obtain usage statistics. The usage statistics are correlated with identifying information for each of the authenticated users or an indication of each of the applications. Notification rule(s) or parameter(s) of a request for information are applied to the correlated usage statistics. Based on the applying, a notification is sent to one or more of the client computing devices or at least a portion of the correlated usage statistics is sent to at least one of an application administrator or an APM administrator.

Abstract: Methods and systems for management of subscriber identities associated with user devices are described herein. The user device may enroll the user device to a server and lock a subscriber identity associated with the device by setting a password on the subscriber identity. If a credential entered by a user is verified, the subscriber identity associated with the device may be unlocked. Alternatively, the user device may retrieve one or more identities associated with the user, the user device and/or the subscriber identity. A server may register the one or more identities with a database. If the user device sends a request to connect to the network, the server may verify the one or more identities retrieved by the user device to determine whether to grant access from the user device to the network.

Abstract: A system is provided which utilizes multiple combinations of object location technology to locate objects and direct users to them, and which provides reliable owner recognition and ownership verification with the use of displayed augmented reality with a predefined image of the object and/or the user. Further, the system utilizes augmented reality fingerprint markers. When the augmented reality fingerprint marker is positioned on an object and scanned with a smart device, information relating to the object is superimposed on the object displayed on the smart device.

Abstract: Examples are disclosed that relate to computing devices and methods for identifying an approved input device. In one example, a method comprises: receiving a plurality of input signals from a plurality of target user-actuatable input components operated by a user, applying a plurality of rules to the plurality of input signals to generate a confidence score, and comparing the confidence score to a threshold score to determine if the plurality of target user-actuatable input components are associated with an approved input device.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprises an analytic server, which retains the old passwords during security system migration. The analytic server receives strings corresponding to passwords from an old system. When a user issues a login request after the system migration, the analytic server determines the input password and computes a second string based on the input password. By comparing the second string with the string received from the old system, the analytic server determines whether input password is correct. If the second string and the received string match, the analytic server determines that the input password is the actual password and replaces the received string with the input password. In this way, the analytic server obtains the actual password, which is the original password. As a result, the analytic server retains the old password during the system migration.

Abstract: A system for detecting a fraudulent ATM transaction is disclosed. The system relates to an ATM machine that receives a bank/ATM card from a customer. The ATM first attempts to read information from the card chip, but is unable to do so due to a read error. The ATM then instead reads the information from the magnetic strip, and initiates a fraud detection procedure. In one such procedure, the ATM uses a local wireless access point to detect a customer's device, such as a phone, in the vicinity of the ATM. In another such procedure, the ATM communicates with a backend server. The backend server then determines the location of the customer device either by transmitting a message to request authorization, or by utilizing GPS or other location-detection means on the customer device to determine whether the customer device is within the ATM vicinity.

Abstract: The present invention generally involves a mobile application configured to guard access to other applications that may be stored within a smartphone. For example, applications stored within the smartphone may include password managers, email clients, or payment applications, which a user of the smartphone may desirably secure by providing an extra layer of protection. In exemplary embodiments, the security application may employ GUI configured to display a folder for allowing a user to select which mobile applications to secure. The GUI may display a set of images as a means of implementing an authentication protocol to provide a user with access to the stored data. The user may control certain settings such as the source of the authenticating images, the number of images and authenticating images, and or a sequence that may be an authenticating sequence associated with the authenticating images for granting access to the data.

Abstract: A system may include transaction storage devices. Each transaction storage device may include a data store configured to receive, from a first entity, a request to push a detailed transaction corresponding to a secure identifier. The secure identifier may be generated, using an encoding function, from a user identifier of a user. The detailed transaction may identify at least one selected from a group consisting of products and services received by the user from the first entity. The data store may be further configured to store the detailed transaction based on a first determination to trust the first entity. The system may further include an access controller configured to perform the first determination by applying a first security rule corresponding to a type of the secure identifier to the request to push the detailed transaction, and a registry configured to store at least the first security rule.

Abstract: The present disclosure provides a data mapping protocol that securely associates the account user information stored in the user pool with corresponding account identity information stored in the identity pool, such that all the account information is searchable, regardless of which pool the information is in. In an embodiment, a mapping service, which may be provided by the resource provider, obtains a set of login credentials and authenticates the login credentials with the user pool. In response to receiving the login credentials and an authentication request, the user pool returns the account credentials associated with the login credentials. The account credentials are used to access the account identifier, and other associate account identity data in the identity pool. Thus, the login credentials from the user pool and the account identifier from the identity are obtained and associated with each other in a searchable data structure.

Abstract: Identifier dependent operation processing of packet based data communication is provided. A natural language processor component can parse an input audio signal to identify a request and a trigger keyword. A content selector component can select, based on the request or trigger keyword, a content item. A link generation component can determine whether the client computing device has an account or a record in a database associated with the service provider device. In the absence of the record or account, the link generation device generates and sends a virtual identifier to the service provider device with instructions to generate an account in the database using the virtual identifier. Once the account is created, the service provider device can communicate with the client computing device.

Abstract: The system receives a stream of authentication events, which are associated with authentication events. Next, the system attempts to detect a formation of authentication events, wherein a formation comprises a time window of authentication events that satisfy a formation criterion, which is based on one or more of: a username for the authentication attempt, an Internet Protocol (IP) address from which the authentication attempt originated, and a resource identifier for a computing resource that the authentication attempt was directed to. If a formation is detected, the system determines a number of valid usernames in the formation. If the number of valid usernames is one or less, the system computes a username similarity score for authentication events in the formation, which is a function of a string distance between usernames in the formation. If the username similarity score exceeds a threshold value, the system reports a potential username guessing attack.

Abstract: The disclosure generally describes methods, software, and systems, including a method for providing a recommended action. Data that is associated with requests and that is used in supporting actions made regarding the requests is collected from multiple sources. Default criteria based on the data and supporting a determination of a recommended action responsive to the given request is provided for presentation in the user interface. The user interface includes interactive sliders, each interactive slider being associated with a criterion and having a default slider position associated with a relative weighting factor for the criterion. An algorithm is executed that is associated with a request type of the given request. Absolute weights are assigned to the default criteria using the relative weighting factors. The given request is evaluated using the default criteria and the absolute weights to determine the recommended action, which is provided for presentation in the user interface.

Abstract: A card with power management circuitry is provided. A card may have circuitry contained therein (e.g., a processor) that may have a maximum operating voltage. The card may include a power source (e.g., a battery) that provides power ranging in voltage from a maximum power source voltage to a minimum power source voltage. The maximum power source voltage is greater than the maximum operating voltage. Power management circuitry is provided to manage the power received from the power source such that the voltage provided to the circuitry (e.g., processor) does not exceed the maximum operating voltage.

Abstract: A method according to one embodiment includes receiving, by a gateway device and from an access control device, credential data received by the access control device from a mobile device in response to presentation of the mobile device to the access control device, comparing the credential data to a gateway credential list stored in a memory of the gateway device, the gateway credential list identifying a plurality of credentials associated with the gateway device, and each credential of the plurality of credentials associated with a unique credential index, transmitting, to a server, the unique credential index associated with the credential data in response to determining that the credential data matches a corresponding credential in the gateway credential list, and receiving, from the server, an access control decision associated with the credential data in response to transmitting the unique credential index.

Abstract: A secure storage apparatus on a mobile device for securing user-access to a mobile application is provided. The secure storage may include, an electronic representation of a mobile token pin selected and inputted when authenticating a user for a first time and an OTP seed, stored in the secure storage. The secure storage may be a secure portion of memory on the mobile device only accessible and visible to the mobile application upon receipt of the mobile token pin. When the mobile token pin is inputted into the mobile application on the mobile device, the mobile application may be configured to transmit the mobile token pin to an authentication server for verification. In response to the verification, the OTP seed may be released from the secure storage and activate an OTP application associated with the mobile application to generate, transparent to the user, an OTP.

Abstract: A method for associating services in an electronic device is provided. The method includes sending, by a first electronic device, a first service with a first private association dialog (PAD) to a second electronic device, wherein the first PAD of the first service includes a first PAD identifier and sending, by the first electronic device, a second service with a second PAD to the second electronic device, wherein the second PAD of the second service includes a second PAD identifier that matches the first PAD identifier to associate the second service with the first service at the second electronic device.

Abstract: A method is provided to reduce inappropriate online behavior. The method includes providing a network service, receiving a request from a user to use the network service, and requesting a usage report about an email account associated with the user. The usage report is based on analysis of usage data representative of usage of the email account, and the analysis is based on at least one of a date that the email account was established, tracked history of emails received by the email account, and a history of IP addresses used when accessing the email account for communicating with multiple other email accounts, and the usage data is unrelated to content included in email messages exchanged by the email account. Either a first level or a second level of the network service available to the user is selected, wherein selection of the first or second level is based on whether the usage report meets selectable criteria.

Abstract: A communication system is provided, including a plurality of terminal devices and a root certification authority. Each of the plurality of terminal devices includes a certification authority key generation unit, a certification authority public key certificate acquisition unit that acquires a certification authority public key certificate, a certification authority key storage unit, a transmission unit, and a verification unit that verifies the certification authority public key certificate with a root certification authority public key certificate, and verifies a user in a case where the verification succeeds. The root certification authority includes a root certification authority key storage unit, a communication unit, and a certification authority public key certificate generation unit that generates the certification authority public key certificate by encrypting the certification authority public key with the root certification authority secret key.

Abstract: Embodiments of the disclosure provide a method of establishing a user profile using multiple channels. Embodiments allow compatibility of the user profile across several authentication systems. The user profile is created upon registration and is updated with attributes after authenticating and authorizing the user according to a pre-defined assurance level. The user profile contains attributes pertaining to the user and user device. The attributes can be analyzed by authentication systems to optimize data security.

Abstract: A security device for a local computer, said security device comprising a locked-down system environment that includes a remote-access connector and an authenticator facility. The remote-access connector initiates a remote connection request with a virtual-computer service. The authenticator facility provides first authentication-data to the remote-access connector for ensuring that the security device has permission to be allocated a virtual computer from the virtual-computer service.

Abstract: An image transmitting apparatus includes a scanner that reads an original, a memory that stores programs, and a processor that executes the programs. The programs are executed to identify destination information of a user for the image transmitting apparatus, and transmit image data corresponding to the read original using the identified destination information in a case where the user does not designate a destination.

Abstract: Disclosed are implementation methods, apparatuses and systems for remote access. The method can include: a mobile device, MD, transmitting a first resource updating request to a cloud server, CS; according to the first resource updating request, the CS creating an attribute “remote configuration file” of a resource, and generating and transmitting a notification resource creation request to a gateway agent, GA, where the notification resource creation request includes a parameter “remote configuration file”; according to the parameter “remote configuration file” of the notification resource creation request, the GA activating a local remote configuration file; the CS receiving a remote access request transmitted by the MD, and according to an attribute “notified attribute” of an updated resource, forwarding the remote access request to the GA; and according to the activated remote configuration file, the GA executing the remote access request.

Abstract: A cognitive one-time password generation method, system, and computer program product, include sending a cognitive one-time password question to a user via a third-party platform and granting access to a secured service when the user inputs into the secured service a cognitive one-time password as a correct answer to the cognitive one-time password question where the user receives the cognitive one-time password question, independently from the secured service via the third-party platform, to formulate the correct answer to input into the secured service.

Abstract: A method includes, for a storage unit of a set of storage units of the DSN, performing at least one of determining whether a data access request for the storage unit is atypical, determining whether an error rate for the storage unit is atypical, and determining whether a response rate for the storage unit is atypical. When the at least one of the data access request, the error rate, and the response rate for the storage unit is atypical, the method continues by identifying the storage unit as having a security risk. The method continues by executing a security response for the storage unit based on the security risk.

Abstract: A method for a client device (1) to request data from a cloud storage device (2) comprises receiving a user request (UR) specifying requested data (RD), producing a client evaluation result (ER1) by evaluating an access policy associated with the requested data, and optionally also producing a client cryptographic commitment (P1) on the client evaluation result (ER1). The user request (UR) and the optional client cryptographic commitment (P1) may be transmitted to the cloud storage device (2), and in response a cloud evaluation result (ER2) may be received from the cloud storage device (2), the cloud evaluation result (ER2) being produced by the cloud storage device (2) by evaluating the access policy associated with the requested data. Then, the client evaluation result (ER1) and the cloud evaluation result (ER2) may be compared, and if the client evaluation result (ER1) fails to match the cloud evaluation result (ER2), a warning message may be produced.

Abstract: Technologies for integrating data from video-based learning resources with push messages are provided. The disclosed techniques include, in response to a playing, in learning software, of a video-based learning resource, determining a trigger event based at least partly on recall data. In response to an occurrence of the trigger event, the disclosed technologies cause insertion of a learning refresher item that includes content extracted from the video-based learning resource into a push message.

Abstract: The present disclosure describes techniques for selective attestation of a wireless communication session between an originating device and destination device. Attestation of the originating device identity depends in part on determining that the destination network associated with the destination device deploys a STIR/SHAKEN framework for end-to-end authentication and assertion of a telephone identity. This disclosure describes techniques to verify that the destination network has deployed the STIR/SHAKEN framework based on the administrative operator carrier number (AOCN) or operator carrier number (OCN) of the destination network. In response to determining the destination network has deployed the STIR/SHAKEN framework, a carrying node is configured to selectively generate instructions to include an attestation of an identity of the originating device in the SIP INVITE message sent to the destination network.

Abstract: A spatio-temporal topology learning system for detection of suspicious access control behavior in a physical access control system (PACS). The spatio-temporal topology learning system including an access pathways learning module configured to determine a set of spatio-temporal properties associated with a resource in the PACS, an inconsistency detection module in operable communication with the access pathways learning module, the inconsistencies detection module configured to analyze a plurality of historical access control events and identify an inconsistency with regard to the set of spatio-temporal properties, and if an inconsistency is detected, at least one of the events is flagged as potentially suspicious access control behavior.

Abstract: Approaches presented herein enable restricting access to a locked computing resource in a web browser with a user-tailored CAPTCHA. More specifically, a request for a CAPTCHA is obtained from a web browser of a user attempting to access a resource. A set of terms associated with the user are selected from a pool of terms collected from an environment of the user within a pre-determined time period. A familiarity value of the selected terms indicating a recognizability of the terms by the user is determined. A CAPTCHA of the selected set of terms is generated having a level of graphic noise corresponding to the familiarity value. The generated CAPTCHA is then sent to the web browser. When a response to the CAPTCHA is received from the web browser, it is analyzed to determine whether the response matches the selected set of terms. If so, the web browser is instructed to grant the user access to the resource.

Abstract: A print system comprising an information processing apparatus, a printer and a server which are interconnected through a network. When receiving the unprocessed print data from the printer, the server performs, based on the received unprocessed print data, obtaining a transmission source identifying information identifying a transmission source of the unprocessed print data and the information processing apparatus which delivers the unprocessed image data to the printer, applying the image processing, which corresponds to the second identifying information associated with the first identifying information identifying a device same as a device identified by the transmission source identifying information as obtained, to the unprocessed print data, and transmitting processed print data which is the print data to which the image processing has been applied to the printer. When the printer receives the processed print data form the server, the printer performs printing based on the processed print data.

Abstract: Security layers for protecting a user account or credentials are disclosed. The layers involve the areas of: detection, access, deterrence and response. These layers may be used in various combinations for protecting a user account and are preferably customizable by the user. Invalid login attempts may be detected based on combination(s) of: authorized user input, metadata, connection risk factor, and one or more authentication factors. Examples of authorized user input selections may include: Scheduled Login, Enhanced Logout, Account Freeze, and various “Payback” options. In response to invalid login attempts, selected Payback options may be automatically sent to the requesting device—giving authorized users the ability to fight back against intruders.

Abstract: Systems, methods, and related technologies for account access monitoring are described. In certain aspects, a login request associated with a device can be analyzed and a score determined. The score and a threshold can be used to determine whether to initiate an action.

Abstract: The present application discloses a routing configuration method of view files, a computer readable storage medium, a terminal device and an apparatus, which aims at solving a problem that an efficiency of manually configuring routing information of view file is low and routing configuration errors are prone to occur. The routing configuration method comprises: determining a target single page application; detecting whether there exists an update in a view file of the target single page application; determining an updated target view file if there is the update for the view file of the target single page application; acquiring update state information of the target view file; and updating routing configuration information in a routing configuration file of the target single page application according to the update state information.

Abstract: Upon receiving malware detection rules that are to be identified with respect to an input traffic stream, a rule database that requires less storage capacity than the malware detection rules is generated by substituting tokens for selected symbol strings within the malware detection rules. A compressed traffic stream is generated by substituting the tokens for instances of the selected symbol strings within the input traffic stream, and then compared with the rule database to determine whether the input traffic stream contains one or more symbol sequences that correspond to any of the malware detection rules.

Abstract: The invention relates to a mobile telephone (3) containing an authentication code (ID) for enabling a motor vehicle (2) to be locked/unlocked and/or started via a Bluetooth™ Low Energy (BLE) protocol, characterized in that said mobile telephone comprises: a pairing code (AP) for enabling the mobile telephone (3) to be registered automatically with said motor vehicle (2); and/or an identification code (VIN) for enabling the mobile telephone (3) to be recognized automatically in said motor vehicle (2).

Abstract: Methods, computing devices and display devices are disclosed for displaying virtual content at a target location that is determined relative to a shared anchor. Image data of a physical environment may be captured. A shared anchor tag may be identified in the image data. Based on identifying the shared anchor tag, shared anchor tag image data may be transmitted to a server. Based at least on data retrieved by the server, a data packet comprising a shared anchor associated with a second display device is received, wherein the shared anchor defines a three-dimensional location in the physical environment. A hologram is displayed at a target location determined relative to the location of the shared anchor.

Abstract: Humans as well as non-human actors may interact with computer devices on a computer network. As described herein, it is possible to train and apply human vs. non-human detection models to provide an indication of the probability that a human or a non-human actor was interacting with a computer device during a particular time period. The probability that a human or non-human was interacting with computers during a particular time may be used to improve various actions, including selecting one or more different threat detection models to apply during the particular time, selecting data to use with threat detection models during the time, or selecting data from the particular time to store.

Abstract: Systems and methods for authorizing rendering of objects in three-dimensional spaces are described. The system may include a first system defining a virtual three-dimensional space including the placement of a plurality of objects in the three-dimensional space, and a second system including a plurality of rules associated with portions of the three-dimensional space and a device coupled to the first system and the second system. The device may receive a request to render a volume of three-dimensional space, retrieve objects for the volume of three-dimensional, retrieve rules associated with the three-dimensional, and apply the rules for the three-dimensional space to the objects.

Abstract: In an example, a system may modify an object stored in an object store for storing objects to include augmented metadata. The system may encode a signature of the modified object such that the signature is identical to a signature of the object prior to being modified to include the augmented metadata.

Abstract: An embodiment of a semiconductor package apparatus may include technology to determine one or more filtered memory locations of a memory, determine if a read access for the memory corresponds to the one or more filtered memory locations, and return a pre-determined filter value as a result of the read access if the read access is determined to correspond to the one or more filtered memory locations. Other embodiments are disclosed and claimed.

Abstract: The application describes an authentication process that incorporates voice commands with an HTTP interface module to perform a multifactor authentication (MFA) process. For example, a first computer system may initiate the MFA process by sending, with a HTTP interface module maintained by the first computer system, a request to initiate the MFA process to the second computer system. The MFA process may also transmit an one-time password (OTP) to a first user device. The first computer system may receive an audible recitation of the OTP from a second user device. The OTP may be parsed and used to generate an HTTP request. The HTTP interface module may send the HTTP request to the second computer system. When the second computer system authenticates the user based at least in part on the non-audible file, the first computer system may receive confirmation of authentication of the user to initiate the transaction.