Abstract: A method is performed at a security device. The method includes establishing a network connection with a client system. After establishing the network connection, the security device receives a first packet from the client system. The first packet includes an identifier, a first counter value, and a first one-time password hash generated by the client system. Based on the identifier received, the security device retrieves from a trusted data store the seed and a second counter value. If the first counter value is larger than the second counter value, the security device generates a second one-time password hash based on the identifier, the first counter value, and the seed. In accordance with a determination that the first and second one-time password hashes match, the security device grants, to the client system, access to one or more network resources protected by the security device via the network connection.

Abstract: Systems and methods for managing access data are disclosed. One method can comprise receiving prediction information relating to one or more content options and requesting access information associated with the prediction information. At least a portion of the received access information can be processed to provide a preliminary access decision. A request for access relating to the one or more data options can be received and an access decision based at least in part on the preliminary access decision can be provided.

Abstract: Provided is a method of providing, by a server, account information, the method including: receiving an account generation request message from a first device; generating first account information, based on user identification information included in the account generation request message; transmitting the generated first account information to the first device; receiving an account use request message from a second device; identifying the first account information and service identification information included in the received account use request message; and transmitting second account information corresponding to the identified first account information and the service identification information, to the second device.

Abstract: A system for generating reports with dynamic business intelligence analytics and/or a static value story may collect parameters defining the scope of a report. The system may select a value story module comprising a set of static report pages for generating the report, and a business insight module comprising a set of dynamic report pages for generating the report. The value story module includes static data related to the scope of the report. The set of dynamic report pages may be generated by a job running on a data storage system. The system may arrange a set of presentation pages into a selected order, with the set of presentation pages being selected from the set of dynamic report pages and the set of static report pages. The system may generate the report in a file format with the report comprising the set of presentation pages in the selected order.

Abstract: Embodiments generally relate to securing a geophysical presence of a user. In some embodiments, a method includes receiving information associated with the user in a physical environment. The method further includes generating a unique pattern in response to receiving the information associated with the user. The method further includes sending encoded information containing the unique pattern to a landmark device in the physical environment, where the encoded information causes the landmark device to present the unique pattern. The method further includes receiving captured data from the physical environment. The method further includes verifying an identity and a physical presence of the user in the physical environment based on the captured data, where the captured data includes the landmark device.

Abstract: A computer-implemented method for incentivizing user behavior including identifying an action for a user to perform, providing the number of credits that can be earned by the user for performing the action, verifying that the user has carried out the action and awarding the credits to the user.

Abstract: A method for transferring digital data from a source to a target device, each of the source and target devices including a respective user interface. The method receives a user selection of digital data on the source device via a user interface. The method authenticates the user on the source device. The method, based on recognizing a user selection of target input field(s), of an interface of the target device, to which the digital data is to be provided as input, authenticates the user on the target device and verifies that a common user has authenticated with the source device and the target device. The method transfers the digital data to the target input field(s) of the interface of the target device.

Abstract: Techniques are described for associating identifiers (e.g., digital watermarks) with video content in a way that enables identification of the source of pirated content with specificity as granular as an individual user account. A compositors operating in the DRM trust zone of a client device introduces the identifier by compositing overlay information with decoded video frames. The identifier may then be recovered by comparing target content to the source content to extract the overlay information.

Abstract: Various embodiments are generally directed to an identity proofing platform. The platform may receive, from a user, personally identifiable information (PII) related to a consumer and determine one or more verifications requested by the user. The verifications may be one or more of a government identification (ID) verification, a credit bureau verification, or a mobile network operator verification. The platform may send a SMS message to the consumer for consent approval and receive consent from the consumer. The platform may perform the one or more verifications, generate an identity proofing result based on the performed one or more verifications, encrypt the identity proofing result, and send the identity proofing result to the user.

Abstract: Modifying an activity stream to display recent events of a resource includes checking-in a user to a resource to provide context about the resource, specifying a time duration for which the user is checked-in to the resource, and modifying, based on the time duration, an activity stream of the user to display recent events of the resource.

Abstract: Provided, in an aspect, is a method for improving security in an automated teller machine (ATM) network, which includes prompting a user, via the ATM, to provide a biometric sample; receiving the sample from a biometric device of the ATM; determining that the sample is not blacklisted; and allowing the user to complete a transaction. Because the method includes storing anonymized event details, which include the biometric sample separate from user-identifying information, the method both improves privacy for law-abiding users and deters malicious use by others.

Abstract: Systems and methods for enrolling and authenticating a user in an authentication system via a camera of a computing device include capturing and storing biometric information from at least one first image and at least one second image of the user taken via the camera. Prior to use, the user answers personal questions and the answers are stored as stored answer data. Later, such as at a business, the questions are presented to the user and the user provides their personal answers via a computing device. The answers are processed and uploaded to an authentication server where a comparison occurs against the stored answer data. If a match does not occur, then the authentication/identity verification processes ends. If a match does occur, then the authentication process continues. The questions match may serve as a gate function for accessing authentication data stored in a blockchain.

Abstract: Techniques for stateful computing at the edge of a content delivery network are described. In some embodiments, a point of presence of the content delivery network includes proxy servers, function execution units, and function state cache servers executing on computer systems within the point of presence. A proxy server checks for requests for resources hosted on behalf of customers of the content delivery network that trigger a customer-specified function. When a function is triggered, the proxy server selects an execution unit and sends a function execution request to the execution unit. The execution unit executes functions of many different customers of the provider network. Upon receiving a request to execute a function that is stateful, the execution unit retrieves the function state from a function state cache server, execute the function, and returns a result to the proxy server.

Abstract: A Token Transmission Server transmits active tokens within an enterprise network. The active tokens include either active data tokens or active request tokens, and are fraudulent from the perspective of the enterprise. A Token Monitoring Server monitors network traffic within the enterprise network to detect the presence of network traffic being originated by an enterprise device based upon the active tokens, and generates an alert indicating that the enterprise device is likely compromised.

Abstract: An operating system for a computer device that includes code in the form of a hook that controls lock in and lock out of a removable data communication connection object (for example, a cable terminating in a connector, a card) with respect to a data communication port by means of an electromechanical lock. Software requiring system administrator authentication to lock a removable data communication connection object out of a data communication port. Software requiring system administrator authentication to lock a removable data communication connection object into a data communication port.

Abstract: Techniques for processing user logins are described. One example method includes receiving a first user input to zoom out a first application, wherein the first application is displayed on a first area of a screen of a device; zooming out the first application to be displayed on a second area of the screen; and displaying an icon of a second application on a third area of the screen, wherein a user has logged into the second application on the device; receiving a second user input to drag the displayed icon of the second application from the third area to the second area; transmitting login authorization information of the second application to the first application; and submitting, by the first application, the login authorization information to a server of the second application through a server of the first application; and authorizing logging into the first application on the device.

Abstract: A call screening computing system is described that is configured to perform voice captcha and real-time monitoring of calls into a contact center of an organization. The call screening computing system includes a chat bot configured to operate as an AI-based call screener. The chat bot is configured to perform voice captcha by sending a random question to a user device placing a call into the contact center, and analyzing the received answer to determine whether a user of the user device is human or a robot. The chat bot is configured to, based on the user being human, determine whether the user is a legitimate customer of the organization by generating and presenting authentication challenges to the user device. The chat bot may be configured to monitor and interact with a conversation between the user and an agent of the organization during the call into the contact center.

Abstract: Various examples for providing an enrollment barcode to a staging client are provided. Enrollment data can be provided to a barcode service, which generates an enrollment barcode. The enrollment barcode contains data necessary to complete setup and enrollment of the client device with a management service.

Abstract: A server may perform server side authentication of a user device. The user device may generate a first authentication string by performing a hash function on a username, a password, and a first salt. The first authentication string may be registered with the server for subsequent login attempts. At login, the user device generates the first authentication string and transmits the first authentication string to the server. When the authentication strings match, the user device is authenticated. The user device may also update the first authentication string. The server may provide the first salt and a second salt to the user device. The user device may generate a first authentication string and a second authentication string from the first salt and the second salt, respectively. When the first authentication strings match, the server may update the user device's authentication string by replacing it with the second authentication string.

Abstract: A technique for promoting network security employs a user-centric approach in which a hardware appliance serves as a local security hub for storing and dispatching user identity information (UII). The hardware appliance is configured to release UII in response to access requests by applying a variable verification procedure. The variable verification procedure tests multiple verification factors associated with an access request, assigns a verification strength to each factor, and selectively releases the requested UII in response to a combined verification strength exceeding a threshold.

Abstract: An applet may be downloaded or provided to a web browser when a user visits a site in order to protect data input by the user from being captured by malicious software, such as key loggers. The applet may present a user input field in the web browser and may generate a random sequence of low-level key stroke or mouse click events within the input field when the user enters information, such as a username and/or password. A listening key logger will receive a large amount of random data, whereas the applet will receive and buffer the actual user data that may be communicated to a remote site access by the user.

Abstract: A system for supporting multiple users of a mobile computing device is disclosed herein. The mobile computing device receives a biometric identifier for a user by way of a biometric input component of the mobile computing device. Responsive to receiving the biometric identifier, the mobile computing device causes the biometric identifier to be received by a biometrics subsystem of an operating system of the mobile computing device. The biometrics subsystem authenticates the user based upon the biometric identifier. The mobile computing device then scans for an identifier for a wearable device worn by the user that is emitted from the wearable device. Responsive to detecting the identifier for the wearable device, the mobile computing device authenticates the user based upon the identifier for the wearable device. The mobile computing device then executes a mobile application loaded in memory of the mobile computing device.

Abstract: An embodiment of the invention provides a method for secure biometrics matching with split phase client-server matching protocol, wherein a first biometric input is received in an electronic device. The first biometric input is stored in the electronic device as a biometric profile; and, the biometric profile is sent to a server. An additional biometric input is received from a user in the electronic device; and, the additional biometric input is compared to the biometric profile stored in the electronic device to generate a local matching score. The additional biometric input is sent to the server. The local matching score and a remote matching score generated by the at least one server are compared; and, it is determined whether to authenticate the user based on the comparison of the local matching score and the remote matching score.

Abstract: An apparatus made of wheels arranged axially on a central spindle that are rotated with respect to one another in myriad combinations to create unique, complex passwords for use in computer systems. The wheels are labeled with a randomized selection of characters found on standard computer keyboards, including upper and lower-case characters, numbers, and special characters, together with some or all characters put on colored backgrounds found on each wheel. A memorized master password is used to align the wheels, which reveals a series of unique, complex passwords arrayed across the perimeter of the wheels for use in computer applications. When not in use, the wheels are rotated to a random or storage position, providing for obfuscation of the passwords and allowing the device to be stored in plain sight.

Abstract: There is provided an information processing device in which an application of an electronic device provides a service to a user, the information processing device including a processor; and a memory that includes instructions, which when executed, cause the processor to execute the following steps: associating the application with a processing flow; associating the processing flow with a scope of authorization of an external service; retrieving the scope of the authorization of the external service required by the processing flow associated with the application; retrieving authorized information representing a scope of authorization of the external service authorized by the user; and providing, for each external service, information indicating whether the external service is authorized, based on a result of comparing the scope of the authorization of the external service required by the processing flow with the scope of the authorization of the external service authorized by the user.

Abstract: A computer-implemented method may be provided for identifying a user device. An identification server in communication with the user device may receive a request from a browser of the user device to access, from a destination uniform resource locator (URL), an asset from the identification server. The request from the browser may be received from a website server. The asset is configured to be presented on a webpage hosted by the website server. The request from the browser may be modified to associate a new identity attribute of the user device with the request.

Abstract: The present teaching relates to user authentication based on a visual representation of a location. In one example, a request is received for authenticating a user with respect to a user identity. A location of the user is determined. A candidate visual representation of the location is obtained from the user. One or more visual representations are retrieved from a database. The retrieved one or more visual representations are associated with the user identity in the database. Whether the user is authenticated is determined based on the candidate visual representation and the retrieved one or more visual representations.

Abstract: A communication apparatus includes an operation display unit for displaying an email generation screen containing content of an opponent machine-generated email as an original message input in a message input field, and for receiving an operation to input a new message, and a control unit for generating own machine-generated email containing email text of the input message. The control unit performs a signature process to insert an own machine user's signature in case where the original message does not contain the own machine user's signature, while it does not perform the signature process in case where the original message contains the own machine user's signature.

Abstract: Techniques for identifying certain types of network activity are disclosed, including parsing network traffic to automatically recognize anonymous identifiers. Such techniques may be used to identify and eliminate malicious and/or undesirable network traffic, and to identify topics relevant to a user of a particular network device so that communications to such a user are more likely to relate to a topic of interest to the user.

Abstract: A method of replicating a UNIX password from a source computer to a delimited set of target computers performed by an application executing on a computer system. The method comprises receiving an identity of a source computer, determining a date of a UNIX password associated with a user identity configured on the source computer, determining that the UNIX password associated with the user identity configured on the source computer is less than a predefined number of days old, receiving identities of a plurality of target computers, reading an encrypted UNIX password associated with the user identity from the source computer, and, for each of the target computers, writing the encrypted UNIX password into an entry associated to the user identity in a password file on the target computer.

Abstract: A computer-implemented method for predicting a random pattern keypad based on a binding code and a session code; receiving a password input from the user via the random pattern keypad; generating a virtual one-time password based on the password input from the user; and transmitting the virtual one-time password to the server device to authenticate the client device and access services offered by the server device.

Abstract: In an embodiment, a request for hosting a blockchain may be obtained from a client device. A node device to host the blockchain may be determined. Information associated with the node device may be provided to the client device, where the information is used for creating the blockchain on the node device. First data may be obtained from the client device and second data may be obtained from the node device for verifying that the node device hosting the blockchain complies with a hosting verification condition. Based on the first data, the second data, and the hosting verification condition, hosting information associated with the node device may be determined. Based on the hosting information, the node device may be removed from a set of node devices for hosting the blockchain.

Abstract: The embodiments herein relate to a mobile terminal and a method for accessing a wireless network in a roaming environment, the mobile terminal being pre-provided with credentials to access the wireless network, the mobile terminal further being provided with an application, said application includes a service part and an application part. The mobile terminal is configured to: send a request to a EAP server, the request including the credentials of the mobile terminal; connect the service part of the application to an access control server which adds/creates an EAP account for the mobile terminal for a predetermined time period; and to access the wireless network when the EAP server validly authenticates the credentials of the mobile terminal. The embodiments also relate to a method in the access control server and to the server.

Abstract: Systems and techniques are provided in which a token is used to manage user access to actions and features within an application platform. The token includes an indication of each action and/or feature to which the user has permission within the platform, thereby allowing for rapid and efficient development and management of user access to features within the platform.

Abstract: Mobile device security, device management, and policy enforcement are described in a cloud based system where the “cloud” is used to pervasively enforce security and policy and perform device management regardless of device type, platform, location, etc. A cloud based method includes monitoring traffic between a mobile device and an external network in a cloud based system separate from the mobile device and the external network; enforcing policy with respect to the traffic from the mobile device to the external network to determine whether to block or allow the traffic from the mobile device to the external network; and inspecting content associated with the traffic from the external network to the mobile device to determine whether to block or allow the traffic from the external network to the mobile device.

Abstract: Various embodiments include a first detection being made that a first program residing on a device is requesting authentication. The first program resides in a first portion of the device. An authentication step can be performed by referencing a unique identifier accessible via a request sent by the first program to a second program residing on the device, where the second program resides in a second portion of the mobile device. The second portion has a greater level of security than the first portion (e.g. physical separation may exist between the first and second portions). Accordingly, integrity of the first program can be verified (e.g. an authentic, authorized version of a program is making a transaction request rather than an unauthorized version).

Abstract: An information processing apparatus and an authentication method performed using the information processing apparatus are provided. An information processing apparatus receives, as authentication information, identification information of a user of an information processing system including the information processing apparatus and an authentication apparatus, converts the authentication information, and controls to execute an authentication process based on the authentication information. The information processing apparatus converts the authentication information to form a readable authentication information by converting a character that cannot be interpreted by the information processing apparatus into a character that can be interpreted by the information processing apparatus.

Abstract: An approach for determining repeat website users via browser uniqueness tracking includes receiving browser information from a server based on a browser accessing a website. The approach includes creating a browser identifier based on the browser information. The approach includes determining the browser is one of a new visitor and a repeat visitor to the website by comparing the browser identifier to other browser identifiers associated with the website. The approach includes transmitting a message to the server indicating the browser is one of a new visitor and a repeat visitor to the website based on the determining.

Abstract: Disclosed are systems and methods for cloud-based monitoring and control of physical environments. In various embodiments, a computing device (1350, 1450, 1550) seeking to verify credentials of a lighting system controller (1352, 1452, 1552) may obtain unverified credentials of the lighting system controller. The computing device may transmit, to a first remote device via a first network communication channel, a request to verify the unverified credentials. The computing device may receive verification from the first remote device or a second remote device via a second network communication channel. The second network communication channel may be different than the first network communication channel. The computing device may compare the unverified credentials to the verification data and verify, based on the comparing, that the unverified credentials are legitimate.

Abstract: A first party uses a secret key to encrypt information, which is then sent through an untrusted connection to a second party. The second party, however, cannot decrypt the information on its own, and it relays the encrypted information through a secure network. The secure network includes one or more nodes linking the first and second parties through one or more trusted connections (“hops”); each hop features uses of a shared secret key unique to that hop. The first party's connection to the network (domain) receives the information relayed through the secure network by the second party, it decrypts that information according to the secret key of the first party, and it then retransmits the decrypted information to the second party using the secure hops. Techniques are provided for sharing a private session key, federated credentials, and private information.

Abstract: A communication apparatus capable of data communication includes a controller that temporarily permits data communication of an application. Upon the application transitioning to the background, the controller maintains temporary permission for data communication of the application when the application transitioned to the background as a result of an interrupt not intended by a user, and prohibits data communication of the application when the application transitioned to the background as a result of an interrupt other than an interrupt not intended by the user.

Abstract: The invention provides mechanisms for enhancing the security and protection of a computer-based system or network. It relates, in part, to the use of a decoy (which may be termed “honeypot” or “honeynet”) for collecting attacker-related data, and/or diverting malicious behaviour away from legitimate resources. In one embodiment, the invention provides a method comprising the steps of receiving, processing and logging network traffic data of a plurality of users, where the network traffic is received from a plurality of participating users; determining an attacker profile from the network traffic data; determining a honeypot or honeynet configuration based on the attacker profile; and upon receipt of a valid information request from a user of the plurality of users, providing the determined attacker profile and configuration to the user.

Abstract: Embodiments of the present invention provide methods, systems, and computer-readable storage medium for managing access to an application on a mobile computing device. In an embodiment, a method includes receiving a request from a user to return to the application and return to a previous screen of the application on the mobile computing device, and determining, using a processor, whether the previous screen of the application was in a secured area of the application. If it was in the secured area, then an authentication protocol is triggered prior to allowing the user to return to the previous screen in the secured area of the application on the mobile computing device. In another embodiment, geolocation dependent information is provided to a user via an application on a mobile computing device.

Abstract: A method includes determining, by a tracker controller of a hardware security module, that a first processor has submitted a first request to access a computing resource. The method also includes determining, by the tracker controller, whether the first request and a second request both request access to the same computing resource. The second request is submitted by a second processor. The method also includes preventing access to the computing resource based on a determination that the first request and the second request do not request access to the same computing resource. The method also includes permitting access to the computing resource based on a determination that the first request and the second request both request access to the same computing resource.

Abstract: Methods and systems for transferring a user session between at least two electronic devices are described. The user session is conducted as an audible session via an audible interface provided by a primarily audible first electronic device. Input data is received from the audible interface, wherein the input data causes the audible interface to progress through audible interface states. A current audible interface state is mapped to a visual interface state defined for a visual interface. The mapped visual interface state is pushed to a second electronic device having a visual output device for displaying the visual interface, to enable the user session to be continued as a visual session on the second electronic device.

Abstract: Embodiments can provide an apparatus, a method and/or a computer program for routing data packets in a radio access network. The apparatus 10 comprises means for receiving 12 a data packet 804 from a source network node, the data packet comprises a data packet header and a data packet payload. The apparatus 10 further comprises means for inspecting 14 the data packet. The means for inspecting 14 is operative to perform a first packet inspection on the data packet header to determine information on a source or a destination of the data packet from the data packet header, and the means for inspecting 14 is operative to perform a second packet inspection on the data packet payload based on the information on the source or the destination of the data packet to determine information on an identification of the destination of the data packet.

Abstract: The present disclosure provides methods and systems for secure logon. One or more method includes: determining, via authentication information provided by a user of an electronic device, that the user is authorized to access an online account provided by the online account provider; providing the user with a selectable option to enable an expedited logon process by which the user can access the online account by solely providing a particular authentication item of the user; receiving a verification credential in response to a next logon attempt using the expedited logon process; and verifying that the received verification credential matches an assigned verification credential provided to the user for use in conjunction with the next logon attempt using the expedited logon process.

Abstract: Multifactor authentication is a method to secure data and accounts and to prevent unauthorized access. A first factor can be information that the user knows, such as a username and password combination. A second factor can be something that the user possesses, such as a token generator or a trusted device. The present invention enables a user to present multiple authentication factors through a single biometric input using stored credentials and tokens generated by a secure element.

Abstract: A client device accesses content and performs actions at a remote application server via a user-agent application. The application server directs the user-agent application to a security verification system to retrieve and perform security tests. The security verification system receives information from the user-agent application describing characteristics of the user-agent application, and the security verification system selects a set of security tests to be performed by a security module executing in the user-agent application to verify that the user-agent application is accessing the application server consistent with the described user-agent application. The security verification system compares a set of test results with other user-agent applications and provides a token to the user-agent application to access the application server. The security module may also monitor and actions on the user-agent application to permit the security verification system to revise or revoke the token.

Abstract: In general, in one aspect, a system for providing honeypot network services may monitor network activity, and detect network activity indicative of network service discovery by a first device, for example, port scanning. The system may present a temporarily available network service to the first device in response to detecting the activity indicative of port scanning, for example, by redirecting traffic at an unassigned network address to a honeypot network service. The system may monitor communication between the first device and the presented honeypot network service to determine whether the monitored communication is indicative of a threat, and determine that the first device is compromised based on the monitored communication between the first device and the presented honeypot network service. The system may initiate measures to protect the network from the compromised first device.