Abstract: A system, method, and computer-readable medium for performing a data center monitoring and management operation. The data center monitoring and management operation includes: embedding a unique identifier within a data center asset, the unique identifier including a signed certificate; providing the data center asset to a customer; establishing a secure communication channel between an onboarding system and the data center asset, the secure communication channel using the signed certificate; exchanging information between the onboarding system and the data center asset via the secure communication channel, the information including a data center asset ownership voucher; and, using the data center asset ownership voucher to associate the data center asset to the customer.

Abstract: The present disclosure generally relates to enrolling a biometric feature for use with a peripheral device. While a computer system is connected to an external device, the computer system receives a first request to enroll a biometric feature. In response to receiving the request and in accordance with a determination that the request satisfies a first set of one or more criteria, the computer system displays a user interface object prompting a user to provide an authorization input to one or more input devices physically connected to the computer system. While displaying the first user interface object, the computer system receives user input. In response to receiving the user input and in accordance with a determination that the user input includes the authentication input, the computer system initiates a process to enroll the biometric feature using a biometric sensor that is integrated with the external device.

Abstract: A computer-implemented method for executing a user instruction may include obtaining identification data of a user via a device associated with the user, wherein the identification data comprises at least a password, a user name, and biometric data of the user; determining, via the one or more processors, a login status based on the identification data; demonstrating, to the user, historical account data based on the login status, wherein the historical account data comprises at least historical biometric data associated with one or more historical logins; receiving, via the one or more processors, the user instruction based on the historical account data, wherein the user instruction comprises at least one of revoking a historical login, changing password, or signing out a historical device associated with a historical login of the one or more historical logins; and executing, via the one or more processors, the user instruction.

Abstract: A redundant decentralized microservice architecture, in which each of at least selected some of the microservices is executed multiple times by multiple microservice computing nodes acting as mirror sites after reaching a distributed consensus regarding the correct way/order in which the microservices are to be executed. Clusters of redundant microservice computing nodes work in intra-cluster consensus when responding to remote procedure calls (RPCs) by activating the associated microservices multiple times, and then sending multiple RPCs to additional clusters of redundant microservice computing nodes.

Abstract: An apparatus comprises a processing device configured to receive, at a web browser from a web-based service running on a web server, a request for signature of one or more messages using at least one cryptographic key pair comprising a public key made accessible to the web-based service running on the web server and a private key maintained in secure storage accessible to the web browser. The processing device is also configured to generate, at the web browser, one or more interface features permitting a given user to accept or deny the request for signature and, responsive to the given user accepting the request for signature of a given message, digitally signing the given message utilizing the private key of the cryptographic key pair. The processing device is further configured to provide, from the web browser to the web-based service, a response comprising the digital signature of the given message.

Abstract: Systems for packet handling over a network, the systems including a client device configured to communicate over a network, the client device further including a Multi Tenant Module-Client module (MTM-Client module) having processor-readable instructions to direct at least one client device processor to determine whether a packet is a Synchronize packet and, if so, the MTM-Client module opens a pair of streams with consecutive stream IDs to communicate over the network, and the first stream of the pair carries a 5-tuple and metadata for the communication from the client device, and the second stream of the pair carries the TCP packet for the communication from the client device.

Abstract: A system and method for interacting with a voice-assisted member interface hosted by a provider backend server of a provider using a voice enabled-apparatus hosted by an apparatus vendor separate and distinct from the provider, the voice-enabled apparatus including a microphone unit, a speaker and a processor coupled to the microphone unit and the speaker, the processor configured to cause the voice-enabled apparatus to perform one or more functions in response to audio signals received at the microphone unit.

Abstract: There is disclosed in an example a gateway device, including a hardware computing platform, and a secure domain name system (DNS) engine having circuitry and stored instructions to-program the circuitry, the secure DNS engine to communicatively couple to an endpoint via a local network, begin a secure DNS transaction with the endpoint, determine whether the endpoint supports delegated credentials, and after determining that the endpoint supports delegated credentials, establish a secure DNS session with the endpoint using a delegated credential.

Abstract: This disclosure is directed to devices, systems, and techniques for enforcing access to resources within a computer network. In some examples, a system includes a network managed by a service provider and configured to provide a plurality of microservices to a plurality of tenants each having one or more users and a controller having access to the network. The controller is configured to output, to a user interface, data indicative of a plurality of capabilities for presentation by the user interface and receive, from the user interface, data indicative of a user selection of a set of capabilities and a user selection of a new role identifier. The controller is further configured to create, based on the set of capabilities and the role identifier, a role which enables access to a set of actions within a computer network, the set of actions corresponding to the set of capabilities.

Abstract: Privilege capabilities can be implemented for devices used for container native function (CNF) operations according to some aspects described herein. In one example, a system can receive a request for executing a CNF using a device in a computing cluster. The CNF can involve an operation associated with a privileged capability. The system can determine the CNF is associated with a first credential for the privileged capability based on a data structure that stores process-level capabilities for the CNF and file handle level capabilities for the device. The system can determine the device is associated with a second credential for the privileged capability based on the data structure. In response to determining that the CNF is associated with the first credential and the device is associated with the second credential, the system can execute the CNF using the device in the computing cluster.

Abstract: A networking method for a household appliance, a household appliance, and a terminal device are provided. The household appliance is provided with a network module. According to the method, the network module receives router information and the account and the password of a router transmitted by a mobile terminal. The router information contains time-related data required for logging into the router; according to the router information and the account and the password of the router, log into the router.

Abstract: A network device for providing a LAN GUI to a client device. The network device receives a request for access by the client device to the LAN GUI. The network device analyzes a LAN GUI access whitelist and determines whether the client device is in the LAN GUI access whitelist. The client device is granted access to the LAN GUI without receiving a password from the client device when the client device is determined to be in the LAN GUI access whitelist. An address entry page may be presented to add the MAC address of the client device to the LAN GUI access whitelist and a password page may be presented to display the LAN GUI password. When the client device is not in the LAN GUI access list, a login page is presented for entering the password to obtain access to the LAN GUI.

Abstract: One or more network communications to discover one or more controllable devices on a network with which a premises automation system is associated is sent automatically. A set of one or more controllable devices on the network is determined based at least in part on a response received from said one or more network communications. An assigned name that is unique within the premises automation system is assigned automatically to each of said set of one or more controllable devices.

Abstract: Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key.

Abstract: Aspects of the present disclosure are directed toward systems, methods an apparatuses for hand off of clinical data during a medical event. Certain embodiments of the present disclosure include a first medical device configured to, during a first part of a medical event, monitor a patient and store clinical information and a second medical device. A second medical device may display at least some of the clinical information, modify operation of the second medical device, or store the clinical information.

Abstract: A data processing system for controlling data access to a secured resource of a distributed system implements receiving, from a first user device of a first user, a first request to access a secured resource and a first security token, the first security token including group information for one or more first access control groups associated with the secured resource of which the first user is a member; accessing group access policy information for groups associated with the secured resource; determining, based on the group information included in the first security token and the group access policy information, that the first user is a member of at least one group that is permitted to access the secured resource; and permitting the first user device of the user to access the secured resource responsive to determining that the first user is a member of at least one group that is permitted to access the secured resource.

Abstract: A communication method for a user terminal and a device terminal to exchange packets through a message broker, comprises the user terminal wrapping a first packet of a first communication protocol into a second packet with a second communication protocol and sending the second packet to the message broker, and the device terminal receiving the second packet from the message broker and obtaining the first packet wrapped in the second packet; or the device terminal wrapping a third packet of the first communication protocol into a fourth packet with the second communication protocol and sending the fourth packet to the message broker, and the user terminal receiving the fourth packet from the message broker and obtaining the third packet wrapped in the fourth packet. The first communication protocol is a communication protocol supported by the device terminal; the second communication protocol is a communication protocol supported by the message broker.

Abstract: A method including receiving, by a user device from an infrastructure device, an invitation link to enable the user device to receive network services from the infrastructure device; receiving, by the user device from the infrastructure device based on the user device activating the invitation link, seed information to be utilized by the user device to determine authentication information; transmitting, by the user device to the infrastructure device during an active communication session and based on determining the authentication information, a user request related to an action to be performed regarding receiving the network services, a portion of the user request being signed based on utilizing a first portion of the authentication information; and performing, by the user device, the action regarding receiving the network services based on a verification that the communication session is currently active is disclosed. Various other aspects are contemplated.

Abstract: A method including transmitting, by an infrastructure device to a user device, an invitation link to enable the user device to receive network services from the infrastructure device; transmitting, by the infrastructure device to the user device based at least in part on the user device activating the invitation link, seed information to be utilized by the user device to determine authentication information; receiving, by the infrastructure device from the user device during an active communication session, a user request related to an action to be performed regarding receiving the network services, the user request being signed based at least in part on utilizing a first portion of the authentication information; and enabling, by the infrastructure device, performance of the action regarding receiving the network services based at least in part on verifying that the communication session is currently active is disclosed. Various other aspects are contemplated.

Abstract: In order to use zero trust network resources distributed across multiple gateways, an agent is deployed on an endpoint of an enterprise network. The agent maps requests for specific applications to corresponding gateways. The agent may also multiplex or otherwise aggregate communications among different network applications and gateways in order to provide seamless, transparent access to the distributed resources at a single endpoint, and/or within a single interface.

Abstract: Service information (e.g., enhanced broadcast service (eBCS) information) may be distributed. Service (e.g., eBCS) capabilities may be advertised (e.g., by an access point (AP)), for example, by broadcasting a public action frame. A public action frame may include per-service information. A public action frame may be transmitted on a per service basis. A public action frame may combine authentication information and service information. Enhanced broadcast service origin authentication may be performed on a per service basis (e.g., using origin authentication information to authenticate broadcast data frames for a consumed service). Origin authentication information may be common to frames associated with different services. Services may be consumed without querying a service originating device. Stations (e.g., with and without association with an AP) may report consumption or usage of services, Reporting may be unsolicited or solicited (e.g., in response to a request from an AP).

Abstract: A system includes a processor configured to determine a driver identity. The processor is also configured to receive a request for a change to a driving mode and responsive to the request, enable or deny the driving mode based on mode-correlation to one of a predefined set of permissible driving modes pre-associated with the driver identity.

Abstract: This disclosure includes utilizing a token cryptogram with a browser to facilitate a transaction. A webpage of a website is configured to accept a token cryptogram in fields of the webpage. The webpage of the website may indicate that it is token-aware and is configured to accept the token cryptograms.

Abstract: Systems and methods for executing sequential suboperations over multiple communication networks. In some aspects, the system receives, via a first communication network, from an external system, an operation related to an aggregated virtual container. The system generates sequential suboperations including a first suboperation associated with a provider of the aggregated virtual container and the external system and a second suboperation associated with the user and the provider of the aggregated virtual container. If the first suboperation is executed successfully, the system transmits the second suboperation to a user system associated with the aggregated virtual container. If the second suboperation is executed successfully, the system generates a first message indicating that the operation has been executed and transmits the first message via the first communication network to the external system.

Abstract: A third-party server, delegated by organizations to manage application environment, may maintain a plurality of guided workflow plans. At least one of the guided workflow plans may include one or more steps associated with setting up an interaction control policy. The third-party server may receive an interaction report associated with the organization. The interaction report may include metadata of one or more devices that interacted with other devices. The third-party server may identify a particular device to which existing interaction control policies of the organization are inapplicable. The third-party server may search for additional out-of-band information of the particular device using the metadata in the interaction report. The third-party server may select an applicable guided workflow plan for setting up an applicable interaction control policy for the particular device. A guided workflow may be presented via a graphical user interface according to the applicable guided workflow plan.

Abstract: Embodiments of the present disclosure are directed to dynamic shadow operations configured to dynamically shadow data-plane resources in a network device. In some embodiments, the dynamic resource shadow operations are used to locally maintain a shadow copy of data plane resources to avoid having to read them through a bus interconnect. In other embodiments, the dynamic shadow framework is used to provide memory protection for hardware resources against SEU failures. The dynamic shadow framework may operate in conjunction with adaptive memory scrubbing operations. In other embodiments, the dynamic shadow infrastructure is used to facilitate fast boot-up and fast upgrade operations.

Abstract: A system for managing an authorization for a vehicle includes a vehicle-based memory module, and a communication module. The memory module includes a key list containing a multiplicity of entries for a multiplicity of digital keys, which can be allocated to individual users via a first electronic apparatus. Each digital key represents a vehicle authorization for a user, and each entry in the key list is assigned a unique identifier. The communication module is configured to transfer from the vehicle to the first electronic apparatus at least one identifier assigned to an unallocated entry in the key list.

Abstract: Disclosed are various approaches for generating a device posture token corresponding to a client device. The device posture token can be used by a verification computing device to determine whether the client device complies with the security policies of a particular facility.

Abstract: A geo-locations software management utility provides a method and system for passive authentication of an individual's geo-location via a communication network and for user authenticating images and video and social media content. Specifically a communication network based non-fungible token creation platform with integrated creator biometric authentication is disclosed.

Abstract: Disclosed methods include receiving, by a system, a request from a computing device for an information exchange between a first entity and a second entity, and then generating a first token request for a cryptographic token to be authorized to enable the exchange. In response to receiving an indication that authorization was declined, the system may cause the computing device to identify a different cryptographic token of a connected application. The different cryptographic token may be usable by the connected application to authenticate the first entity to a computer service associated with the connected application. The system may communicate with the computer service to approve use of the different cryptographic token by the system, and then generate a second token request for a substitute cryptographic token using information from the different cryptographic token. The system may complete, using the substitute cryptographic token, the exchange between the first and entities.

Abstract: A method includes for a plurality of devices, each of the plurality of devices having access to a first video stream from at least one of a plurality of streamers of the first video stream, confirming authorization to access the first video stream from one of the plurality of streamers of the first video stream, selecting a first streamer from the plurality of the streamers, receiving the first video stream from the first streamer, transmitting the first video stream to the plurality of devices having confirmed authorization.

Abstract: Secured data access in virtual data processing is described. An example includes instructions to receive a request from an application in a compute node of a compute cluster in a virtual data processing environment to access a secured data source for a user, the virtual data processing environment including a multiple secured data sources that are accessible by compute nodes of the virtual compute cluster; fetch a credential in a current application context and forward the credential for validation; validate the credential with a credential authority; and, upon successfully validating the credential, authenticate the user at the secured data source and establish a connection with the secured data source.

Abstract: A delivery system includes a database configured to store information of a customer where the information includes a default payment method, a communication system configured to communicate with an autonomous vehicle and with a device of the customer, where the device includes a display screen having a button to summon an autonomous vehicle, at least one processor, and a memory storing instructions. The instructions, when executed by the at least one processor, cause the delivery system to receive an indication via the communication system that the button on the device of the customer has been clicked, and instruct the autonomous vehicle to travel to a location of the customer.

Abstract: Systems for contactless authentication and event processing are provided. In some examples, a user may request processing of an event. The user may provide user identifying or event identifying information that may be transmitted to contactless processing computing platform. Based on the user identifying information, additional user data may be retrieved. An interactive authentication request may be generated and transmitted to the user computing device. The interactive authentication request may include a request for one or more types of authentication data. The user may input authentication response data into the user computing device, which may then be transmitted to the contactless processing computing platform for evaluation. The authentication response data may be evaluated to determine whether it includes a trigger, whether it matches pre-stored authentication data, and the like. In response, one or more authentication outputs may be generated and/or the requested event may be processed or denied.

Abstract: A method reconfigures an IoT device which is connectable to a cloud backend. The method includes: storing an access code that is input locally in the cloud backend and storing the access code or check information formed on the basis thereof on the IoT device. The method further includes reconfiguring the IoT device, requesting the access code from the cloud backend, inputting the requested access code on a local configuration interface of the IoT device or on an input device connected to the local configuration interface of the IoT device, and comparing the input access code against the access code stored on the IoT device, or the check information formed on the basis thereof. The IoT device is enabled for reconfiguration upon a positive comparison of the input access code against the access code stored, or the check information formed on the basis thereof.

Abstract: Embodiments of a device and method are disclosed. In an embodiment, a method for network security involves determining whether a device connected to a network port of a switch of a network is a native device or a non-native device for the network and in response to determining whether the device is the native device or the non-native device for the network, performing native device authentication or non-native device authentication.

Abstract: The present invention is generally related to systems and methods for providing an improved authentication and verification system through the use of compiled user data and unique user action data collected by the system from a prompted movement analysis. The system may collect and analyze multiple instances of user actions using intelligent machine learning techniques in order to identify patterns unique to the user. The system may then use this information in conjunction with other known information in order to determine the veracity of attempted user authentication or authorization requests.

Abstract: Disclosed herein are system, method, and computer program product embodiments for securely performing a password change. An embodiment operates by receiving a password change request from a user. The password change request comprises an encrypted version of a new password for the user, a cleartext version of the new password, and a login name for the user. The embodiment then executes a command from a password rotator user account with the cleartext version of the new password, the encrypted version of the new password, and the login name. The embodiment then retrieves a public key associated with the login name. The embodiment then determines, based on the public key, that the password change request comes from the user and that the cleartext version of the new password has not been modified. The embodiment then sets the password of a user login associated with the user to the new password.

Abstract: A unified authentication server is configured to allow a user to be authenticated with multiple different third-party authentication providers, by accessing a copy of an authentication web page of a third-party authentication provider, and extracting at least a portion of the authentication web page to generate a modified authentication web page streamed to the user via an application interface. The unified authentication server receives actions from the user at the application interface and automatically applies them to the authentication web page, and periodically refreshes the modified authentication web page so that changes to the authentication web page are propagated to the modified authentication web page displayed to the user. The user is thus able to be authenticated with different third-party authentication providers through the same application interface, without the unified authentication server having to possess knowledge of the specific login process of the third-party authentication provider.

Abstract: Cloud delivered access may be provided. A network device may provide a client device with a pre-authentication virtual network and a pre-authentication address. Next, a policy may be received in response to the client device authenticating. The client device may then be moved to a post-authentication virtual network based on the policy. A post-authentication address may then be obtained for the client device in response to moving the client device to a post-authentication virtual network. Traffic for the client device may then be translated to the post-authentication address.

Abstract: Embodiments for processing authentication tokens in a system with multiple Representational State Transfer (REST) servers and clients. An intelligence process for multiple processes or multiple REST clients in an OS effectively communicates with multiple REST servers and proactively manages each server's authentication token. A shared library is loaded into a process that uses shared memory to manage the generation and expiry of a token and to communicate with a supported REST server through a single function call. The REST Authentication token will be generated for each REST server and stored in the shared memory which will be reused across multiple processes that use the library. The REST token will be validated for each function call.

Abstract: One example provides a method for authenticating a computing device received from a manufacturer, the method including establishing a secured connection with the computing device, receiving, from the computing device, a first set of security artifacts, and retrieving, from a secure cloud storage location, a second set of security artifacts, the second set of security artifacts including the EK public key and the PCR values for the computing device obtained during manufacturing. The method further comprises, when the first set of security artifacts matches the second set of security artifacts, then verifying the computing device as trusted and permitting communication between the computing device and a secured computing environment, and when the first set of security artifacts does not match the second set of security artifacts, then not verifying the computing device as trusted and not permitting communication between the computing device and the secured computing environment.

Abstract: Disclosed are various approaches for secure inter-application communication with unmanaged applications using certificate enrollment. A certificate signing request can be received from an unmanaged application via an inter-application communication method supported by an operating system of a computing device, and an identity of the unmanaged application can be verified. The certificate signing request can be provided to a certifying authority, and a certificate can be received from the certifying authority. The certificate can be provided to the unmanaged application.

Abstract: A server may perform server side authentication of a user device. The user device may generate a first authentication string by performing a hash function on a username, a password, and a first salt. The first authentication string may be registered with the server for subsequent login attempts. At login, the user device generates the first authentication string and transmits the first authentication string to the server. When the authentication strings match, the user device is authenticated. The user device may also update the first authentication string. The server may provide the first salt and a second salt to the user device. The user device may generate a first authentication string and a second authentication string from the first salt and the second salt, respectively. When the first authentication strings match, the server may update the user device's authentication string by replacing it with the second authentication string.

Abstract: A system and method are disclosed that leverage multi-factor authentication features of a service provider and intelligent call routing to increase security and efficiency at a customer call center. Pre-authentication of customer support requests reduces the potential for misappropriation of sensitive customer data during call handling. A contactless card uniquely associated with a client may provide a second factor of authentication via a backchannel to reduce the potential for malicious third-party impersonation of the client prior to transfer of the call to the customer call center. Pre-authorized customer support calls may be intelligently and efficiently routed directly to call center agents, without incurring further delay. During call handling, call center agents may initiate further client authentication processes, including contactless card authentication requests, over one or more different communication channels for authorizing access to sensitive information or to allay suspicion.

Abstract: Access to a system is permitted by first polling a low-power device/connection on a user device for a low-power multifactor authentication (MFA), and; refraining from polling a high-power device/connection on the user device for a high-power MFA. An indication is received from a user that the user would like to access the system. The low-power MFA is identified via the polling of the low-power device/connection, and the user is authenticated via the low-power MFA. After authenticating the user via the low-power MFA, the high-power device/connection is woken and polled for the high-power MFA. The high-power MFA is identified via the polling of the high-power device/connection, and the user is authenticated via the high-power MFA. Access to the system is permitted when the user has been authenticated using the low-power MFA and the high-power MFA.

Abstract: A display method, a display device, and an electronic device are provided. The method includes: determining, in response to a current account not having an access authority for accessing a target file, an associated account of the current account, where a user corresponding to the associated account matches a user corresponding to the current account; and displaying prompt information based on a relevant authority of the associated account for the target file, where the relevant authority includes at least one of an access authority and an application authority.

Abstract: A security platform architecture is described herein. The security platform architecture includes multiple layers and utilizes a combination of encryption and other security features to generate a secure environment.

Abstract: A system for protecting personal information uses a challenge and an encrypted copy of the challenge in the form of a message authentication code (MAC) to provide authentication among multiple parties. The challenge is received by a first party from a second party. The challenge is encrypted by the first party to form the MAC and then both the challenge and the MAC are returned to the second party. The second party authenticates the first party by confirming the challenge. The second party sends the MAC and challenge to the third party. The third party decrypts the MAC using a key shared with the first party. When the decrypted MAC matches the challenge, the first party is authenticated to the third party. The process is applicable to transaction processing to limit compromise of payment instrument details.

Abstract: Embodiments are generally directed to techniques and devices to communicate a first communication to a mobile device, the first communication including first data to cause the mobile device to download a mobile application, communicate a second communication to the mobile device, the second communication comprising second data comprising a task identifier, the second data to cause the mobile application to perform an authentication task associated with the task identifier, determine the user is authenticated by the authentication task, and enable the mobile device to perform sensitive actions.