Abstract: A contactless card with power harvesting unit is described. The power harvesting unit is configured to harvest power from near field communication radio wave fields and supply power to a memory, processor, and communication circuit of the contactless card. In some embodiments, the contactless card may also include a capacitor for smoothing out power deliver or a rechargeable battery. The contactless card is configured to establish two-way communication with a secondary device and to store and execute applets. In some embodiments, the contactless card is a payment card which contains information associated with a primary profile and a secondary profile. The secondary profile may be activated using two-way communication if the primary profile is deactivated due to fraudulent activity.

Abstract: Methods, systems, and storage media for multi-cloud data connections for white-labeled platforms are disclosed. Exemplary implementations may: receive an indication of a plurality of applications to be accessed; receive authentication information for the plurality of applications; establish a plurality of data connections to the plurality of applications, if authenticated with the authentication information; receive application data received from the plurality of data connections; normalize the application data to provide normalized data; generate a customizable feed with display parameters and displaying the normalized data according to the display parameters; and generate a visualization dashboard with visualization parameters and displaying the normalized data according to the visualization parameters.

Abstract: Provided is a system for face authentication which can operate separately for individual providers of face authentication service in a stable and efficient manner. The system includes: face authentication machines; an administrator terminal; a face management server for storing face image data of registered users; and face matching servers, each configured to generate face feature amount data of a person to be verified from image data acquired from a camera of a face authentication machine and to perform a matching operation by comparing the face feature amount data of the person with that of the registered users. Prior to face authentication, data of associations between face authentication machines and face matching servers entered by an administrator is transmitted from the administrator terminal to the face management server.

Abstract: Systems and methods for embodiments of a graph based artificial intelligence systems for identity management are disclosed. Embodiments of the identity management systems disclosed herein may utilize a network graph approach to analyzing identities or entitlements of a distributed networked enterprise computing environment. Specifically, in certain embodiments, an artificial intelligence based identity management systems may utilize the peer grouping of an identity graph (or peer grouping of portions or subgraphs thereof) to identify roles from peer groups or the like.

Abstract: Provided is a system for face authentication which can operate separately for individual providers of face authentication service in a stable and efficient manner. The system includes: face authentication machines; an administrator terminal; a face management server for storing face image data of registered users; and face matching servers, each configured to generate face feature amount data of a person to be verified from image data acquired from a camera of a face authentication machine and to perform a matching operation by comparing the face feature amount data of the person to be verified with that of the registered users. Prior to face authentication, data of associations between face authentication machines and face matching servers entered by an administrator is transmitted from the administrator terminal to the face management server.

Abstract: Cross-session acquisition of a verifiable credential. The first session includes generating a user secret known to the first session and to the user, and the generation of an encrypted identity token that includes claims about authentication of the user and the user secrete. In the second session, a second computing system uses the acquired identity token to get a verifiable credential. The user is prompted to prove knowledge of the user secret within the identity token. In response to successful proof of this knowledge and validation of the identity token, the issuer system issues a verifiable credential that relies upon one or more claims that were included within the identity token, and then provides the verifiable credential to the user.

Abstract: Provided are systems and methods for verifying an identity of a user based on a data mesh created from various sources of truth. In one example, a method may include establishing, via a host platform, a first and a authenticated communication channel between a host server of a user account and a host server of a second user account, retrieving, via the first and second authenticated communication channels, PII of the user from the first and second user accounts and combining the PII into a meshed data set, determining a difference between the PII within the meshed data set, and verify an identity of the user based on the determined difference between the PII within the meshed data set and transmitting the verification to a computer system.

Abstract: A method for data processing that includes receiving an indication of a configuration for a first action of a communication process flow that controls electronic communications between a tenant of a multi-tenant system and a first set of users associated with the tenant. The method further includes associating, within a storage location associated with the tenant, a unique identifier with metadata that defines the configuration. The method further includes receiving a request to apply the configuration to a second action of a communication process flow that controls electronic communications between the tenant and a second set of users associated with the tenant. The request may indicate the unique identifier associated with the metadata. The method further includes retrieving the metadata from the storage location using the unique identifier indicated by the request. The method further includes applying the configuration to the second action using the retrieved metadata.

Abstract: A method is described. The method includes adding privileges using discrete modular steps to an account based on a requested activity to be performed during a session. The method also includes logging the account into the session with the added privileges. The method further includes removing the privileges using discrete modular steps from the account after the session.

Abstract: Examples disclosed herein relate to security dominion of a computing device. A management controller of the computing device can access a physical owner token pertaining to a physical owner of the computing device. The management controller can access a security dominion owner token pertaining to a security dominion owner of the computing device. The security dominion owner token tracks accountability for a security feature of the computing device. A security dominion owner associated with the security dominion owner token is initially set to a first entity.

Abstract: A method for accessing a data repository by a service is described. The method includes requesting an authenticator for credentials using a role-based identity. The services receives, from the authenticator, temporary data repository access credentials that are based on the role-based identity. The temporary data repository access credentials are abstracted from the credentials. The service accesses the data repository using the temporary data repository access credentials.

Abstract: A rollover system is provided to facilitate transitioning of client devices in a shared account network environment, from an old password to a new replacement password. The switching of passwords may take place gradually during a rollout period for client devices without required downtime and reducing a risk of lockouts. During the rollover period, a prior salt is temporarily carried over to a new verifier for the replacement password. Two new verifiers are generated: a temporary new verifier using the old salt for verification during the rollover period and another new verifier using a different new salt for verification after the rollover period had expired. During the rollover period, authentication involves the use of the temporary new verifier with the old salt or by the old verifier and old salt of the prior password. After the rollover period, authentication is based on the new verifier with a new salt.

Abstract: Provided is a system for face authentication which can operate separately for individual providers of face authentication service in a stable and efficient manner. The system includes: face authentication machines; an administrator terminal; a face management server for storing face image data of registered users; and face matching servers, each configured to generate face feature amount data of a person to be verified from image data acquired from a camera of a face authentication machine and to perform a matching operation by comparing the face feature amount data of the person with that of the registered users. Prior to face authentication, data of associations between face authentication machines and face matching servers entered by an administrator is transmitted from the administrator terminal to the face management server.

Abstract: An electronic device for face recognition is provided. The electronic device is used to exclude an ineligible object to be identified according to the relative relationship between object distances and image sizes, the image variation with time and/or the feature difference between images captured by different cameras to prevent the possibility of cracking the face recognition by using a photo or a video.

Abstract: A service providing system, an application usage method, and an information processing system. The service providing system receives from the terminal device, a request for registering a user to a second tenant in which the user can use the application, the request designating identification information of the user registered in the first tenant and identification information of the application, and registers the user and the application in the second tenant as a user who can use the application.

Abstract: A system and method for protecting secret data items using multiple layers of encryption with multiple encryption keys, a Secure Element, and a sandbox on an electronic device includes a secret data item manager. The secret data item manager encrypts secret data items using a hardware encryption key and the Secure Element. It encrypts the transient secret cipher data with an account encryption key to generate and store repository account cipher data. It further encrypts the account encryption key to generate and store the repository account key cipher data with a root encryption key. The manager also derives a secondary encryption key from a user account password, encrypts the root encryption key with the secondary key to generate the transient root encryption key, encrypts the transient root encryption key using the hardware key to generate the repository root encryption key cipher data, and stores repository root encryption key cipher data.

Abstract: An example implementation may involve a media playback system detecting two or more playback devices of a given type. The implementation may further involve transmitting, to a particular playback device of the detected playback devices, an instruction that causes the particular playback device to emit a given sound. The implementation may also involve receiving an identification of the particular playback device and displaying, via a graphical interface, one or more prompts to join the particular playback device into the media playback system.

Abstract: An apparatus for traffic security processing in a slicing service of mobile edge computing according to an embodiment of the present invention includes: a plurality of security modules for analyzing a received packet to respectively execute security functions suitable for slicing security of mobile edge computing; a controller for managing a slicing security module list in the mobile edge computing; and a main security module for analyzing a received packet on the basis of the slicing security module list to determine a security function to be executed and priority of the security function to be executed, wherein the controller transmits the received packet to at least one corresponding security module among the plurality of security modules according to the priority of the security function to be executed, which is determined by the main security module.

Abstract: A method includes receiving from a user an SMS message request for a UAV-based agricultural service; in response to receiving the SMS message request, transmitting to the user one or more prompts with predefined response options; generating a UAV-based agricultural service work request based on responses from the user to the prompts that comprise selections of predefined responses; transmitting automated voice calls to a plurality of UAV operators requesting acceptance of the UAV-based agricultural service work request; in response to receiving an acceptance from an accepting UAV operator during a voice call, transmitting a one-time password to the accepting UAV operator; receiving an access request from the accepting UAV operator comprising the one-time password; and in accordance with a successful authentication based on the one-time password, associating the UAV-based agricultural service work request with the pre-establish account associated with the accepting UAV operator.

Abstract: Systems, methods, apparatuses, and computer program products for unified data repository selection and parameters that can be associated with such selection are provided. For example, a method can include identifying, by a network element, a capability of a repository to store data applicable to all user equipment devices in a network. The method can further include selecting, by the network element, the repository from a plurality of repositories based on the identified capability.

Abstract: An approach is disclosed on a blockchain platform for authenticating clients. A public and private key is created at a client device. The private key into is split two or more parts. The split private key part is split into to two or more client devices including a first client device and a remaining client devices. Signing to authenticate a challenge to login using a partial key part occurs at the first client device. The challenge is sent to the remaining client devices wherein the remaining client devices that sequentially sign using short range wireless network connection and respond back to the challenge to login without a password.

Abstract: Responsive to a user instruction or a security breach occurring in an enterprise computing environment, an emergency shutdown and restore module is adapted to obtain and evaluate an identity population definition to determine a population of identities (e.g., a forensic team) associated with accounts distributed across applications in the enterprise computing environment. The emergency shutdown and restore module is further adapted to determine source systems of such accounts and communicate with those source systems via source-specific connectors. The emergency shutdown and restore module can respectively request the source systems to shut down access to the applications by the accounts associated with the population of identities, or to exclude the accounts associated with the population of identities in shutting down access to the applications. After performing a security breach analysis, the emergency shutdown and restore module can request the source systems to restore access respectively.

Abstract: A method including receiving, by a user device, first validation data based at least in part on transmitting a first service request to receive a first network service; receiving, by the user device, the first network service by providing signed first validation data based at least in part on authenticating first biometric information; transmitting, by the user device while receiving the first service, a second service request to receive a second network service; receiving, by the user device, second validation data based at least in part on transmitting the second service request; and receiving, by the user device, the second network service by providing signed second validation data based at least in part on authenticating second biometric information is disclosed. Various other aspects are contemplated.

Abstract: Customers at a premises attempting to connect a new wireless device, such as a mobile phone or tablet to an available wireless network (Wi-Fi), receive network login information such as an Wi-Fi SSID (service set identification) and Password through a system generated equivalent QR code that can then be scanned to automatically connect to the Wi-Fi network. The system receives a request for Wi-Fi settings at a premises, identifies customer equipment associated with the premises, identifies an Wi-Fi SSID (Service Set Identification) and password associated with the customer equipment, generates a QR (Quick Response) code representing the Wi-Fi SSID and password, sends the QR code to one or more devices associated with the premises for display and subsequent scanning at the premises.

Abstract: The present teaching relates to method, system, medium, and implementations for authenticating a user. A first request is received to set up authentication information with respect to a user, wherein the first request specifies a type of information to be used for future authentication of the user. It is determined whether the type of information related to the user poses risks based on a reverse information search result. The type of information for being used for future authentication of the user is rejected when the type of information is determined to pose risks.

Abstract: A telecommunications network server system provides a digital identifier to a user device. The digital identifier may include identification data corresponding to a user of the user device. In addition, the telecommunications network server system receives, from one or more third-party systems, requests to authenticate the user for an electronic transaction with the respective third-party system. The telecommunications network server system provides a unique electronic transaction code to each third-party system. Responsive to receiving from the user device one of the unique electronic transaction codes, the telecommunications network server system provides, to the respective third-party system, authentication of the user.

Abstract: Systems and methods for providing identity verification services to users by providing a staking mechanism to incentivize participants in an identity verification system to be truthful and accurate and determining validator accuracy and associated setting of fees for using validator attestations to create an efficient, private and secure system.

Abstract: A method for pervasive resource identification includes receiving an authentication request from a first application service. The authentication request requests authentication of a user of a user device. The method includes obtaining device information associated with the user device of the user and generating a unique opaque identifier for the user device based on the device information. The method includes obtaining authentication credentials from the user device. The authentication credentials verify an identity of the user. In response to receiving the authentication credentials from the user device, the method includes generating an authentication token and encoding the unique opaque identifier into the authentication token. The method also includes transmitting the authentication token to the first application service.

Abstract: Embodiments described herein provide a system for facilitating dynamic content distribution in an enterprise environment. During operation, the system determines a set of logical groups based on a set of grouping criteria. A respective logical group can include one or more devices managed by a controller and a network that provides connections among the one or more devices. The system categorizes the set of logical groups based on exogenous information associated with a respective logical group and determines a corresponding condition of measurement for a respective category of links in the enterprise environment. The system then schedules a link for measurement based on the condition of measurement and the categorization of the set of logical groups.

Abstract: The present disclosure describes systems and methods for augmented reality inventory tracking and analysis that identifies devices based on a combination of features, retrieves a configuration or other characteristics of the selected device and presents the configuration as a rendered overlay on a live image from the camera.

Abstract: Systems and methods for linking an authentication account to a device may include processor(s) to maintain a plurality of authentication profiles, each authentication profile corresponding to a respective user and including at least one profile image, an immutable identifier, and authentication data used to authenticate the respective user. The processor(s) may receive a request including the device key, an immutable identifier, and a biometric image captured by a camera of a client device. The processor(s) may identify a subset of authentication profiles having respective immutable identifiers that match the immutable identifier from the request. The processor(s) may compare feature(s) extracted from the biometric image of the request to features extracted from the a profile image of the subset of authentication profiles, and link the device key of the client device with an authentication profile in a data structure to register the client device with the authentication server.

Abstract: Systems and methods for improved security authentication are disclosed. In some embodiments, an improved system for security authentication may include a plurality of computing devices, and a server system communicatively coupled to the plurality of computing devices. The server system may be configured to receive a request for security authentication, determine an authorization providing computing device from among the plurality of computer devices based on authentication preferences stored in a database communicatively coupled to the server system, generate and transmit authentication information to the determined authorization providing computing device, receive, from an initiating computing device an authentication input, determine whether the received authentication input matches the transmitted authentication information, and complete the request for security authentication when the received authentication input matches the generated and transmitted authentication information.

Abstract: Example methods, apparatuses, and systems are presented that allows a user to make a secure purchase online, directly through accessing an online advertisement and without being redirected to multiple, cumbersome webpages to process different pieces of information to complete the transaction, while still leveraging existing e-commerce entities, such as existing payment platforms and existing ad/content networks. The present system includes a commerce ads engine (CA engine) that interfaces with the user through an app associated with the CA engine, a tokenization platform for authentication of the user, and a merchant providing relevant offer and check out information about a product being advertised in an online ad.

Abstract: The present disclosure relates to systems and methods to generate user or user group behavior similarities based on computing distances between individual users or user groups and without using demographic data, e.g., based on anonymized data. The methods include creating a multidimensional vector representation for each user in a group by summarizing user's behaviors across various categories. Based on the created vectors, distance calculation and nearest neighbor search are performed to locate users that are most similar to target users. The resulting distance metrics may be used to rank similarities. Additionally, dimensionality reduction may be performed to further distill the behavior information to make the disclosed methods suitable for a variety of analytics and modeling tasks.

Abstract: A printer has a function of restricting a number of printing during a particular period for each user ID. When printing is performed, a computer updates a counter value of the number of printing associated with a user ID corresponding to the printing, and restricts printing corresponding to the user ID when the counter value reaches an upper limit. When an individual operator is operated in an administrator PC, the computer initializes the counter value associated with the user ID corresponding the individual operator.

Abstract: A method for enhanced website navigation comprises receiving a first web page at a web browser, parsing the HTML of the web page to identify a favicon, associating the favicon with a link to a second web page and displaying the first web page in the browser window in a browser tab that includes the favicon. The method further includes listening for a user interface event with respect to the favicon portion of the tab and navigating to the second web page based on the user interface event with respect to the favicon portion of the tab.

Abstract: Disclosed herein are methods, devices, and systems for provide a new two-factor or user authentication procedure. In a scenario in which a user is enrolled in the verification system, a method can include receiving, at a network-based server, a unique identifier associated with a user that desires to access a service from an application or a website, identifying a typing profile associated with the unique identifier and presenting a reference text on a user device of the user. The method can include receiving a typing pattern of the user and determining whether there is a match between the typing pattern and one or more previously recorded typing patterns for the user. When the determination indicates that the user is verified, the method includes presenting a one-time password on a display of the user device. The user enters the one-time password into an input field and validating, via the network-based server, the one-time password.

Abstract: Cloud storage systems and methods are described for providing event-based user state synchronization among the various cloud elements. A global user directory is maintained on a remote cloud storage system. The global user directory includes a plurality of global user definitions associated with a plurality of user accounts, where each of the user accounts has access to at least one of a remote file system hosted by the remote cloud storage system and a local file system hosted by a local cloud storage system. As global user definition are altered on the remote cloud storage system, user events are generated and communicated to the local cloud storage system, where they are applied to synchronize the local user definitions with the global user definitions. The invention facilitates centralized control of user definitions, near real-time event delivery to local cloud storage systems, and separation of authentication processes from customers' active directory services.

Abstract: A method for determining a behavior of a smart card, which may be implemented by a server. The method includes operations for obtaining a first reference time data corresponding to a time for setting a smart card clock, and a second reference time data corresponding to a time for reading a first time data from the clock, determining a time drift associated with the smart card based on the first reference time data and on the second reference time data, and determining a behavior of the smart card from the time drift.

Abstract: A computer-implemented process, computer program product, and system for dynamic change of a password under a brute force attack. A computer processor determines a quantity of consecutive unsuccessful attempts to access the targeted item protected by a password. Responsive to the quantity of consecutive unsuccessful attempts to access the targeted item exceeding a predefined threshold, the computer processor acquires a new password for access to the targeted item, wherein the new password is based on a more complex set of password generation rules than a current password. The computer processor changing the current password of the targeted item to the new password, and in response to changing the current password of the targeted item to the new password, the computer processor sends an encrypted message regarding the new password to a user associated with the targeted item.

Abstract: An approach for improving endpoint security. The approach requests security capabilities from endpoints of communications. The approach can analyze the differences between the security capabilities of the endpoints. The approach can negotiate a security capability supported by the endpoints of the communication. The approach can determine if the negotiation succeeded. If the negotiation failed, then the approach can create a report describing capabilities of the endpoints and suggesting changes to improve the endpoint security. The approach can send the report to the appropriate interested personnel.

Abstract: First data indicating performance of authentication that is performed by a first apparatus that performs authentication based on an electronic key acquired from a mobile apparatus is acquired, and second data including an operation command for a second apparatus is generated based on the first data, and the second data is transmitted to the second apparatus.

Abstract: A service processing method, apparatus, and storage medium of a blockchain system are provided. The service processing method includes obtaining authentication information of a service participant; determining whether data in the authentication information of the service participant is updated; generating, based on the data in the authentication information of the service participant being updated, a notification message according to the updated data; and transmitting the notification message to a service processing node subnetwork, the notification message instructing one or more service processing nodes in the service processing node subnetwork to process a service request according to updated authentication information of the service participant.

Abstract: A method for joining an association that includes receiving, by a first cluster, an association access credential and a unique address of an association manager, generating, based on the association access credential, an association access request, sending, to the unique address, the association access request, receiving, in response to the sending, association information, and initiating, based on the association information, a connection to a second cluster in the association.

Abstract: Disclosed are embodiments for authentication and authorization in a 5G network between an edge enabler client (EEC) of a UE and an edge configuration server (ECS). The embodiment include performing primary authentication with the 5G network to obtain a KAUSF; generating a Kedge and a Kedge ID using the KAUSF and a subscription permanent identifier (SUPI); providing the Kedge and the Kedge ID to the EEC to cause it to compute a MACEEC using the Kedge and an EEC ID; and sending to the ECS an application registration request, the application registration request including the EEC ID, MACEEC, and Kedge ID.

Abstract: Methods, systems, and apparatuses are described herein for improving the accuracy of synthetic authentication questions by analyzing third party account data. A request for access to a first account associated with a user may be received. The first account may be managed by a first organization. A transactions database might be queried for first account data. Second account data corresponding to a second account associated with the user might be received. That second account may be managed by a second organization different from the first organization. One or more second transactions, unique to the second account, may be identified. A synthetic transaction, configured to be different from transactions in the first account and the one or more second transactions, may be generated. An authentication question may be generated based on the synthetic transaction. Access to the first account might be provided based on a response to the authentication question.

Abstract: A communications device (100) for classifying an instance (110) using Machine Learning (ML) is provided. The communications device is operative to acquire a feature vector representing the instance, classify the instance using a local first ML model, calculate a confidence level, and, if the calculated confidence level is less than a threshold confidence level, acquire information identifying one or more other communications devices, and transmit a classification request message comprising the feature vector to the one or more other communications devices.

Abstract: Systems and methods include establishment of a first database session with a first database user, determine first session variable values associated with the first database session, the first session variable values including a first tenant value, determine a first workload class based on the first tenant value and on zero or more of the other first session variable values, the first workload class including first parameter values specifying first resource consumption limits, and manage resource consumption of the first database session based on the first parameter values.

Abstract: A memory module includes one or more programmable ECC engines that may be programed by a host processing element with a particular ECC implementation. As used herein, the term “ECC implementation” refers to ECC functionality for performing error detection and subsequent processing, for example using the results of the error detection to perform error correction and to encode corrupted data that cannot be corrected, etc. The approach allows an SoC designer or company to program and reprogram ECC engines in memory modules in a secure manner without having to disclose the particular ECC implementations used by the ECC engines to memory vendors or third parties.

Abstract: Systems and methods authenticate an end user of an enterprise with an external service provider. The enterprise comprises an identity provider and an entitlements data store that communicate via web services calls. The identity provider makes a determination of whether an end user is authorized to access the external service provider based on: (i) authentication of the end user by the identity provider; and (ii) data from the entitlements data store for the end user with respect to the external service provider. Upon a determination by the identity provider that the end user is authorized to access the external service provider, the identity provider send a SAML token to the end user. The SAML token comprises an XML representation of entitlement information for the end user for the external service provider.