Abstract: A method for execution by one or more processing modules of one or more computing devices of a dispersed storage network (DSN), the method begins by determining a DSN node configuration automatically during deployment. The method continues by modifying the DSN node configuration to enable/disable specific hardware features. The method continues by modifying the DSN node configuration to test hardware failure scenarios. The method continues by modifying the DSN node configuration for component replacement procedures. The method continues by reporting the modified DSN node configuration to a DSN management unit and providing a status on component and health of the DSN node to an operator of the DSN.

Abstract: Systems and methods for device-agnostic, multi-factor network authentication are disclosed. In some embodiments, a wireless network connection can authenticate a device over secure authentication means with a certificate that confirms a device identity. After authenticating the device, a user can be prompted to provide credentials in a captive portal. The captive portal can be inaccessible to devices that have not already authenticated using a certificate. After providing approved credentials to the captive portal, the user can access the network. This embodiment and additional embodiments are readily integrated into private wireless networks and others.

Abstract: Authentication with security in wireless networks may be provided. A first confirm message comprising a first send-confirm element and a first confirm element may be received. Next, an Authenticator Number Used Once (ANonce) may be generated and a second confirm message may be sent comprising the ANonce, a second send-confirm element, and a second confirm element. Then an association request may be received comprising a Supplicant Number Used Once (SNonce) and a Message Integrity Code (MIC). An association response may be sent comprising an encrypted Group Temporal Key (GTK), an encrypted Integrity Group Temporal Key (IGTK), the ANonce, and the MIC. An acknowledgment may be received comprising the MIC in an Extensible Authentication Protocol (EAP) over LAN (EAPoL) key frame and a controller port may be unblocked in response to receiving the acknowledgment.

Abstract: Among other things, this document describes systems, methods, and apparatus for monitoring and protecting a user credential issued by an organization when that credential is used outside that organization's network security perimeter. For example, a reverse proxy server (RPS) receives a client request directed to a content provider's site. The RPS initiates a process that involves parsing the request message and extracting a user credential. The RPS locates a credential policy from the credential owner based on the user credential. The RPS can issue an API request to a credential service that is authoritative for the credential. That credential service may return a directive to the RPS specifying how to handle the client request message. Preferably, the operation is transparent to the content provider whose site was the target of the client's request message. Activity records can be presented in visualizations that enhance security analysts' tactical comprehension at a glance.

Abstract: A device comprises: a receiver configured to receive a client certificate; a processor coupled to the receiver and configured to: authenticate the client certificate, extract, in response to the authentication, attributes from the client certificate, and create, in response to the extraction, a message comprising reformatted attributes based on the attributes, wherein the reformatted attributes can be trusted; and a transmitter coupled to the processor and configured to transmit the message. A device comprises: a processor configured to: process a client certificate comprising a certificate identifier (ID) attribute, a tenant ID attribute, and a role ID attribute, and package the client certificate in a request for a shared service; and a transmitter coupled to the processor and configured to transmit the request.

Abstract: Embodiments of the present invention provide an automated network security system for dynamically managing network security rules. The system uses a cognitive engine to capture network traffic and analyze behavioral data about said network traffic. Based on analysis of the behavioral data, the system may identify one or more vulnerabilities in the network security system and determine one or more changes to the network security rules to remedy the one or more vulnerabilities. The system further uses a robotic process automation system to test and simulate the one or more changes.

Abstract: A technique and system provide protection to a protected document while being viewed on a Web browser or mobile application on a mobile device, such as a smartphone or tablet. Methods, techniques, and systems control access to protected documents and use of content in protected documents to support information management policies.

Abstract: A vehicle includes a controller, programmed to responsive to wirelessly connecting to a mobile device using a mobile credential issued from a server within a time frame specified in the mobile credential, issue an access token to the mobile device, and responsive to receiving a command authorized by the access token from the mobile device, route the command to a vehicle subsystem for execution.

Abstract: Authentication translation is disclosed. A request to access a resource is received at an authentication translator, as is an authentication input. The authentication input corresponds to at least one stored record. The stored record is associated at least with the resource. In response to the receiving, a previously stored credential associated with the resource is accessed. The credential is provided to the resource.

Abstract: Methods, apparatus, and systems are provided to secure access to an account of a user. The account may have a system administrator. The user may have a credential for accessing the secure data on the account. The methods, apparatus, and systems involve setting a universal reset credential associated with the account, denying the system administrator of the account permission to change the first credential of the access feature, and permitting the system administrator to reset the access feature from the first credential to the universal reset credential.

Abstract: Technology for interoperability is disclosed by enabling the sharing of application state data for an application experience across computing devices, operating systems, applications, or locations. In one aspect, a secondary application shares encrypted state data along with a non-encrypted hint that describes the application experience reflected in the state data with a primary application. The primary application is then able to use the hint to determine that a user is interested in returning to the experience in the secondary application. The primary application then transfers the encrypted state data to the secondary application which uses the state data to return the application to the application experience. A platform and application programming interface (API) are provided for computer applications and services to store and retrieve application state data associated with an event.

Abstract: The present disclosure relates to techniques for helping targeted users determine whether it is safe to supply personal information requested by a web site. In one embodiment, a method generally includes extracting textual content from a web page that requests information from a user and determining, based on the textual content, the type of information requested. A service type the web page provides is also determined based on the textual content. The service type and the information type are then compared to a set of predefined rules to determine a risk level associated with the web page. A visual indicator of the risk level is then displayed with the web page.

Abstract: There is disclosed a method of establishing trust between an agent device and a verification apparatus, the method comprising: obtaining, at the agent device, a trust credential, wherein the trust credential relates to an aspect of the agent device and comprises authentication information for identifying at least one party trusted by the verification apparatus and/or device data relating to the agent device; transmitting, from the agent device to the verification apparatus, the trust credential; obtaining, at the verification apparatus, the trust credential; analysing, at the verification apparatus, the trust credential; determining, at the verification apparatus, whether the agent device is trusted based on the analysis; and responsive to determining the agent device is trusted, establishing trust between the agent device and the verification apparatus.

Abstract: Embodiments of the present invention enable setup synchronization of an end user medical device such as a blood glucose meter. Some embodiments may include a controller including a memory; a transceiver operatively coupled to the controller; and a host computer interface operative to couple the controller to a host computer, wherein the memory is operative to store instructions executable on the controller. The instructions are adapted to cause the controller to scan for an advertising medical device using the transceiver, establish a communications connection with a medical device advertising for synchronization, and transmit synchronization data to a medical device once a communication connection has been estabilshed. Numerous other aspects are disclosed.

Abstract: A system and method for a secure remote payments process and for generation of one-time only remote payment cards is presented. Use of the one-time payment (OTP) cards can use multi-factor authentication where one factor is a biometric technique. A process can include generating an OTP card number based on a first encryption algorithm, an expiry date, and a security code based on a second encryption algorithm. A purchase amount, and the OTP card information are decrypted by an issuer to approve payment for a remote payment, after which the OTP card is no longer valid.

Abstract: A shared communication system associates a plurality of owner profiles with the device and processes user interaction requests based on information included in the owner profiles. The communication system classifies incoming requests based on whether the results of a request should be personal to one user, shared among several users, or generic to all users, and processes requests according to the classification. In one embodiment, the user request is targeted at establishing a video call session between a user of the communication system and one or more other target recipient users of a communications system. The communication system determines which user to associate with the outgoing video call based on which user has the target recipient in an associated contacts list.

Abstract: A processing device in an illustrative embodiment includes a processor coupled to a memory and is configured to receive user credentials from a user device in conjunction with an access request, to apply one or more automated tests in order to determine one or more device identifiers of the user device, to generate a risk score for the access request based at least in part on the received user credentials and the one or more determined device identifiers, and to grant or deny the access request based at least in part on the risk score.

Abstract: An information processing system includes a first sound reception apparatus, a first server, and a second server. The first sound reception apparatus includes an input unit and a communication unit. The input unit receives an input password. The communication unit transmits the input password and identification information regarding the first sound reception apparatus. The second server includes a generation unit, a determination unit, and an information generation unit. The determination unit determines whether the input password and the generated password match. The information generation unit generates first association information on the basis of a result of the determination made by the determination unit.

Abstract: A computer security protection may be provided by dynamic computer system certification. User usage of a computer system may be monitored. Based on the monitoring a role of the user in the usage of the computer system is determined. A certification required for the role and whether the user has the certification sufficient for the role are determined. Responsive to determining that the user does not have the certification sufficient for the role, a certification process is initiated.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, to provide digital identification. One of these methods includes comparing the location of a requester of a digital identification to the location of an owner of the digital identification. The method also includes providing information about the digital identification to the requester based at least in part on determining that the requester and the owner are within a predetermined distance.

Abstract: A computer implemented method for controlling a device on a software defined network (SDN) in response to environmental data. The method comprises receiving environmental data. A master SDN controller is provided for controlling the SDN network. Control data is generated by the master SDN controller in response to the environmental data. A co-controller is generated by the master SDN controller containing the control data. The co-controller is dispatched to the device for residing thereon. The device is controlled in response to the control data.

Abstract: A verification information update method includes: receiving a first request message for binding to a smart device from a terminal device, the first request message carrying a universally unique identifier (UUID) of the smart device; determining a binding relationship between the UUID and a user identifier of the terminal device, and generating a session random number corresponding to the binding relationship; and generating a new verification number and a new verification password of the smart device based on the session random number. The technical solution of the present disclosure implement dynamic update of verification information during a session, thus increasing the difficulty in monitoring the verification information during update.

Abstract: A computer implemented method for controlling a software defined network (SDN). Comprising providing one or more voice-user interfaces which are configured for facilitating users controlling networked devices. Generating control data based on speech input received from users via the voice-user interfaces. Provising a master SDN controller for managing data flow control on the SDN network. The master SDN controller being operable to generate control data for the networked devices. Generating by the master SDN controller a plurality of discrete co-controllers each associated with a particular end user. Each SDN co-controller including at least one of control data and routing data for an associated networked device. Dispatching the SDN co-controller by the master SDN controller to the networked devices associated with the respective end users for controlling thereof. Installing the SDN co-controller on the networked devices.

Abstract: An emergency communication server is provided for collaboration of an emergency response. The server comprises a processing system including a processor. The processing system is configured to receive an input from an electronic device, the electronic device being operated by a member from an originating communication group, upon receipt of the input from the electronic device, generate a notification based on the received input and send the generated notification to at least one member in the originating communication group, determine one or more receiving communication groups for the received input, send the notification to at least one member in each of the determined one or more receiving communication groups, and enable the at least one member in each of the determined one or more receiving communication groups to communicate with one or more members of the originating communication group.

Abstract: Methods, apparatuses, and computer programs for increasing the efficiency of throughput in a communications network are disclosed. To maintain link throughput even when packet loss is detected, deep packet inspection data is used for determining whether to temporary elevate scheduling priority of a stream, and if the decision is to elevate, the scheduling priority of the stream is elevated temporarily. Thus, an example method includes detecting at an intermediate network node an incoming packet; determining deep packet inspection data from the packet; using the deep packet inspection data to determine whether to temporary elevate scheduling priority of the stream the packet belongs to; and causing, in response to determining to elevate scheduling priority of the stream, a temporary elevation of the scheduling priority of the stream.

Abstract: Disclosed are various approaches for relaying and caching authentication credentials. A single sign-on (SSO) token is received, the SSO token representing a user account authenticated with an identity manager. An authentication request is then sent to a service that is federated with the identity manager in response to receipt of the SSO token, the authentication request including the SSO token. An access token is received in response to the authentication request, the access token providing access to the service for the user account authenticated with the identity manager for a predefined period of time. The access token and a link between the access token and the SSO token are then cached.

Abstract: Disclosed herein is a technique for managing permissions associated with the control of a host device that are provided to a group of wireless devices. The host device is configured to pair with a first wireless device. In response to pairing with the first wireless device, the host device grants a first level of permissions for controlling the host device to the first wireless device. Subsequently, the host device can receive a second request from a second wireless device to pair with the host device. In response to pairing with the second wireless device, the host device can grant a second level of permissions for controlling the host device to second wireless device, where the second level of permissions is distinct from the first level of permissions.

Abstract: Temporary biometric templates for maintaining a user authenticated state are described herein. In some implementation, an electronic device receives an input to unlock using a first secure authentication technique to initiate a current unlock session. A temporary biometric template of a biometric feature of a user unlocking the electronic device is created effective to initiate a user authenticated state. The biometric feature of the user associated with the temporary biometric template is tracked during the current unlock session. The user authenticated state is maintained based on a comparison of the tracked biometric feature of the user with the biometric feature of the temporary biometric template. When the biometric feature of the user can no longer be tracked, the user authenticated state is terminated and the temporary biometric template is invalidated.

Abstract: A method for enhancing customer authentication and consent for finalizing an offer to a customer of a product and/or a service is provided. The method may include using a first receiver to receive an authentication request from an initiator. The authentication request may include a customer name and a customer phone number. The method may also include using a first processor to generate a pin number and transmit the pin number to the customer phone number. The pin number may include an identifier associated with the product and/or service. The method may further include using a second receiver, included in a mobile phone, to receive the pin number, and using a second processor, included on the mobile phone, to authenticate the pin number. The authentication may include verifying a match between the customer phone number and a mobile phone number associated with the mobile phone.

Abstract: Systems and methods for embodiments of a graph based artificial intelligence systems for identity management are disclosed. Embodiments of the identity management systems disclosed herein may utilize a network graph approach to analyzing identities or entitlements of a distributed networked enterprise computing environment. Specifically, in certain embodiments, an artificial intelligence based identity management systems may utilize the peer grouping of an identity graph (or peer grouping of portions or subgraphs thereof) to identify roles from peer groups or the like.

Abstract: A device-to-device (D2D) communication method is provided. According to an inventive concept, the method comprises, storing, by a first device, first authentication data including a hash chain, which is a sequential concatenation of hash values, and storing, by a second device, second authentication data including an initial hash value of the hash chain, transmitting, by the first device, a final hash value of the hash chain to the second device, determining, by the second device, whether authentication between the first and second devices has succeeded by repeatedly hashing the initial hash value stored in the second device until a hash value identical to the final hash value is returned, and if a determination is made that authentication between the first and second devices has succeeded, performing, by the first and second devices, a connection establishment process for establishing a connection between the first and second devices.

Abstract: The invention relates to method and apparatus for generating and applying a homepage ID number used as user identification of a user in a homepage system. The method includes obtaining a homepage ID number generation class; when the homepage ID number generation class is a user-type-based generation manner, obtaining a user type of a user, and searching for a matching first number segment according to the user type; receiving a second number segment input by the user, or displaying multiple second number segments for the user to select from and receiving a second number segment determined by the user; generating, according to the first number segment and the second number segment input or selected by the user, a homepage ID number for identifying user identity of the user.

Abstract: A method for controlling an electronic picture frame and corresponding devices. An electronic picture frame cloud platform is configured to verify account information of a mobile terminal after receiving a request for operating the electronic picture frame sent by the mobile terminal through the Internet protocol address of the electronic picture frame. It is configured to allow the mobile terminal to operate the electronic picture frame through the Internet protocol address of the electronic picture frame if the account information is verified to be the pre-stored account information bound to the Internet protocol address of the electronic picture frame; otherwise, it prohibits the mobile terminal to operate the electronic picture frame through the Internet protocol address of the electronic picture frame.

Abstract: A vehicle includes a controller, programmed to responsive to receiving a command from a non-customer party, send an authorization request based on the command and a predefined vehicle parameter to a server; and responsive to receiving a signed command from the server, execute the signed command.

Abstract: A method of recognizing a biological feature is provided. In an example, the method includes: first biological feature data is obtained; a first recognition operation is performed according to the first biological feature data and biological feature template data to obtain a first recognition result; when the first recognition result indicates a match failure, second biological feature data is obtained; and a re-recognition operation is performed according to the second biological feature data and the biological feature template data to obtain a second recognition result. The second biological feature data and the first biological feature data are collected by a same biological feature collector at different moments in a same biological feature recognition process.

Abstract: Authentication translation is disclosed. A request to access a resource is received at an authentication translator, as is an authentication input. The authentication input corresponds to at least one stored record. The stored record is associated at least with the resource. In response to the receiving, a previously stored credential associated with the resource is accessed. The credential is provided to the resource.

Abstract: Various methods and systems are provided for autonomous management for a managed service identity. A first token request, for a secret, is generated at a managed service. The secret supports authenticating the managed service for performing operations in a distributed computing environment. The first token request includes an identity identifier of the managed service. The first token request is communicated to a credentials manager which is associated with a secrets management service (“SMS”) that can be utilized to store, renew and distribute secrets in the distributed computing environment. Based on communicating the first token request to credentials manager, the token is received, via the credentials manager, from the secret token service. The token is received based in part on the credentials manager generating a second token request for the token and communicating the second token request and a secret associated with the managed service to the secret token service.

Abstract: Systems and methods for recording and communicating engine data are provided. One example embodiment is directed to a system for testing communications. The system includes an electronic engine controller. The system includes a wireless communication unit in communication with the electronic engine controller. The wireless communication unit includes one or more memory devices. The wireless communication unit includes one or more processors. The one or more processors are configured to provide a resource to a remote computing device. The one or more processors are configured to receive input from the remote computing device via the resource. The one or more processors are configured to cause a connectivity test to be performed in response to the received input. The one or more processors are configured to transmit a result of the connectivity test to the remote computing device.

Abstract: Various embodiments include a lamp control unit coupled to or part of one or more light emitting diode (LED) based lamps. The lamp control unit can receive, from a lamp commissioning application of a mobile device via a wireless protocol, one or more commissionable lighting parameters to configure light output of the LED based lamps. The lamp control unit can lock access to change the commissionable lighting parameters with a password. One or more operational lighting parameters of the lamp control unit can be adjusted via a control interface (e.g., an adjustable voltage dimmer) other than the wireless protocol. The lamp control unit can drive the LED-based lamps based on the operational lighting parameters and the commissionable lighting parameters.

Abstract: Systems and methods for providing services are disclosed. One aspect comprises authenticating a user associated with a first service, receiving a selection of a second service, generating an opaque identifier associated with the user and the first service, wherein the opaque identifier facilitates the anonymous collection of data relating to the second service. Another aspect can comprise transmitting the opaque identifier to the second service, and receiving data relating to the second service.

Abstract: A method performed by an enterprise search system to conduct an automated, computerized search for select operational attributes of a plurality of network devices is shown. The method comprises initiating the search via a user interface based on receipt of input information, which is used to form a query. The method then determines based on the query, one or more audits each specifying one or more tasks to be performed by at least a first network device to search for the select operational attributes. Subsequently, the method makes the one or more audits available to the first network device via a network, and receives, from the first network device, one or more responses to the query. The method may include generating one or more filter conditions to apply to results of executing the one or more tasks to yield the select operational attributes when included in the results.

Abstract: Access level and security group information can be updated for a data instance without having to take down or recycle the instance. A data instance created in a data environment will have at least one default security group. Permissions can be applied to the default security group to limit access via the data environment. A control security group can be created in a control environment and associated with the default security group. Permissions can be applied and updated with respect to the control security group without modifying the default security group, such that the data instance does not need to be recycled or otherwise made unavailable. Requests to perform actions with respect to the control security groups are made via the control environment, while allowing native access to the data via the data environment.

Abstract: Provided are a method and device for residing a short message verification code. This method includes: conducting keyword matching on a short message content using a regular expression; when the short message content contains a keyword, matching a verification code for the short message content using the regular expression, to acquire a matched verification code; and displaying the verification code on a current interface and displaying a pre-set time. This method can automatically extract a verification code in a short message and display a pre-set time on a current interface. Within this pre-set time, a user can fill in a verification code on a verification code interface according to the displayed verification code without the need for the user to remember the verification code and to frequently switch between a short message application and a current application as well.

Abstract: A method for creating a secure communication session between a user and an application server is provided. The method includes: providing a database associating a plurality of authorized user identifiers with a plurality of security credentials approved by the application server; assigning an IP address to the user; providing the serving gateway with the IP address and the user identifier of the user connected to the core network; checking whether the user identifier of the connected user to the core network is present in the database among the authorized user identifiers; forming a secure connection between the application server and the serving gateway using the security credential associated to the authorized user identifier of the user connected to the core network; and forwarding all packets from the application network addressed to the user via the secure connection to the user and vice versa.

Abstract: Methods and systems for creating a verifiable digital identity are provided. The method includes obtaining a first user-generated item comprising an identifiable feature. The method also includes digitally signing the first user-generated item to generate a secure digital artifact. The method also includes uploading the secure digital artifact and the first user-generated item to an auditable chain of a public ledger. The method also includes verifying a digital identity of the user by auditing the auditable chain. The method also includes obtaining a second user-generated item generated comprising the identifiable feature. The method also includes comparing the first and second user-generated items. The method also includes uploading the second user-generated item to the public ledger when the comparing is within a threshold.

Abstract: An authorization code response is transmitted to a client, and the client uses a parameter included in the authorization code response and a parameter included in the authorization code response transmitted by a transmitting unit to verify that the authorization code response corresponds to an authorization code request.

Abstract: According to the present invention, a method for delegating a login via PKI-based authentication for a login request of a user by using a smart contract and a blockchain database is provided.

Abstract: A method is used in managing passwords. A proposed new password is received. The proposed new password is associated with contextual information indicating a context in which the proposed password is to be used. A machine learning model is dynamically selected from a set of machine learning models based on the contextual information. A quality metric is derived from the proposed new password based on the selected machine learning model.

Abstract: A method for conducting monetary and financial transactions in an economy by treating amounts as collections of distinct individual, minimal, and indivisible units of account, each of which has a persistent identity and history throughout its lifecycle. A method is disclosed for conducting monetary transactions on the basis of appending the record of relationship between each individual unit of account and its respective owners throughout the lifecycle of the unit. Further, a method is disclosed for identifying the units in binary computer notation and assigning specific informational content to each unit by designating various sub-sections within the binary identifier of each unit to hold specific information and values relevant to the unit.

Abstract: A method for generating digital certificates for anonymous users in blockchain transactions includes: storing a blockchain comprised of a plurality of blocks, each block including a block header and transaction values, where each transaction value includes data related to a blockchain transaction including a sending address, recipient address, and transaction amount; receiving a certificate request from a computing device, the request including a user public key of a cryptographic key pair; identifying a subset of transaction values in the blockchain where the sending address or recipient address was generated using the user public key; determining a confidence level based on the data included in each transaction value included in the subset; generating a digital certificate based on the determined confidence level; and transmitting the generated digital certificate to the computing device.