Abstract: A system and method for monitoring operating conditions of an industrial installation system including a plurality industrial assets. A plurality of transponders or beacons is located in a facility or location, where each of the transponders defines a zone in which some of the industrial assets are located. One or more mobile devices is configured to identify assets located within one or more of the zones to provide information to a data acquisition and processing system, which monitors the operating conditions of each of the industrial assets. Each of the one or more mobile devices is authorized depending on a location within the facility, the identity of a user, or based on a time of day. Industrial assets that require support, such as maintenance or replacement, are identified. Authorized mobile devices are configured to transmit information to and to receive information from the data acquisition and processing system.

Abstract: Systems and methods for changing database passwords are described. A first server computing system receives an indication to perform a password change process for an administrative account of an associated database. The server generates a vault configured to store a password change status and a password secret associated with the account. The server sets the password change status to a first value to indicate that the server is performing the password change process and then performs the password change process for the account. The server then sets the password change status to a second value to enable a second server computing system to perform a second password change process for a second administrative account of a database associated with the second server system. The database associated with the second server computing system is a standby database of the database associated with the first server system.

Abstract: A system that incorporates teachings of the subject disclosure may include, for example, a method for detecting, by a first device including a least one processor and a first Universal Integrated Circuit Card (UICC), a second device having a second UICC, detecting, by the first device, that the second UICC is unprovisioned, selecting, by the first device, one of a plurality of selectable options, where the selection identifies a first Mobile Network Operator (MNO) selected from a plurality of MNOs, receiving, by the first device, first credential information of the first MNO, and transmitting, by the first device, to the second device the first credential information for enabling the second device to facilitate establishment of communication services with network equipment of the first MNO according to the first credential information. Other embodiments are disclosed.

Abstract: Technologies are disclosed herein for resource tagging, grouping and associated functionality. A resource tagging service allows resource tags to be created and associated with computing resources in a service provider network. The resource tags can be utilized to search, collect, filter, organize and otherwise manage computing resources in the service provider network having matching tags, and/or to perform other types of functionality. A resource groups service allows customers and/or other users of the service provider network to view and access collections of computing resources that share common resource tags and/or other attributes. Resource groups can also be evaluated in order to identify computing resources in a service provider network for which certain types of actions or other functionality is to be performed. Membership of resource groups can also be evaluated over time and inferences can be drawn from the membership and from operational information associated with the member computing resources.

Abstract: A directional display apparatus including a directional display device that is capable of directing a displayed image into a viewing window of variable width is provided with a privacy control function. A control system detects the presence of one or more secondary viewers in addition to a primary viewer, and decides whether the one or more secondary viewers is permitted to view the displayed image. The control system directs a displayed image into a viewing window which is adjusted, for example by decreasing the width, in dependence on that detection. In addition, the control system detects relative movement between the primary viewer and the display device, and the width of the viewing window is increased in response to detection of said relative movement.

Abstract: The present disclosure relates to a platform that manages activity taken with respect to cloud-based software services. The platform manages data objects processed by software services and/or those entities that initiate processing events. The platform uses various identifiers such as, for example, a persistence identifier (PID) to track processing events. The platform implements rules and/or permissions related to the managed data objects and/or managed entities to determine whether processing events are in compliance. The platform may update database records, send alerts, send data graphs, or provide a real-time stream related to the managed data objects and/or managed entities.

Abstract: A mobile device is provided that allows a user to generate and present a unique code/token to a service provider for customer identity validation. The service provider may use the unique code/token to retrieve or verify identity information/documents from a central depository to validate the identity of the customer to meet a Know-Your-Customer (KYC), or other identification requirements. The central depository or a central database may facilitate customer identity validation from multiple participants. Information related to proofs of customer identity may be collected and aggregated from multiple verification points and may be used to provide customer identity validation. As such, customers do not have to provide the same proofs of identity again when registering with a new service provider.

Abstract: A system for providing a user with access to different services of at least one service provider in a network considering privacy and security via a user-related unique digital identifier (D-ID). The system includes: a D-ID middleware; and a D-ID-agent. The D-ID agent is at least partly run on a terminal device of a user and is configured to: generate the D-ID, at least one pseudonym for the user, and a user-defined and pseudonym-specific number of secrets; compute, using the number of secrets and a cryptographic hash function, a root value of a pseudonym-specific Merkle-tree having the secrets as its leafs; transmit the at least one pseudonym and the corresponding root value, both encrypted, to the D-ID middleware; and use a secret of the number of secrets as needed to access a desired service of the different services of the at least one service provider.

Abstract: A system includes one or more memory devices storing instructions, and one or more processors configured to execute the instructions to perform the steps of a method for providing a credentialless login for a user. The system may receive a request for credentialless login from a user of a mobile computing device. The system may then receive an authentication of a user accessing a software application running on a mobile computing device. Responsive to the receipt of the authentication, the system may generate a random one-time passcode associated with an account of the authenticated user and transmit the passcode to the mobile computing device for display to the user. The system may then receive the passcode from a second computing device and responsive to verifying the validity of the access code, grant the second computing device access to the account of the user.

Abstract: An application service system receives, from a merchant service system, an application program code comprising identifying information. The identifying information is extracted and the application is distributed for operation on a user device. A user interacts with the application, creating an access request that is transmitted to the application service system along with the extracted identifying information. The application service system transmits an access token to the user device comprising the received identifying information. The user device transmits the access token with a service request to the application service system. The application service system compares the identifying information from the access token to the identifying information extracted from the application program code received from the merchant services system. If the identifying information matches, the service request is processed.

Abstract: Systems and methods for managing provisioning of keys prior to a key rotation are provided. A license server generates a license that is associated with a renewal time. The renewal time is a time that is prior to a key rotation time, and triggers a receiver device to send a renewal request prior to the key rotation time. The renewal time may be a randomized time prior to the key rotation time that differs for different receiver devices. The license is transmitted to the receiver device. The license server then receives a renewal request from the receiver device that is triggered at the renewal time. The license server generates a next license that comprises a next key, whereby the next key is a decryption key for decrypting the encrypted signal after the key rotation time. The next license is transmitted to the receiver device prior to the key rotation time.

Abstract: An app of a mobile device registers the mobile device for a remote credential server (RCS) and receives a device token. When a credential for a remote asset is supplied on the mobile device it is routed to the RCS and stored external to the mobile device but referenced on the mobile device via an asset token. When the credential is needed, the device token and the asset token permit the RCS to authenticate and return the credential to or on behalf of the mobile device so that the mobile device can authenticate to and access the remote asset.

Abstract: An apparatus for use as a single sign on entity (100) for controlling access to one or more devices (104a-d) in a computer network, the devices accessible with a device access password; the apparatus comprises a password generator configured to generate current and future device access passwords, a back-up controller configured to store a back-up comprising the current and future device access passwords at the time of the back-up in a memory, a password changer configured to change the current device password to one of the future device access passwords and to control a transmitter to transmit data implementing the change to the device, wherein the back-up controller is configured to restore the device access password from the backed-up future device access passwords, losing the current device access password.

Abstract: A method, computer program product, and computer system for creating a dynamic directory of objects. A request to modify a dynamic directory of a plurality of objects is received. Each of the plurality of objects is associated with one or more attribute-value pairs. One or more first object attribute-value pairs is determined for a first object. The dynamic directory is searched for the one or more first object attribute-value pairs. A first attribute-value pair is identified from the one or more first object attribute-value pairs. The first attribute-value pair is different than the one or more attribute-value pairs associated with the plurality of objects. The dynamic directory is modified based on the first attribute-value pair. Modifying the dynamic directory includes at least one of adding the first object to the dynamic directory, deleting the first object from the dynamic directory, and modifying an attribute-value pair of the first object.

Abstract: Multiple profiles are received in association with a first user account in an asynchronous messaging system. One or more of the profiles are associated with other user accounts. The associated profiles are transmitted to user clients associated with the other user accounts for storage as a local copy. The association may include inclusion in a contact list of the first user, or a contact list of the other users. The associated profiles are transmitted when messages are sent from the first account to the other user clients, or the profiles are created or updated. A public profile may include a version identifier which is updated when the public profile is updated. Updates to local copies of the public profile at other user clients may occur only when a local copy of the associated version identifier indicates that the local profile is outdated, thereby reducing network traffic.

Abstract: A configuration management device for vendor-independent network device configuration includes a network interface unit for communicating with network devices over a communications network and a data storage unit. The network interface unit can include a unified device network interface and a device-specific driver unit, where the unified device network interface can: retrieve a device profile; to identify a network device which belongs to a network device type corresponding to the device profile; retrieve information on a device-specific configuration protocol to be used during configuration of the network device; and download values for the vendor-independent configuration parameters to the network device.

Abstract: The disclosed embodiments relate to a system that facilitates making a copy of a profile store while the profile store is being updated. During operation, the system retrieves profiles from a profile snapshot queue, wherein the profile snapshot queue is periodically populated by accessing each profile in the profile store, and recording a snapshot of each accessed profile in the profile snapshot queue. The system then stores the profiles retrieved from the profile snapshot queue into the copy of the profile store. Next, the system retrieves updates to profiles from a live update queue, which contains a sequential list of updates to profiles in the profile store, wherein the updates are retrieved starting with a first update that occurred after the process of sequentially accessing the profiles was commenced up to a most recent update. Finally, the system uses the retrieved updates to update corresponding profiles in the copy of the profile store.

Abstract: A method and is provided for obtaining a vetted certificate for a microservice in an elastic cloud environment. The microservice receives a one-time authentication credential. The microservice utilizes the one-time authentication credential to obtain a client secret. The microservice obtains an access token and CSR (Certificate Signing Request) attributes using the client secret and constructs a CSR utilizing the CSR attributes. The microservice requests a vetted certificate from a Certificate Authority (CA) and includes the access token and the CSR in the request. If the access token and the CSR pass vetting at the CA, the CA sends a vetted certificate to the microservice.

Abstract: Technologies for depth-based user authentication include a mobile computing device to display a login image including a depth channel on a display of the mobile computing device. The mobile computing device determines a selection of a plurality of objects of the login image made by a user of the mobile computing device, generates a user-selected password based on a relative depth of each object of the plurality of objects selected by the user, and permits access to the mobile computing device in response to a determination that the user-selected password matches a device login password.

Abstract: In accordance with embodiments of the present disclosure, an information handling system may include a processor, a directory service application comprising a program of instructions embodied in computer-readable media accessible to the processor, the directory service application configured to enumerate a plurality of management controller categories for management controllers of a plurality of information handling systems communicatively coupled to one another via a network and create a directory service device object for each of the plurality of management controller categories.

Abstract: A complex authentication method includes identifying a user based on at least one image of a face image and a fingerprint image; identifying a first pattern associated with at least one of a feature point extracted from the face image and a first input to a display of an electronic device; and performing an operation assigned to the identified user and the identified first pattern.

Abstract: A management server, a service server, and a plurality of user terminals are connected to each other via a network so as to be capable of transmitting and receiving data. The management server includes a user information storage unit that stores user identification information for identifying users belonging to a group, and an identification information notification processor that, each time a service to be provided to the users of the group is newly added, transmits the user identification information of the plurality of users belonging to the group to the service server by cryptographic communication, corresponding to the newly added service. The service server includes a service information storage unit for storing the user identification information of the plurality of users corresponding to the service, received from the identification information notification processor.

Abstract: An electronic device includes a biometric sensor, such as a fingerprint sensor, that identifies biometric input received at the biometric sensor. One or more processors operable with the biometric sensor identify one or more companion devices operating within a wireless communication radius of the electronic device. Where multiple companion devices are within the wireless communication radius, a user can make a selection of one or more of them. One or more gesture sensors identify a predefined gesture input, such as a key turn simulation. A wireless communication circuit responsive to the one or more processors, delivers an actuation credential to at least one companion device to control the companion device.

Abstract: Systems and methods for providing services are disclosed. One aspect comprises authenticating a user associated with a first service, receiving a selection of a second service, generating an opaque identifier associated with the user and the first service, wherein the opaque identifier facilitates the anonymous collection of data relating to the second service. Another aspect can comprise transmitting the opaque identifier to the second service, and receiving data relating to the second service.

Abstract: This application discloses a method implemented at a server to facilitate secure offline transactions. The server receives, from a client device, an authorization request that includes a user identifier, first financial account information and a secure code. The server authenticates the authorization request, and sends a first transaction approval to the client device. Then, in accordance with the information received in the authorization request, the server facilitates a secure transaction between the client device and a point-of-sale (POS) machine while the client device is offline. Specifically, the server receives, from the POS machine, a transaction request that includes at least the user identifier and the security code. The server retrieves the first financial account information from a memory according to the user identifier and the security code, performs a transaction operation associated with the first financial account information, and sends a second transaction approval to the POS machine.

Abstract: A method of obtaining a virtual SIM for a mobile device comprises sending, to a TTA for authentication, a request for a virtual SIM for a mobile device associated with the TTA. The authenticated request is sent from the mobile device to an NRS application (or to a combined NRS/PCSS application). The mobile device subsequently receives information identifying a PCSS application (or a combined NRS/PCSS application) in a computing environment that provides a virtual SIM for the mobile device.

Abstract: Authentication methods for recognition of a candidate person. During authentication, a previously stored enrollment image is presented on a display to a candidate person. The candidate person is instructed to present a reproduced image of the same scene and/or object to a camera while holding the camera (mobile camera for example) unsupported in free space with respect to the viewed scene or object. Alternatively the candidate person can hold the object unsupported in free space with respect the camera. Using the camera, a candidate image of the viewed scene or object is captured and presented with the previously stored enrollment image. The candidate person aligns the candidate image with the previously stored enrollment image. Upon alignment, the candidate image is verified as an authentic image of the user and the candidate person is authenticated as the user previously enrolled.

Abstract: Embodiments of a mobile device and method for secure on-line sign-up and provisioning of credentials for Wi-Fi hotspots are generally described herein. In some embodiments, the mobile device may be configured to establish a transport-layer security (TLS) session with a sign-up server through a Wi-Fi Hotspot to receive a certificate of the sign-up server. When the certificate is validated, the mobile device may be configured to exchange device management messages with the sign-up server to sign-up for a Wi-Fi subscription and provisioning of credentials, and retrieve a subscription management object (MO) that includes a reference to the provisioned credentials for storage in a device management tree. The credentials are transferred/provisioned securely to the mobile device. In some embodiments, an OMA-DM protocol may be used.

Abstract: An identification system that may be used in heterogeneous computing environments provides a fail-free path to providing identifiers from a single canonical namespace. Objects or gateways requiring an identifier for access are accessed using an identifier for the canonical namespace. If an entity requests access using an identifier from another namespace, an external database is consulted to determine if a mapping exists for the identifier to another identifier the canonical namespace. If no mapping exists, or the external database is unavailable, then an identifier is automatically generated in the canonical namespace and is used for the access. An internal database is updated with the automatically generated identifier, providing a mechanism to add mappings without administrative intervention. To access resources requiring an identifier from another particular namespace, a canonical namespace identifier may be mapped to another identifier in the particular namespace, or a generic identifier may be used.

Abstract: Provided are techniques for populating a new text index. In response to determining that a limit for indexing a set of documents to the new text index has been reached, a commit is performed, a restart key is updated to identify a next document to be indexed, and the next document is indexed in a next commit cycle.

Abstract: Methods and systems related to provisioning a secure connection are disclosed. One disclosed method includes storing a device secret on a secure element in a first device, storing a mapping from the device secret to a device identifier of the first device on a cloud architecture, generating a pairing key using a first connection protocol key generator on the secure element and the device secret, and generating the pairing key using a second connection protocol key generator on the cloud architecture and the device secret. The method also includes transmitting the pairing key from the cloud architecture to a second device in response to receiving the device identifier, mutually authenticating the first and second device using the pairing key, and adding the secure connection to the inter-device connection using the pairing key as stored on the first device and as stored on the second device.

Abstract: Methods and systems for creating a verifiable digital identity are provided. The method includes verifying a device belongs to a user. The method also includes tying the device to a private key. The method also includes obtaining a first user-generated item comprising an identifiable feature. The method also includes digitally signing the first user-generated item to generate a secure digital artifact. The method also includes uploading the secure digital artifact and the first user-generated item to an auditable chain of a public ledger. The method also includes verifying a digital identity of the user by auditing the auditable chain. The method also includes obtaining a second user-generated item generated comprising the identifiable feature. The method also includes comparing the first and second user-generated items. The method also includes uploading the second user-generated item to the public ledger when the comparing is within a threshold.

Abstract: Provided are techniques for populating a new text index. In response to determining that a limit for indexing a set of documents to the new text index has been reached, a commit is performed, a restart key is updated to identify a next document to be indexed, and the next document is indexed in a next commit cycle.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving, from a computer system, a request comprising a phone number, identifying a primary channel and one or more secondary channels based on, at least in part, respective performance data of the primary and secondary channels, sending a first message comprising a first text string via the primary channel to a destination device associated with the phone number, after sending the first message, determining that a conversion event for the message and the primary channel did not occur within a specified time period, and based on the determining, sending a second message comprising the first text string via a particular secondary channel to the destination device.

Abstract: Managing user accounts on a shared computing device to maintain at least one of system resources or performance. The method includes identifying one or more desired triggers indicating that that one or more user accounts should be deleted from the shared computing device to comply with a predetermined resource target. The method further includes, as a result of the one or more triggers, deleting user accounts to attempt to comply with the predetermined resource target.

Abstract: Techniques are described for improving the boot performance of an operating system (OS) used to launch a virtual machine. In embodiments, a request is received that identifies an OS image and that includes information indicative of when a boot-up process of the OS is complete. A boot-up process of the OS is then performed until complete, as indicated by the information, which includes loading a portion of the OS image from a virtual hard drive. During performance of the process, data is obtained that identifies logical units in the virtual hard drive that are accessed to obtain the portion of the OS image. A copy of the virtual hard drive that include the OS image and the data is then stored so that it can be used to facilitate launching a virtual machine through selective pre-fetching of only the identified logical units from the copy of the virtual hard drive.

Abstract: The present invention relates to a method and an apparatus for employing an embedded subscriber identity module (hereinafter referred to as eSIM) to apply a policy such as a subsidy policy to, activate, deactivate, add to, update, and delete a user profile in a mobile communications network. The present invention enables a mobile device to determine whether to host the policy of a new service provider when it changes the present service provider or to perform a lock for prohibiting the policy change, and to change the profile related to the determination. The present invention also enables a mobile device to replace the policy related to the service provider by applying the policy, or to employ eSIM so as to activate, deactivate, revise, add, or delete the rules of the policy related to the service provider.

Abstract: An electronic device is provided. The electronic device includes at least one processor and an embedded universal integrated circuit card (eUICC) configured to be electrically connected with the at least one processor. The at least one processor is configured to implement a management module configured to manage a profile stored in the eUICC. The management module is configured to, when there is an enabled profile in the eUICC, perform a communication function based on the enabled profile and, when there is no the enabled profile in the eUICC, disable at least one of a periodic eUICC verification function and a network search function.

Abstract: A system, apparatus, method, and machine readable medium are described for performing advanced authentication techniques and associated applications. For example, one embodiment of a method comprises: receiving a policy identifying a set of acceptable authentication capabilities; determining a set of client authentication capabilities; and filtering the set of acceptable authentication capabilities based on the determined set of client authentication capabilities to arrive at a filtered set of one or more authentication capabilities for authenticating a user of the client.

Abstract: A communication system includes a first communication device that determines, using identification information on a frame, whether to receive the frame, and a second communication device that belongs to a network identical to the first communication device. A report frame includes a detection of an attack on the network and target identification information that is identification information included in a frame used to perform the attack. When the first communication device receives a report frame from the second communication device, the first communication device sets the frame including the target identification information to be an authentication processing target. Upon transmitting a transmission frame set to be the authentication processing target, the first communication device transmits authentication information generated from the transmission frame along with the transmission frame.

Abstract: Systems and methods are described for delegating permissions to enable account access to entities not directly associated with the account. The systems determine a delegation profile associated with a secured account of at least one customer. The delegation profile includes a name, a validation policy that specifies principals which may be external to the account and which are permitted to assume the delegation profile, and an authorization policy that indicates the permitted actions within the account for those principals which are acting within the delegation profile. Once the delegation profile is created, it can be provided to external principals or services. These external principals or services can use the delegation profile to obtain credentials for performing various actions in the account using the credentials of the delegation profile.

Abstract: Method and device for managing cloud computing resources with an external account, the resources being associated with one or more internal main accounts. The method includes verifying an identity of the external account via a server, determining, if the identity of the external account is verified, whether a virtual sub-account is bound to the external account, the virtual sub-account being subordinate to an internal main account of the one or more internal main accounts, and allowing, if it is determined that the virtual sub-account is bound to the external account, the external account to manage the resources associated with the internal main account based on pre-configured rights of the virtual sub-account.

Abstract: Examples of techniques for sequential object set passwords are disclosed. In one example implementation according to aspects of the present disclosure, a computer-implemented method may include receiving, at a user device, a first object set; transmitting, to a processing device, a first rearranged object set that represents the first object set rearranged into a first sequential order by the user; and responsive to the first rearranged object set matching a first known sequential object set, receiving, at the user device, a second object set.

Abstract: Managed identity federation provides numerous options for authentication to access one or more services. A user authenticates with an identity verification provider and provides proof of authentication to a service of a service provider. The service of the service provider is configured to verify the user's identity using a centrally managed identity provider configuration. This configuration is distributed without intervention of the service's administrators. This centrally-managed configuration allows a variety of enterprise and third-party services to utilize the service provider's billing, security, and other administrative services.

Abstract: Systems and methods permit secure and convenient provisional account creation for use in conducting payment transactions. The provisional account does not include sensitive data, thereby mitigating risk to a consumer's financial account if the provisional account were compromised. In one embodiment, a computing device associated with a financial service provider receives customer and customer device information. The provider computing device performs a verification analysis and a fingerprint analysis to authenticate the customer's identity and the customer device authenticity. The provider device also receives an access request message seeking authorization for an identity management service (“IdM”) to interface with the provider device. The provider device generates an access decision message indicating an approval or disapproval of an authorization request.

Abstract: An apparatus for user authentication based on tracked activity includes an activity tracker module, a challenge module, and an authentication module. The activity tracker module is configured to electronically track one or more activities of a user. Electronically tracking the one or more activities includes obtaining information about at least one activity from an electronic device of the user. The challenge module is configured to present an authentication challenge to the user via a user interface for the electronic device. The authentication challenge is based on the one or more electronically tracked activities for the user. The authentication module is configured to determine whether to authenticate the user for access to one or more resources via the electronic device, based on the user's response to the authentication challenge.

Abstract: A digital credential is generated for a user device. The digital credential is transmitted to the user device via an optical wireless communication access point (OWC AP). The user device is located in a coverage area of the OWC AP. The digital credential is provided to a wireless local area network (WLAN AP) associated with the OWC AP for authentication of a request from the user device to access the WLAN.

Abstract: A system for facilitating personal information exchange includes a first computer peripheral device comprising a first near field communication system. A second computer peripheral device includes a second near field communication system. The first near field communication system is communicatively coupled to the second near field communication system. A web server is communicatively coupled to the first computer peripheral device and the second computer peripheral device. The web server is configured to receive personal information from the first computer peripheral device and the second computer peripheral device into a database. The near field communication between the first computer peripheral device and the second computer peripheral device results in sharing the information in the database.

Abstract: A first device may obtain a session time record that includes information relating to a secure session. The session time record may include a content identifier and a device identifier that is associated with a second device. The content identifier may be associated with content to be provided via a secure session and via the second device. The content may be associated with a sponsored data campaign. The first device may obtain, from the second device, data usage information identifying an amount of data provided via the second device and in association with the secure session. The first device may determine information identifying a party responsible for the amount of data provided in association with the secure session based on the session time record and based on the data usage information. The first device may store or provide the information identifying the party responsible for the amount of data.

Abstract: An information processing apparatus includes processors and memories to store a plurality of instructions which cause the processors to store, in the memories, usage authority information associating, for each of users, user information identifying the user with authority information. The authority information associates, for each of image forming apparatuses, device information identifying the image forming apparatus with function information indicating function of the image forming apparatus allowed to be executed or restricted from being executed.