Abstract: Systems and methods are disclosed for automatically predicting a risk score of a user login attempt by receiving a user login attempt and generating a login feature vector associated with the user login attempt. The systems and methods further train a machine learning technique to establish a relationship between the login feature vector and the risk score. The trained machine learning technique is applied to new user login attempts to predict a risk score associated with the login attempt and issue an authentication challenge to the user if the risk score exceeds a predetermined threshold value.

Abstract: Aspects of the disclosure relate to computing platforms that utilize improved mitigation analysis and policy management techniques to improve onboarding security. A computing platform may determine that a predetermined period of time has elapsed since finalizing an onboarding process. The computing platform may receive spot-check verification inputs indicative of a user identity and may direct a mitigation analysis and output generation platform to analyze the spot-check verification inputs. The computing platform may receive an indication of a correlation between the spot-check verification inputs and expected spot-check verification inputs. In response to determining that the correlation exceeds a predetermined threshold, the computing platform may determine that an additional verification test should be conducted, and may direct a mobile or other computing device to display an interface that prompts for additional onboarding verification inputs.

Abstract: A method of increasing security of access to online accounts, comprising resetting access credentials of one or more accounts of one or more online services of one or more users, by transmitting an access credentials reset request, intercepting one or more credentials reset messages transmitted via one or more correspondence channels associated with the one or more users, the one or more credentials reset messages comprise a credentials reset network address, and accessing the credentials reset network address to replace existing access credentials for the one or more accounts with increased security credentials. Wherein one or more automated access agents adapted to automatically login the one or more users into the one or more online services uses the increased security credentials to login to the one or more accounts.

Abstract: Provided herein are apparatus and methods for Wi-Fi network profile verification. An apparatus for a wireless communication device includes: a memory; and processor circuitry coupled with the memory, wherein the processor circuitry is to: encode a verification sequence in a probe request for transmission to an AP; decode, in response to the probe request, a probe response received from the AP to obtain a first verification result; determine a second verification result based on the verification sequence and a verification password (VP) obtained from the AP; and determine whether a verification for the AP is successful or not based on the first verification result and the second verification result, and wherein the memory is to store the VP. Other embodiments may also be disclosed and claimed.

Abstract: A contextual authentication method includes receiving a request to launch a web service and causing the web service to be launched on a remote browser. When a security event is detected, a security key obtained, based on a context of a client computing system, from a near-field communication (NFC) device connected to a mobile device. The security key is requested and received from the NFC device via the mobile device. The security key is delivered to the web service via the remote browser.

Abstract: A server is provided for managing access of an electronic entity to a communications network. The server includes a contact point in operable communication with the electronic entity. The contact point is configured to receive a network access granting request message from the electronic entity. The server further includes a processing module, configured to process the received network access granting request message, validate trust indicators contained within the network access granting request message, authorize access of the electronic entity to the network upon validation of the trust indicators, and transmit a response message to the electronic entity indicating a level of access to the network that has been authorized.

Abstract: There is provided mechanisms for attachment of a wireless device to an MNO. A method is performed by the wireless device. The method comprises providing an authorization token to an AMF node of the MNO in conjunction with authenticating with the AMF node. The method comprises completing attachment to the MNO upon successful validation of the authorization token by the AMF node.

Abstract: Embodiments described herein provide for system and methods to crowdsource the location of wireless devices and accessories that lack a connection to a wide area network. One embodiment provides for a data processing system configured to perform operations comprising loading a user interface on an electronic device, the user interface to enable the determination of a location of a wireless accessory that is associated with the electronic device, generating a set of public keys included within a signal broadcast by the wireless accessory, the signal broadcast during a first period, sending the set of public keys to a server with a request to return data that corresponds with a public key in the set of public keys, decrypting the location data using a private key associated with the public key, and processing the location data to determine a probable location for the wireless accessory.

Abstract: Various systems and methods of establishing and providing credential dependency information in RESTful transactions are described. In an example, accessing credential resource dependencies may be performed by a credential management service (CMS) or other server, with operations including: receiving a request for a credential resource in a Representation State Transfer (RESTful) communication; identifying the credential resource which has a credential path that indicates a dependency associated with a credential; identifying dependency characteristics of the credential resource, based on the dependency; populating the credential resource to include a dependent credential, based on the dependency characteristics; and transmitting the populated credential resource in response to the request.

Abstract: A communication apparatus capable of performing wireless communication with an external apparatus includes an acquisition unit configured to acquire a communication setting including an authentication method parameter for the wireless communication, and a conversion unit configured to convert, in a case where the authentication method parameter included in the communication setting acquired by the acquisition unit indicates that a first authentication method is usable and a second authentication method with a security strength higher than that of the first authentication method is not usable, the authentication method parameter into an authentication method parameter indicating that the first authentication method and the second authentication method are both usable.

Abstract: The present disclosure is related to a system that may include a first computing device and a second computing device. The first computing device may send a request for data that corresponds to a user. The second computing device may perform operations, including receiving the request for the data, retrieving the data from a database in response to receiving the request, and determining an identity of the user based on the data. The identity of the user may be stored in a header portion of the data. The operations may also include updating a ledger associated with the user to include an indication of the first computing device requesting the data and sending the data and the identity of the user to the first computing device.

Abstract: The present disclosure relates to a method for a user equipment, UE, which includes a mobile equipment, ME, and a subscriber identity module, SIM. The method comprises checking whether the ME and the SIM have a 5th generation, 5G, specific parameter or not, and sending, to a network node, a first message containing a first information element, IE, indicating whether the UE has a valid 5G specific parameter or not, so as to fetch a 5G specific parameter value from a unified data management, UDM.

Abstract: A system for preventing cross-site credential reuse includes: a plurality of secure services hosted on at least one server, each of the plurality of secure services having its own set of credentials; a central database for storing data relating to credentials associated with the plurality of secure services; whereby at least one of the plurality of secure services communicates with the central database to determine whether a credential is used across more than one of the plurality of secure services.

Abstract: A system for detecting phishing events is provided. A data receiver is configured to receive datasets representative of web traffic associated with access to or on-going usage of an application hosted on a server of a production environment by a user. Bait user credentials are generated and inserted into a malicious online resource. When the bait user credentials are used to access a secure online resource, a malicious interaction fingerprint dataset is generated for similarity analysis and classification.

Abstract: A system and method for biobehavioral identification may include a user device, a secure system/client device, and a server. The elements of the system work together to monitor the biologic features (e.g., fingerprints, pupils, or the like) and behavior (e.g., wake time, exercise time, location) to verify the authenticity of a user requesting access to a database and/or secure facility.

Abstract: Methods, systems, and devices for enterprise-wide management of disparate devices, applications, and users are described. A cloud-based central server may maintain an integrated hosted directory, which may allow user authentication, authorization, and management of information technology (IT) resources and/or user account information across device types, operating systems, and software-as-a-service (SaaS) and on-premises applications. User account information for multiple and separate customers may be managed from a single, central directory, and servers may be brought online to allow access to the directory according to system loading.

Abstract: Provided is a system for face authentication which can operate separately for individual providers of face authentication service in a stable and efficient manner. The system includes: face authentication machines; an administrator terminal; a face management server for storing face image data of registered users; and face matching servers, each configured to generate face feature amount data of a person to be verified from image data acquired from a camera of a face authentication machine and to perform a matching operation by comparing the face feature amount data of the person to be verified with that of registered users. Prior to face authentication, data of associations between face authentication machines and face matching servers entered by an administrator is transmitted from the administrator terminal to the face management server.

Abstract: An image forming apparatus that includes an image capturing unit capturing an image in front of the apparatus; a display displaying a screen; and a controller including one or more processors, the controller configured to function as: an acquisition unit acquiring a face image of a user from the image captured by the image capturing unit; an authentication unit authenticating, using the face image of the user acquired by the acquisition unit, the user who is within a first distance from the apparatus; a tracking unit tracking the user authenticated by the authentication unit; and a control unit causing the display to display a screen that is based on information corresponding to the user tracked by the tracking unit when the user has reached a position at a second distance from the apparatus, the second distance being shorter than the first distance.

Abstract: A contactless card with power harvesting unit is described. The power harvesting unit is configured to harvest power from near field communication radio wave fields and supply power to a memory, processor, and communication circuit of the contactless card. In some embodiments, the contactless card may also include a capacitor for smoothing out power deliver or a rechargeable battery. The contactless card is configured to establish two-way communication with a secondary device and to store and execute applets. In some embodiments, the contactless card is a payment card which contains information associated with a primary profile and a secondary profile. The secondary profile may be activated using two-way communication if the primary profile is deactivated due to fraudulent activity.

Abstract: Methods, systems, and storage media for multi-cloud data connections for white-labeled platforms are disclosed. Exemplary implementations may: receive an indication of a plurality of applications to be accessed; receive authentication information for the plurality of applications; establish a plurality of data connections to the plurality of applications, if authenticated with the authentication information; receive application data received from the plurality of data connections; normalize the application data to provide normalized data; generate a customizable feed with display parameters and displaying the normalized data according to the display parameters; and generate a visualization dashboard with visualization parameters and displaying the normalized data according to the visualization parameters.

Abstract: Provided is a system for face authentication which can operate separately for individual providers of face authentication service in a stable and efficient manner. The system includes: face authentication machines; an administrator terminal; a face management server for storing face image data of registered users; and face matching servers, each configured to generate face feature amount data of a person to be verified from image data acquired from a camera of a face authentication machine and to perform a matching operation by comparing the face feature amount data of the person to be verified with that of the registered users. Prior to face authentication, data of associations between face authentication machines and face matching servers entered by an administrator is transmitted from the administrator terminal to the face management server.

Abstract: Systems and methods for embodiments of a graph based artificial intelligence systems for identity management are disclosed. Embodiments of the identity management systems disclosed herein may utilize a network graph approach to analyzing identities or entitlements of a distributed networked enterprise computing environment. Specifically, in certain embodiments, an artificial intelligence based identity management systems may utilize the peer grouping of an identity graph (or peer grouping of portions or subgraphs thereof) to identify roles from peer groups or the like.

Abstract: Provided is a system for face authentication which can operate separately for individual providers of face authentication service in a stable and efficient manner. The system includes: face authentication machines; an administrator terminal; a face management server for storing face image data of registered users; and face matching servers, each configured to generate face feature amount data of a person to be verified from image data acquired from a camera of a face authentication machine and to perform a matching operation by comparing the face feature amount data of the person with that of the registered users. Prior to face authentication, data of associations between face authentication machines and face matching servers entered by an administrator is transmitted from the administrator terminal to the face management server.

Abstract: Provided are systems and methods for verifying an identity of a user based on a data mesh created from various sources of truth. In one example, a method may include establishing, via a host platform, a first and a authenticated communication channel between a host server of a user account and a host server of a second user account, retrieving, via the first and second authenticated communication channels, PII of the user from the first and second user accounts and combining the PII into a meshed data set, determining a difference between the PII within the meshed data set, and verify an identity of the user based on the determined difference between the PII within the meshed data set and transmitting the verification to a computer system.

Abstract: Cross-session acquisition of a verifiable credential. The first session includes generating a user secret known to the first session and to the user, and the generation of an encrypted identity token that includes claims about authentication of the user and the user secrete. In the second session, a second computing system uses the acquired identity token to get a verifiable credential. The user is prompted to prove knowledge of the user secret within the identity token. In response to successful proof of this knowledge and validation of the identity token, the issuer system issues a verifiable credential that relies upon one or more claims that were included within the identity token, and then provides the verifiable credential to the user.

Abstract: A method for data processing that includes receiving an indication of a configuration for a first action of a communication process flow that controls electronic communications between a tenant of a multi-tenant system and a first set of users associated with the tenant. The method further includes associating, within a storage location associated with the tenant, a unique identifier with metadata that defines the configuration. The method further includes receiving a request to apply the configuration to a second action of a communication process flow that controls electronic communications between the tenant and a second set of users associated with the tenant. The request may indicate the unique identifier associated with the metadata. The method further includes retrieving the metadata from the storage location using the unique identifier indicated by the request. The method further includes applying the configuration to the second action using the retrieved metadata.

Abstract: A method is described. The method includes adding privileges using discrete modular steps to an account based on a requested activity to be performed during a session. The method also includes logging the account into the session with the added privileges. The method further includes removing the privileges using discrete modular steps from the account after the session.

Abstract: Examples disclosed herein relate to security dominion of a computing device. A management controller of the computing device can access a physical owner token pertaining to a physical owner of the computing device. The management controller can access a security dominion owner token pertaining to a security dominion owner of the computing device. The security dominion owner token tracks accountability for a security feature of the computing device. A security dominion owner associated with the security dominion owner token is initially set to a first entity.

Abstract: A method for accessing a data repository by a service is described. The method includes requesting an authenticator for credentials using a role-based identity. The services receives, from the authenticator, temporary data repository access credentials that are based on the role-based identity. The temporary data repository access credentials are abstracted from the credentials. The service accesses the data repository using the temporary data repository access credentials.

Abstract: A rollover system is provided to facilitate transitioning of client devices in a shared account network environment, from an old password to a new replacement password. The switching of passwords may take place gradually during a rollout period for client devices without required downtime and reducing a risk of lockouts. During the rollover period, a prior salt is temporarily carried over to a new verifier for the replacement password. Two new verifiers are generated: a temporary new verifier using the old salt for verification during the rollover period and another new verifier using a different new salt for verification after the rollover period had expired. During the rollover period, authentication involves the use of the temporary new verifier with the old salt or by the old verifier and old salt of the prior password. After the rollover period, authentication is based on the new verifier with a new salt.

Abstract: Provided is a system for face authentication which can operate separately for individual providers of face authentication service in a stable and efficient manner. The system includes: face authentication machines; an administrator terminal; a face management server for storing face image data of registered users; and face matching servers, each configured to generate face feature amount data of a person to be verified from image data acquired from a camera of a face authentication machine and to perform a matching operation by comparing the face feature amount data of the person with that of the registered users. Prior to face authentication, data of associations between face authentication machines and face matching servers entered by an administrator is transmitted from the administrator terminal to the face management server.

Abstract: An example implementation may involve a media playback system detecting two or more playback devices of a given type. The implementation may further involve transmitting, to a particular playback device of the detected playback devices, an instruction that causes the particular playback device to emit a given sound. The implementation may also involve receiving an identification of the particular playback device and displaying, via a graphical interface, one or more prompts to join the particular playback device into the media playback system.

Abstract: A system and method for protecting secret data items using multiple layers of encryption with multiple encryption keys, a Secure Element, and a sandbox on an electronic device includes a secret data item manager. The secret data item manager encrypts secret data items using a hardware encryption key and the Secure Element. It encrypts the transient secret cipher data with an account encryption key to generate and store repository account cipher data. It further encrypts the account encryption key to generate and store the repository account key cipher data with a root encryption key. The manager also derives a secondary encryption key from a user account password, encrypts the root encryption key with the secondary key to generate the transient root encryption key, encrypts the transient root encryption key using the hardware key to generate the repository root encryption key cipher data, and stores repository root encryption key cipher data.

Abstract: A service providing system, an application usage method, and an information processing system. The service providing system receives from the terminal device, a request for registering a user to a second tenant in which the user can use the application, the request designating identification information of the user registered in the first tenant and identification information of the application, and registers the user and the application in the second tenant as a user who can use the application.

Abstract: An electronic device for face recognition is provided. The electronic device is used to exclude an ineligible object to be identified according to the relative relationship between object distances and image sizes, the image variation with time and/or the feature difference between images captured by different cameras to prevent the possibility of cracking the face recognition by using a photo or a video.

Abstract: An apparatus for traffic security processing in a slicing service of mobile edge computing according to an embodiment of the present invention includes: a plurality of security modules for analyzing a received packet to respectively execute security functions suitable for slicing security of mobile edge computing; a controller for managing a slicing security module list in the mobile edge computing; and a main security module for analyzing a received packet on the basis of the slicing security module list to determine a security function to be executed and priority of the security function to be executed, wherein the controller transmits the received packet to at least one corresponding security module among the plurality of security modules according to the priority of the security function to be executed, which is determined by the main security module.

Abstract: A method includes receiving from a user an SMS message request for a UAV-based agricultural service; in response to receiving the SMS message request, transmitting to the user one or more prompts with predefined response options; generating a UAV-based agricultural service work request based on responses from the user to the prompts that comprise selections of predefined responses; transmitting automated voice calls to a plurality of UAV operators requesting acceptance of the UAV-based agricultural service work request; in response to receiving an acceptance from an accepting UAV operator during a voice call, transmitting a one-time password to the accepting UAV operator; receiving an access request from the accepting UAV operator comprising the one-time password; and in accordance with a successful authentication based on the one-time password, associating the UAV-based agricultural service work request with the pre-establish account associated with the accepting UAV operator.

Abstract: Systems, methods, apparatuses, and computer program products for unified data repository selection and parameters that can be associated with such selection are provided. For example, a method can include identifying, by a network element, a capability of a repository to store data applicable to all user equipment devices in a network. The method can further include selecting, by the network element, the repository from a plurality of repositories based on the identified capability.

Abstract: An approach is disclosed on a blockchain platform for authenticating clients. A public and private key is created at a client device. The private key into is split two or more parts. The split private key part is split into to two or more client devices including a first client device and a remaining client devices. Signing to authenticate a challenge to login using a partial key part occurs at the first client device. The challenge is sent to the remaining client devices wherein the remaining client devices that sequentially sign using short range wireless network connection and respond back to the challenge to login without a password.

Abstract: Responsive to a user instruction or a security breach occurring in an enterprise computing environment, an emergency shutdown and restore module is adapted to obtain and evaluate an identity population definition to determine a population of identities (e.g., a forensic team) associated with accounts distributed across applications in the enterprise computing environment. The emergency shutdown and restore module is further adapted to determine source systems of such accounts and communicate with those source systems via source-specific connectors. The emergency shutdown and restore module can respectively request the source systems to shut down access to the applications by the accounts associated with the population of identities, or to exclude the accounts associated with the population of identities in shutting down access to the applications. After performing a security breach analysis, the emergency shutdown and restore module can request the source systems to restore access respectively.

Abstract: A method including receiving, by a user device, first validation data based at least in part on transmitting a first service request to receive a first network service; receiving, by the user device, the first network service by providing signed first validation data based at least in part on authenticating first biometric information; transmitting, by the user device while receiving the first service, a second service request to receive a second network service; receiving, by the user device, second validation data based at least in part on transmitting the second service request; and receiving, by the user device, the second network service by providing signed second validation data based at least in part on authenticating second biometric information is disclosed. Various other aspects are contemplated.

Abstract: Customers at a premises attempting to connect a new wireless device, such as a mobile phone or tablet to an available wireless network (Wi-Fi), receive network login information such as an Wi-Fi SSID (service set identification) and Password through a system generated equivalent QR code that can then be scanned to automatically connect to the Wi-Fi network. The system receives a request for Wi-Fi settings at a premises, identifies customer equipment associated with the premises, identifies an Wi-Fi SSID (Service Set Identification) and password associated with the customer equipment, generates a QR (Quick Response) code representing the Wi-Fi SSID and password, sends the QR code to one or more devices associated with the premises for display and subsequent scanning at the premises.

Abstract: The present teaching relates to method, system, medium, and implementations for authenticating a user. A first request is received to set up authentication information with respect to a user, wherein the first request specifies a type of information to be used for future authentication of the user. It is determined whether the type of information related to the user poses risks based on a reverse information search result. The type of information for being used for future authentication of the user is rejected when the type of information is determined to pose risks.

Abstract: A telecommunications network server system provides a digital identifier to a user device. The digital identifier may include identification data corresponding to a user of the user device. In addition, the telecommunications network server system receives, from one or more third-party systems, requests to authenticate the user for an electronic transaction with the respective third-party system. The telecommunications network server system provides a unique electronic transaction code to each third-party system. Responsive to receiving from the user device one of the unique electronic transaction codes, the telecommunications network server system provides, to the respective third-party system, authentication of the user.

Abstract: Systems and methods for providing identity verification services to users by providing a staking mechanism to incentivize participants in an identity verification system to be truthful and accurate and determining validator accuracy and associated setting of fees for using validator attestations to create an efficient, private and secure system.

Abstract: Embodiments described herein provide a system for facilitating dynamic content distribution in an enterprise environment. During operation, the system determines a set of logical groups based on a set of grouping criteria. A respective logical group can include one or more devices managed by a controller and a network that provides connections among the one or more devices. The system categorizes the set of logical groups based on exogenous information associated with a respective logical group and determines a corresponding condition of measurement for a respective category of links in the enterprise environment. The system then schedules a link for measurement based on the condition of measurement and the categorization of the set of logical groups.

Abstract: A method for pervasive resource identification includes receiving an authentication request from a first application service. The authentication request requests authentication of a user of a user device. The method includes obtaining device information associated with the user device of the user and generating a unique opaque identifier for the user device based on the device information. The method includes obtaining authentication credentials from the user device. The authentication credentials verify an identity of the user. In response to receiving the authentication credentials from the user device, the method includes generating an authentication token and encoding the unique opaque identifier into the authentication token. The method also includes transmitting the authentication token to the first application service.

Abstract: The present disclosure describes systems and methods for augmented reality inventory tracking and analysis that identifies devices based on a combination of features, retrieves a configuration or other characteristics of the selected device and presents the configuration as a rendered overlay on a live image from the camera.

Abstract: Systems and methods for linking an authentication account to a device may include processor(s) to maintain a plurality of authentication profiles, each authentication profile corresponding to a respective user and including at least one profile image, an immutable identifier, and authentication data used to authenticate the respective user. The processor(s) may receive a request including the device key, an immutable identifier, and a biometric image captured by a camera of a client device. The processor(s) may identify a subset of authentication profiles having respective immutable identifiers that match the immutable identifier from the request. The processor(s) may compare feature(s) extracted from the biometric image of the request to features extracted from the a profile image of the subset of authentication profiles, and link the device key of the client device with an authentication profile in a data structure to register the client device with the authentication server.

Abstract: Systems and methods for improved security authentication are disclosed. In some embodiments, an improved system for security authentication may include a plurality of computing devices, and a server system communicatively coupled to the plurality of computing devices. The server system may be configured to receive a request for security authentication, determine an authorization providing computing device from among the plurality of computer devices based on authentication preferences stored in a database communicatively coupled to the server system, generate and transmit authentication information to the determined authorization providing computing device, receive, from an initiating computing device an authentication input, determine whether the received authentication input matches the transmitted authentication information, and complete the request for security authentication when the received authentication input matches the generated and transmitted authentication information.