Abstract: Devices, computer-readable media, and methods for changing the state of a network-connected device in response to at least one facial gesture of a user are disclosed. For example, a processing system including at least one processor captures images of a face of a user, detects at least one facial gesture of the user from the images, determines an intention to change a state of a network-connected device from the at least one facial gesture, generates a command for the network-connected device in accordance with the intention, and outputs the command to cause the state of the network-connected device to change.

Abstract: A rollover system is provided to facilitate transitioning of client devices in a shared account network environment, from an old password to a new replacement password. The switching of passwords may take place gradually during a rollout period for client devices without required downtime and reducing a risk of lockouts. During the rollover period, a prior salt is temporarily carried over to a new verifier for the replacement password. Two new verifiers are generated: a temporary new verifier using the old salt for verification during the rollover period and another new verifier using a different new salt for verification after the rollover period had expired. During the rollover period, authentication involves the use of the temporary new verifier with the old salt or by the old verifier and old salt of the prior password. After the rollover period, authentication is based on the new verifier with a new salt.

Abstract: An on-vehicle communication system includes: a plurality of function units; and one or a plurality of switch devices, each switch device being configured to perform a relay process of relaying communication data between the function units. When unauthorized communication by a function unit has been detected, the switch device performs a validation process of validating a function unit other than an unauthorized-communication function unit that is the function unit for which the unauthorized communication has been detected.

Abstract: A method, computer system, and a computer program product for assessing a likelihood of success associated with developing at least one machine learning (ML) solution is provided. The present invention may include generating a set of questions based on a set of raw training data. The present invention may also include computing a feasibility score based on an answer corresponding with each question from the generated set of questions. The present invention may then include, in response to determining that the computed feasibility score satisfies a threshold, computing a level of effort associated with developing the at least one ML solution to address a problem. The present invention may further include presenting, to a user, a plurality of results associated with assessing the likelihood of success of the at least one ML solution.

Abstract: A first IoT device includes a memory, a transceiver, bloom filter evaluation, false positive comparison and control modules. The memory stores: a bloom filter set including an array of bits representing entries in a certificate revocation list; and a false positive set including a list of certificate entries falsely identified as being revoked. The transceiver receives from a second IoT device a message including a certificate. The bloom filter evaluation module receives the bloom filter set from a back office station and determines whether an identifier associated with the certificate is in the bloom filter set. The false positive comparison module receives the false positive set from the back office station and determines whether the identifier is in the false positive set. The control module permits communication between the first and second IoT devices based on whether the identifier is in the bloom filter and false positive sets.

Abstract: The presentation of a verifiable credential that is represented within a data structure that represents the verifiable credential as well as usage data of the verifiable credential. The usage of the verifiable credential is monitored, such that as usage of the verifiable credential changes or progresses, the stored usage data also changes. This data structure may be used to not only cause visual representations of the verifiable credential to be displayed to the user, but the user can selectively cause at least some of that usage data to also be presented to the user. Thus, the user can easily keep track of how their verifiable credential is being used, regardless of where or from which device the verifiable credential is presented.

Abstract: The invention provides a solution to accessing for a geographical location information-based service in a server of a machine type communication based communication system, where firstly a server broadcasts or multicasts a content request message, the content request message comprising information on requested content and information on a target geographical location; then the server receives a response message from at least one user equipment, the response message indicating that the at least one user equipment possesses the requested content and the at least one user equipment being located within the target geographical location; and finally the server acquires the requested content from the at least one user equipment.

Abstract: Systems and methods are provided for scoped credentials within secure execution environments executing within virtual machines instances in an on-demand code execution system. In the on-demand code execution system, the execution environments are reset after every request or session. By resetting the single execution environment after each request or session, security issues are addressed, such as side-channel attacks and persistent malware. Additionally, the use of scoped credentials improves security by limiting the access rights for each code execution request or session to the smallest atomic level for the request or session. Following the request or session, the scoped credential is invalidated.

Abstract: A system for performing a service by using biometric information is disclosed.

Abstract: A virtual private network connection method and a memory card device using the virtual private network connection method are provided. Firstly, a virtual private network connection application program is provided. Then, the virtual private network connection application program is loaded in a memory card device. Then, the memory card device is installed in a medical device. After the virtual private network connection application program is executed and the memory card device is connected to a virtual private network server according to a connection request, the data from the medical device is transmitted to the virtual private network server through the memory card device. In such way, the data will not be attacked by malware and stolen by a third-party manufacturer during the transmission process.

Abstract: Systems and methods of the present disclosure processors and devices for providing disposable account cards using a contactless reader and contactless communication tag. A processor receives, via an antenna module from the contactless reader, radio signal data of a radio signal emitted by a contactless tag, where the radio signal data includes encoded tag data including a tag identifier. The processor determines that the contactless tag is a new contactless tag based on the tag identifier being unlinked to any account, and generates a disposable account card identifier in a user account including a unique disposable account number. The processor generates an account link that links the tag identifier to the disposable account card identifier such that the tag identifier refers to the unique disposable account number for performing contactless electronic requests to the user account in place of a user account card.

Abstract: A method for rendering results of an audit includes receiving data corresponding to the results of the audit. The data includes an image to be rendered on a display screen of an electronic computing device. The data includes one or more insights derived from the results of the audit. A user of the electronic computing device is identified. The image is rendered on the display screen. One or more insights derived from the results of the audit are rendered on top of the image on the display screen. A content of the one or more insights derived from the results of the audit that are rendered on top of the image on the display screen is dependent upon the identity of the user of the electronic computing device.

Abstract: A method, system and apparatus for requesting a plurality of credentials from a trusted entity. A local validation device (LVD) receives a credential request or an identifier from each of a plurality of user devices. The LVD generates or compiles a bundle of credential requests corresponding to the plurality of user devices. The LVD transmits the bundle of credentials requests to the MVD. The MVD receives the bundle of request and performs a validation for each request in the bundle and then communicates the credentials and/or the results of the validations to the LVD. The LVD communicates credentials to each of the plurality of user devices. In some cases, the LVD performs the validation for each credential request. For instance, the LVD can receive a local enforcement policy from the MVD, which can provide instructions or guidance to the LVD as to how to perform the validations.

Abstract: Exemplary embodiments relate to techniques for asserting the authenticity of digital content being communicated among client devices of a communication or computer system by configuring the digital content with one or more sensor responsive elements. The sensor responsive element may be a visual interface that dynamically reacts or responds to sensor data generated by one or more sensors (such as a gyroscope sensor, a microphone, and a camera) of a receiving client device. If the sensor responsive element does not dynamically react or respond to movement data, image data, or sound data generated by the one or more sensors, the digital content may fail user inspection and may indicate to the recipient that the digital content is a fake or a counterfeit.

Abstract: A computer-implemented system with a processor provides a reversible transfer of an atomic token from one side of an imperfect link to the other, such that if the protocol (or process) on either side fails at a critical moment, the atomic token will be found on both sides to be verifiably incomplete, unless the protocol has completed successfully past its ‘irreversible threshold’ on both sides.

Abstract: An intelligent gateway device provided at a premise (home or business) for providing and managing application services associated with use and support of a plurality of digital endpoint devices associated with the premises. The device includes a communications and processing infrastructure integrated with a peer and presence messaging based communications protocol for enabling communications between the device and an external support network and between the device and connected digital endpoint devices. A services framework at the gateway device implements the communications and processing infrastructure for enabling service management, service configuration, and authentication of user of services at the intelligent gateway. The framework provides a storage and execution environment for supporting and executing received service logic modules relating to use, management, and support of the digital endpoint devices.

Abstract: A random sequence generation of defined values may be provided. A method comprises pre-loading a RAM block with an initial list comprising the defined values of a sequence of values to be updated, and shuffling the defined values of the sequence using a counter and a random offset for indices in the list.

Abstract: Authentication translation is disclosed. A request to access a resource is received at an authentication translator, as is an authentication input. The authentication input corresponds to at least one stored record. The stored record is associated at least with the resource. In response to the receiving, a previously stored credential associated with the resource is accessed. The credential is provided to the resource.

Abstract: Systems and methods for authenticating a user are provided. A method may comprise providing interactive media on a computing device associated with a user. The interactive media may comprise a plurality of images. The plurality of images may be presented on a graphical display of the computing device. The method may also comprise receiving input data from the computing device when the user selects a sequence of images from the plurality of images on the graphical display of the computing device. The selected sequence of images may correspond to a sequence of grammatical words. The method may further comprise analyzing the input data by comparing the sequence of grammatical words to a passcode, and authenticating the user when the sequence of grammatical words is equal to the passcode.

Abstract: Systems and methods are included for providing feature sets to groups of managed user devices within an enterprise mobility management (EMM) system. A feature set can enable a user device to detect one or more triggering events, and in response, automatically perform a specified action. An administrator can request a feature set using an interface provided by a management server. The management server can enroll the user device, install a management agent on the user device, and automatically build and deliver the requested feature set to the user device. After receiving the feature set, the management agent of the user device can monitor for recurring triggering events without further intervention from the management server.

Abstract: A secure method and/or system allowing a user to import, export, recover and use their private keys based in part on the user's location information, to allow for reliable, consistent, and easy management of user identity and private keys across all of a user's devices and eliminate of traditional username/password authentication schemes.

Abstract: A resource management apparatus is communicable with a communication terminal that displays usage states of a plurality of resources. The resource management apparatus includes circuitry configured to transmit a request for reservation information indicating reservation contents of the plurality of resources to a reservation management apparatus that manages reservations of the plurality of resources, receive the reservation information relating to the plurality of resources transmitted by the reservation management apparatus, and transmit, to the communication terminal, image information of the plurality of resources, location information indicating locations of the plurality of resources, and usage states of the plurality of resources, and the received reservation information relating to the plurality of resources, the image information, the location information, and the usage states being managed by the resource management apparatus.

Abstract: The disclosed computer-implemented method for identifying and mitigating phishing attacks may include (i) receiving a request for sensitive data utilized to access a network service, (ii) launching an autofill provider for providing the sensitive data to the network service, (iii) identifying, utilizing the autofill provider, a domain for the network service and a data type associated with the sensitive data utilized to access the network service, (iv) determining, utilizing the autofill provider, a reputation for the network service based on the domain and the data type, and (v) performing a security action that protects against a phishing attack based on the reputation determined for the network service. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; identifying a security related activity of the entity, the security related activity being based upon the observable derived from the electronic data source, the security related activity being of analytic utility; associating the security related activity with a phase of a cyber kill chain; and, performing a security operation on the security related activity via a security system, the security operation disrupting performance of the phase of the cyber kill chain.

Abstract: A system for providing a query processing service based on personal-information protection, includes: a client terminal configured to allow a user to input and send query content for solving a problem; a relaying and processing server configured to extract and process personal information contained in the query content received from the client terminal, transmit processed query content the processed personal information to a cloud service server, and transmit an answer to a query received from the cloud service server to the client terminal; and the cloud service server configured to generate the answer to the query by analyzing the processed query content received from the relaying and processing server, and transmit the answer to the query to the relaying and processing server.

Abstract: Systems and methods of the present disclosure enable automated sharing of confidential information according to tiers of security by receiving an electronic information request from an automated form production application of a computing device associated with a third-party entity. A request security tier associated with the electronic information request is determined according to a security tier of the user-related secure data. At least one authentication requirement associated with the request is determined according to authentication settings of the security tier. An authentication request is generated enabling the user to provide an authentication response to approve the computing device for access to the user-related secure data.

Abstract: Techniques are described for enabling software applications to obtain temporary security credentials used to interact with a cloud provider network and, upon the revocation of an active set of temporary security credentials used by an application (e.g., due to concerns about the temporary credential's potential exposure to one or more unauthorized third parties), to readily obtain new temporary security credentials that the application can use to continue operation with minimal interruption. The temporary security credentials can be used, for example, to enable the cloud provider network to authenticate requests sent by software applications or users to various services or other components of the cloud provider network. An operator of a cloud provider network may provide a software development kit (SDK) that application developers can use to incorporate functionality related to the management of temporary security credentials.

Abstract: Methods and apparatus are disclosed for the maintenance of a virtual credit card pool for airline passenger vouchers. An example system includes server(s) that are configured to determine a target distribution of virtual credit cards within the virtual card pool for a current date-and-time. The server(s) are configured to, in response to determining that the current date-and-time corresponds with a predefined restocking time, for each card value: identify a current number of virtual credit cards within the virtual card pool; identify a threshold number of virtual credit cards based on the target distribution; compare the current and threshold numbers; in response to determining that the current number is less than the threshold number, transmit a request for virtual credit cards having the card value to an external server; and add the requested virtual credit cards to the virtual card pool upon receipt.

Abstract: A system and method comprising a server that automatically configures and sets up a restaurant's or business' information technology (IT) infrastructure, more specifically relating to point-of-sale devices (POS) and other networked devices such as scanners, tracking displays, and any other device that any business may use. Communication between the networked devices and the server is facilitated by a preconfigured router, wherein after initial communication with the server, the server may configure devices for a network connection, update firmware, operating parameters, and software packages of the preconfigured router and other networked devices.

Abstract: A system and method of providing two-way communication between an isolated POS system and a website are described. The POS system operates as an air gap system. In response to detecting a trigger event the two-way communication is initiated for installation, diagnostic and repair services. POS information for transmission to the website through the internet is generated using a QR code that includes the website address and a data payload that depends on the desired service. The QR code is read by a smart phone and transmitted to the website. The website responds by sending response data dependent on the QR code and desired service. The response data is communicated to the POS system via another QR code for further operations by the POS system based thereon.

Abstract: Systems and methods are described for communications between computing devices via an ephemeral data stream routing service, which allows the devices to establish a single-use connection for streaming arbitrary amounts of data. A computing device may request an ephemeral data stream from the ephemeral data stream routing service, which may respond by creating an endpoint and providing a single-use URL that locates the endpoint. The sending and receiving computing devices may then use the single-use URL to connect to the endpoint, which may be implemented on a single routing device or a pair of routing devices within the ephemeral data stream routing service. The service then relays a data stream from the sender to the receiver, and may forward the data stream from one routing device to another within the service as needed. The ephemeral data stream routing service then removes the endpoint and invalidates the single-use URL.

Abstract: Responsive to a user instruction or a security breach occurring in an enterprise computing environment, an emergency shutdown and restore module is adapted to obtain and evaluate an identity population definition to determine a population of identities (e.g., a forensic team) associated with accounts distributed across applications in the enterprise computing environment. The emergency shutdown and restore module is further adapted to determine source systems of such accounts and communicate with those source systems via source-specific connectors. The emergency shutdown and restore module can respectively request the source systems to shut down access to the applications by the accounts associated with the population of identities, or to exclude the accounts associated with the population of identities in shutting down access to the applications.

Abstract: Techniques are disclosed for generating a token identity that is assigned to a device identity module of a customer device. The token identity may be used to incorporate various types of customer identifier data to verify a customer identity during an electronic transaction. For instance, a customer may initially provide customer information on a customer device, which may be used to obtain a digital identification associated with the customer. The customer may subsequently provide an input including a customer identifier on the customer device, which may be verified against the customer information included in the digital identification.

Abstract: Cloud storage systems and methods provide event-based user state synchronization among the various cloud elements. A global user directory is maintained on a remote cloud storage system. The global user directory includes a plurality of global user definitions associated with a plurality of user accounts, where each of the user accounts has access to one of a remote file system (RFS) hosted by the remote cloud storage system and a local file system (LFS) hosted by a local cloud storage system. As global user definition are altered on the remote cloud storage system, user events are generated and communicated to the local cloud storage system, where they are applied to synchronize the local user definitions with the global user definitions. The invention facilitates centralized control of user definitions, near real-time event delivery to local cloud storage systems, and separation of authentication processes from customers' active directory services.

Abstract: A method and technical module in a technical installation, which includes at least one technical function and which is configured for integration into a higher-level control level of the technical installation, wherein functional rights relating to the at least one technical function are stored in the technical module.

Abstract: An automation system includes at least one automation unit, multiple automation servers and a central management unit interconnected via a communication network, wherein the automation servers communicate with the automation unit using a pre validated certificate of the automation unit, where in order to validate the certificate, the automation servers check a chain of trust of the respective certificate and, by accessing a black list, the validity thereof, where communication of the respective chain of trust only occurs when corresponding chains of trust are revoked from all other automation servers beforehand, corresponding certificates are entered into the black list or the certificate is otherwise invalid.

Abstract: Systems, computer program products, and methods are described herein for implementing a cognitive robotic process automation (RPA) architecture. The present invention is configured to electronically receive a video file from a repository, wherein the video file demonstrating one or more actions to be executed in a sequential manner on an application programming interface associated with an application; initiate a neural processing graph generator on the video file; generate, using the neural processing graph generator, a conjugate task graph comprising one or more nodes and one or more edges; initiate a neural task engine on the conjugate task graph; and execute, using the neural task engine, the conjugate task graph.

Abstract: A system for authenticating an encrypted device identity is provided. The system comprises a memory device with computer-readable program code stored thereon; a communication device connected to a network; and a processing device, wherein the processing device is configured to execute the computer-readable program code to: receive an encrypted device identification of a user device, the encrypted device identification comprising a stream of generated data; identify a unique stream pattern of the encrypted device identification, wherein the unique stream pattern is a distinguishable characteristic in the stream generated data; store the unique stream pattern; receive an interaction request comprising a provided device identification; analyze the provided device identification to determine if the provided device identification has the unique stream pattern; and based on determining that the provided device identification has the unique stream pattern, authenticate the interaction request.

Abstract: Data shipper agent management and configuration systems and methods are disclosed herein. In some embodiments, an example method includes enrolling data shipper agents which are installed on edge nodes, receiving selections of one or more tags for the data shipper agents, each of the one or more tags representing one or more services assigned to the data shipper agents, configurations of the services being modifiable through the one or more GUIs using a configuration application programming interface (API), providing the one or more GUIs, receiving configurations for at least one of the modules of one of the data shipper agents through one of the one or more GUIs, and automatically reconfiguring the configurations to other ones of the data shipper agents automatically.

Abstract: Systems, methods, and non-transitory computer-readable media can be configured to generate a first key for a first entity. A second key for a second entity can be generated wherein the first entity can authenticate the second entity based on an authentication token generated based on the second key. In some instances, the first entity can be a server and the second entity can be a client.

Abstract: The present disclosure relates to systems, devices and methods for device security and trust score determinations. In one embodiment, a method includes requesting, by a first device, trust score data for a second device, wherein the first device requests trust score data from a trust score management server, and receiving, by the first device, trust score data from the trust score management server. The method also includes generating a first trust score for the second device and transmitting the first trust score for the second device with a trust score management server. The method also includes configuring, by the first device, at least one control parameter for operation of the first device with the second device based on the first trust score, wherein configuring adjusts a previous control parameter to restrict operation of the first device relative to the second device. Device and systems are provided to enhance network security.

Abstract: Systems, methods, and computer media for securing software applications are provided herein. Through the use of an identifier such as a digital fingerprint, application sessions or session requests that use the same credentials can be distinguished, and malicious users can be detected and managed. A request to establish a session with an application can be received. Based on a digital fingerprint associated with the request, it can be determined that although a credential included in the request is valid, the request is unauthorized by comparing the digital fingerprint to known malicious fingerprints. When the fingerprint is found to be malicious, a cloned application session having at least partially fake data can be established instead of the requested application, thus limiting an attacker's access to real application data without revealing to the attacker that the attack has been detected.

Abstract: A method may include registering, with an offline job to be executed by a computer processor, an application programming interface (API) and an operation, obtaining, from a repository, a user consent of a user for the operation, and in response to obtaining the user consent, creating, for the user, an access token including the operation and the API. The user consent may be stored external to the access token. The method may further include transmitting the access token to the offline job, and calling, by the offline job, the API using the access token.

Abstract: There is provided a method for identifying malicious activity that changes the integrity of data sent out from a vehicle, comprising: intercepting, by an output data monitoring agent that monitors data sent out from the vehicle to an external receiving computing unit using a communication interface in communication with a network; intercepting, by at least one sensor data monitoring agent that monitors sensor data outputted by at least one sensor associated with the vehicle; monitoring the integrity of the data sent out by the vehicle by analyzing the data collected by the output data monitoring agent with the sensor data collected by the at least one sensor data monitoring agent to identify a mismatch; and identifying an indication of malicious activity that changed the data sent out from the vehicle relative to the data sensed by the at least one sensor.

Abstract: A method, system and computer-usable medium are disclosed for identifying security risks to a computer system based on a distribution of categorical features of events. Certain embodiments are directed to a computer-implemented method comprising: receiving a stream of events, the stream of events including a plurality of events; extracting a categorical feature from the plurality of events, where the categorical feature includes a set of categorical feature members, where the set of categorical feature members are generated on the fly from string values included in the extracted categorical feature; constructing a distribution for the categorical feature based on categorical feature members extracted from the plurality of events; and, analyzing the distribution of the categorical feature to identify one or more security risk factors.

Abstract: A method for sending sensitive information includes: receiving, by a service provider, a request for sensitive information from a user; upon receipt of the request, sending, by a security provider, a security code to the user; receiving, by the service provider, a code from the user; verifying, by the service provider, the user when the received code matches the security code; sending, by the service provider, the sensitive information to the security provider after the user is verified; and providing, by the security provider, a sensitive data link to the user. The sensitive data link includes the sensitive information and may expire after the sensitive data link is viewed once.

Abstract: A method is provided. The method includes receiving information about user data and user behavior relating to a user, where the information is derived at least in part from a human resources database. The method includes applying analytics to the received information. The method includes, as a result of applying analytics to the received information, generating a threat score for the user.

Abstract: An apparatus and method for providing an immutable audit trail for machine learning applications is described herein. The audit trail is preserved by recording the machine learning models and data in a data structure in immutable storage such as a WORM device, a cloud storage facility, or in a blockchain. The immutable audit trail is important for providing bank auditors with the reasons for lending or account opening reasons, for example. A graphical user interface is described to allow the archive of machine learning models to be viewed.

Abstract: Methods, systems, and devices for secure endpoint authentication credential control are described. An endpoint agent may receive an indication from an operating system of an endpoint device that the operating has received authentication credentials from a user. The endpoint agent may be housed in the endpoint device, and may detect a change between the received set of authentication credentials and a previous version of authentication credentials. Based on this detection, the endpoint agent may transmit the received authentication credentials to a central server. The central server may transmit the authentication credentials to an information technology (IT) resource which requires user authentication prior to granting access to a user.

Abstract: A system is provided for controlling access to data stored in a cloud-based storage service. A first request is received to access data stored at the cloud-based storage service, the data associated with a user account. The first request is authenticated based on a username and password associated with the user account. A second request is received for a file that is stored in an area associated with a heightened authentication protocol. The heightened authentication protocol is performed to authenticate the second request. In response to authenticating the second request, permission is granted to a temporary strong authentication state. The permission is to access the file that is stored in the area associated with the heightened authentication protocol.