Abstract: There is provided mechanisms for handling a subscription profile for a subscriber entity. A method is performed by a subscription management entity. The method comprises obtaining a request from a mobile network operator entity to configure the subscription profile for the subscriber entity. The method comprises configuring the subscription profile with a customized PIN/PUK code for the subscriber entity. The method comprises providing an indication of the customized PIN/PUK code being configured in the subscription profile in a response to the mobile network operator entity.

Abstract: A method may include collecting from each of multiple endpoint devices a set of anonymized interactions of the corresponding endpoint device with other endpoint devices. Each anonymized interaction in the set of anonymized interactions may be based on an ephemeral unique identifier of another endpoint device involved in a corresponding anonymized interaction with the corresponding endpoint device. The method may include, for each endpoint device, resolving identities of the other endpoint devices with which the corresponding endpoint device has interacted from the corresponding set of anonymized interactions.

Abstract: A processor core that includes a token generator circuit is to execute a first instruction in response to initialization of a software program that requests access to protected data output by a cryptographic operation. To execute the first instruction, the processor core is to: retrieve a key that is to be used by the cryptographic operation; trigger the token generator circuit to generate an authorization token; cryptographically encode the key and the authorization token within a key handle; store the key handle in memory; and embed the authorization token within a cryptographic instruction that is to perform the cryptographic operation. The cryptographic instruction may be associated with a first logical compartment of the software program that is authorized access to the protected data.

Abstract: Methods, systems, and computer-readable media for single-packet authorization using proof of work are disclosed. An access control service receives, from a client, a single-packet authorization (SPA) request. The (SPA) request comprises output of a proof-of-work task, wherein completion of the proof-of-work task requires computational resources or memory resources of the client. The access control service performs verification of the output of the proof-of-work task using fewer computational or memory resources of the access control service than were used by the client. In response to determining that verification of the output of the proof-of-work task succeeds, the access control service performs authentication of the SPA request. In response to determining that authentication of the SPA request succeeds, the access control service allows access by the client device to a service.

Abstract: A method for rendering results of an audit includes receiving data corresponding to the results of the audit. The data includes an image to be rendered on a display screen of an electronic computing device. The data includes one or more insights derived from the results of the audit. A user of the electronic computing device is identified. The image is rendered on the display screen. One or more insights derived from the results of the audit are rendered on top of the image on the display screen. A content of the one or more insights derived from the results of the audit that are rendered on top of the image on the display screen is dependent upon the identity of the user of the electronic computing device.

Abstract: Systems and methods for encoded communications are disclosed. In some embodiments, a server system may be configured to receive a communication from a user interface at an encoded communication module that includes an artificial intelligence based natural language processing module, determine whether the received communication is an encoded communication, decode the encoded communication to generate a financial query when it is determined that the received communication is an encoded communication, retrieve financial data associated with the user, determine an answer to the financial query based on the retrieved financial data, encode the determined answer to generate an encoded responsive communication, and transmit the generated encoded responsive communication to the user interface for providing to a user of the user interface.

Abstract: Disclosed herein is an identity network that can provide a universal, digital identity for users that can be used to authenticate the user by an identity provider for relying parties. The identity network receives a request from a relying party that includes deep linking to an identity provider selected by the user. The request specifies the user as well as any other information about the user the relying party is requesting. A service of the identity network launches the application for the identity provider on the user's device using a software development kit. The user can log into the identity provider's application, which validates the user and provides the user authentication/validation and information about the user to the identity network. The identity network can then provide the indication of the user's authentication and the user information to the relying party.

Abstract: Disclosed embodiments relate to providing dynamic and least-privilege access to network resources. Techniques include receiving a request from a network identity to access a network resource, authenticating the network identity using a native client and communication protocol, authorizing the network identity based on one or more access policy, generating a least privilege ephemeral account having ephemeral credentials, accessing the network resource using the ephemeral credentials, and enabling the network identity to access the network resource using the least-privilege ephemeral account using the native client and communication protocol. The techniques may further include matching an existing account to the network identity based on the one or more access policy and enabling the network identity to access the network resource using the matched existing account using the native client and communication protocol.

Abstract: Aspects of the disclosure relate to a system and method for securely authenticating a device via token(s) and/or verification computing device(s). A verification computing device may generate a pseudorandom number or sequence. Based on the pseudorandom number or sequence, the verification computing device may select a first plurality of parameters associated with a user of a device to be authenticated. The verification computing device may transmit, to the device, the pseudorandom number or sequence, and the device may select a second plurality of parameters. The device may generate a token based on the second plurality of parameters. The device may send the token to another device, and the other device may send the token to the verification computing device. The verification computing device may authenticate the device based on the token.

Abstract: Methods, systems, and media for recovering identity information in verifiable claims-based systems are provided.

Abstract: A method for providing secure single sign on includes receiving a first data object from an application hosting server, the first data object indicating at least a service provider name and identifying a configuration file corresponding to the service provider name, wherein the configuration file includes at least trusted identity information. The method also includes determining, using the configuration file corresponding to the service provider name, whether the first data object is valid and, in response to a determination that the first data object is valid, generating a response message.

Abstract: A computing device includes a memory and a processor to provide a web application to be accessed by a client device, receive from a camera images of a person at the client device, and analyze the images to determine that security of the web application is being compromised by the person based on the images. The processor provides at least one action to be taken by the client device in response to analysis of the images. The at least one action is to modify access of the client device to the web application.

Abstract: A method of monitoring access to a lounge is provided herein. The method includes identifying a user using a device and determining an assigned location associated with the user. The method also includes determining a current location associated with the user and comparing the assigned location and the current location. If the comparison is valid, the method further includes determining a geofence associated with the user and the device, and monitoring whether the device is within the geofence.

Abstract: Methods and apparatus are disclosed for the maintenance of a virtual credit card pool for airline passenger vouchers. An example system includes server(s) that are configured to determine a target distribution of virtual credit cards within the virtual card pool for a current date-and-time. The server(s) are configured to, in response to determining that the current date-and-time corresponds with a predefined restocking time, for each card value: identify a current number of virtual credit cards within the virtual card pool; identify a threshold number of virtual credit cards based on the target distribution; compare the current and threshold numbers; in response to determining that the current number is less than the threshold number, transmit a request for virtual credit cards having the card value to an external server; and add the requested virtual credit cards to the virtual card pool upon receipt.

Abstract: In some implementations, a first network device may receive an authorization request associated with a user device connecting to a network associated with first network device. The first network device may redirect the authorization request toward a second network device associated with a second service provider. The first network device may determine, based on a response to the authorization request, that the user device is subscribed to a service provided by the second service provider and that the user device is not authorized to connect to the network. The first network device may provide a temporary service to the user device to enable the user device to connect to the network for a limited period based on the user device being subscribed to the service provided by the second service provider and the user device not being authorized to connect to the network.

Abstract: In one aspect, an example methodology implementing the disclosed techniques includes, by a computing device, responsive to a user requesting authorization to access an application, segmenting a string of content into a plurality of substrings of different lengths, the string of content being an input to access the application. The method also includes, responsive to a determination that data in a first data structure represents a first substring of the plurality, identifying a length of another substring and at least one type of character present within that substring based on the data in the first data structure, determining a risk of unauthorized use of the string of content based on the identified length and the at least one type of character present within that substring, and allowing access to the application using the string of content based on the determined risk.

Abstract: A system for credential authentication includes an interface and a processor. The interface is configured to receive a create indication to create a guest credential representing a guest badge associated with a visitor and receive a claim indication from an authentication device to claim the guest credential. The processor is configured to provide the guest credential to the authentication device in response to the claim indication, provide a proof request to the authentication device, receive a proof response from the authentication device, validate the proof response, determine a visitor tracking system associated with a request from the authentication device to authenticate entry, and provide a check-in indication to the visitor tracking system that the visitor has checked in.

Abstract: Techniques for improving data security and access control at the distributed execution level of distributed computing systems are provided. The techniques can include receiving a data access request from a data processing application to access data, directing the data access request to a security data application, modifying the data access request, executing the modified data access request to obtain data that is responsive to the modified data access request, and providing the obtained data to the data processing application.

Abstract: One or more medical devices are configured to connect to a predetermined temporary provisioning network of a healthcare organization, the temporary provisioning network being different than a healthcare network of the healthcare organization. After the devices are received by the healthcare organization, and powered up for the first time, device identifiers corresponding to the medical devices are received at a server remote from the healthcare organization, from the temporary provisioning network, together with an indication that the medical devices are requesting access to a management server within a healthcare network of the healthcare organization.

Abstract: Some embodiments provide a method for an electronic device. The method stores user data associated with a web-based third party service based on user interaction with a web domain for the third party service through a web browser. The method receives a request from a service-specific application to utilize the user data stored for the third party service. The method provides the user data to the application only when the application is verified by the web domain for receiving user data associated with the third party service.

Abstract: A user verification method and apparatus using a generalized user model is disclosed, where the user verification method includes generating a feature vector corresponding to a user based on input data corresponding to the user, determining a first parameter indicating a similarity between the feature vector and an enrolled feature vector enrolled for user verification, determining a second parameter indicating a similarity between the feature vector and a user model corresponding to generalized users, and verifying the user based on the first parameter and the second parameter.

Abstract: Systems and methods are provided for assessing an account takeover risk for one or more accounts of an individual. The account security procedures for each of a number of services with which the user has an account may be analyzed. Publicly accessible information regarding the user may also be collected and analyzed. The collected information and security procedures may be compared in order to determine one or more vulnerabilities to hostile account takeover of one or more of the analyzed accounts. An alert may be generated regarding a determined takeover risk, which may include suggested actions for remedying the risk.

Abstract: One example method includes logging into websites through devices including insecure devices. A logon device may store credentials. The logon device is configured to connect with an insecure device and then communicate with a website for authentication purposes without exposing a user's credentials to the insecure device. After the user is authenticated, the session is transferred to the insecure device.

Abstract: Embodiments described herein disclose methods and systems for authorizing transactions received from client applications. The transaction request can include a first access token. After validating the first access token, the system can determine whether additional authentication is needed to authorize the transaction. If additional authentication is needed, the system can determine the authentication requirements. Once the additional authentication is received and verified, the system can generate a second access token and authorize the transaction by releasing the first access token.

Abstract: A same wireless access profile is installed on each of multiple mobile communication devices. The wireless access profile includes outer identity information and anonymous inner identity information for each service. The anonymous inner identity information includes a credential used by each of the multiple mobile communication devices to use the service. To use the service such as access a remote network, a respective mobile communication device communicates an anonymous username and password assigned to the service to a policy server during first level authentication. The policy server stores a network address of the authenticated mobile communication device. During second level authentication, the policy server receives an identity of the mobile communication device from a network gateway. The policy server provides access control information (assigned to the service) to the network gateway.

Abstract: A method for processing a trust-based transaction via a blockchain includes: receiving data associated with a proposed trust-based transaction including at least a transaction amount, payment data, and a broker identifier; processing payment for the transaction amount using the payment data; identifying a blockchain address associated with a broker corresponding to the broker identifier; generating a digital token, wherein the digital token is unique to the proposed trust-based transaction; electronically transmitting the generated digital token to a first computing device; and electronically transmitting at least the transaction amount, blockchain address, and at least one of: the generated digital token and data used to generate the generated digital token to a node associated with a blockchain network.

Abstract: Methods and systems for verifying a user's identity on a computing device using two-factor authentication are described. More particularly, the system can use a personal identification number input by a user, together with one or more of a secure browsing feature, a device fingerprint, and a token generator to authenticate the user on the computer.

Abstract: Embodiments herein describe using visual passwords to control access to secure information. When a user attempts to access the secure information, she can provide her username to an authentication agent which identifies the visual password corresponding to the received username and selects a first set of images that contains the visual password and a second set of images that does not. The first and second sets of images are then transmitted to a user device. The user device can display the first and second sets of images to the user who selects which images have the visual password. An indication of which images the user selected is then transmitted to the authentication engine which determines whether the user selected all the images in the first set and none of the images in the second set. If so, the user is granted access to the secure information.

Abstract: Systems and methods are provided for providing, by a user equipment, a short message service (SMS) message to initiate Wi-Fi onboarding to a mobile network, receiving, by the user equipment, a binary SMS message including a request for a certificate signing request by a server, generating, by the user equipment, the certificate signing request based on the request for the certificate signing request of the binary SMS message, providing, by the user equipment, the certificate signing request to the mobile network, and receiving, by the user equipment, a binary SMS message including Wi-Fi login data based on the certificate signing request provided to the mobile network.

Abstract: Methods and systems are disclosed for enabling the creation of substitute low-value token creation, comprising providing software content to a content delivery network wherein, when transmitted to a user browser, the software content is configured to enable the user browser to create a substitute low-value token if a token service is unavailable, wherein the content delivery network is configured to provide the software content to at least one user browser, and receiving the substitute low-value token from a merchant system, the substitute low-value token having been generated by the user browser in response to the user browser being unable to obtain a low-value token from the token service.

Abstract: Systems and methods are disclosed for securing a network, for admitting new nodes into an existing network, and/or for securely forming a new network. As a non-limiting example, an existing node may be triggered by a user, in response to which the existing node communicates with a network coordinator node. Thereafter, if a new node attempts to enter the network, and also for example has been triggered by a user, the network coordinator may determine, based at least in part on parameters within the new node and the network coordinator, whether the new node can enter the network.

Abstract: An authentication system includes an authenticator that receives an authentication request from a device and receives sensor data from one or more sensors, the sensor data being indicative of interaction with one or more real world objects or with a displayed authentication image. The authenticator determines that the sensor data is indicative of an authorized interaction with the one or more real world objects or with the displayed authentication image and, in response to the determination, grants the authentication request.

Abstract: A method includes: processing a request to execute a transaction of a virtual asset of a video game; responsive to the request, accessing a blockchain to perform an anti-fraud verification, including analyzing data of a prior transaction involving the virtual asset; responsive to the anti-fraud verification providing a result that does not indicate fraudulent activity, then generating transaction data based on an identifier for the first user account, an identifier for the second user account, an identifier for the virtual asset, and state data of the virtual asset, and submitting the transaction data to a node network, to write the transaction data to a block of the blockchain; receiving confirmation of the writing of the transaction data; responsive to receiving the confirmation, then updating a registry of virtual assets to transfer ownership of the virtual asset from the first user account to the second user account.

Abstract: In an embodiment, a method of blockchain-enhanced proof of identity (POI) includes receiving identity information of a user in connection with a POI request. The method also includes generating a first cryptographic hash using at least a portion of the identity information and storing the first cryptographic hash on a public blockchain in a first blockchain transaction. The method also includes establishing a request identifier based on the first blockchain transaction. The method also includes receiving a digital image that depicts the user together with a POI document, the digital image including the request identifier. The method also includes creating a POI digital document comprising at least a portion of the digital image. The method also includes generating a second cryptographic hash using at least a portion of the POI digital document and storing the second cryptographic hash on the public blockchain in a second blockchain transaction.

Abstract: Trigger based analytics database synchronization is described. In one example case, a trigger is invoked based on an operation issued for a record in a transactional database. According to the trigger, one or more data values for synchronization from the transactional database to an analytics database are determined. A message including the data values is formed and added to a message queue through a message infrastructure service including a message broker. In turn, the values from the message are stored in a suitable memory space, such as a staging table, for forwarding to an analytics computing system. Using the trigger and the message infrastructure service, execution of the transactional database operation can be detached in execution from the addition of the value to the staging table and synchronization with the analytics computing system.

Abstract: A method for data processing that includes receiving an indication of a configuration for a first action of a communication process flow that controls electronic communications between a tenant of a multi-tenant system and a first set of users associated with the tenant. The method further includes associating, within a storage location associated with the tenant, a unique identifier with metadata that defines the configuration. The method further includes receiving a request to apply the configuration to a second action of a communication process flow that controls electronic communications between the tenant and a second set of users associated with the tenant. The request may indicate the unique identifier associated with the metadata. The method further includes retrieving the metadata from the storage location using the unique identifier indicated by the request. The method further includes applying the configuration to the second action using the retrieved metadata.

Abstract: A security control method and a computer system are provided. A first domain and a second domain are deployed in the computer system, the second domain is more secure than the first domain, a program is deployed in the first domain, and a control flow management module and an audit module are deployed in the second domain. The second domain is more secure than the first domain. When the program in the first domain is executed, the control flow management module obtains control flow information by using a tracer. The audit module audits the to-be-audited information according to an audit rule, and when the to-be-audited information matches the audit rule, determines that the audit succeeds and then allows the first domain to perform a subsequent operation, for example, to access a secure program in the second domain.

Abstract: A communication control device includes: a processor configured to: acquire identification information of a communication terminal from the communication terminal that is authenticated by communication via a wide area communication network; and when the identification information is included in a storage storing an information set in which associated are (i) the identification information of the communication terminal and (ii) specific connection unit information indicating a specific connection unit that is predetermined for the communication terminal in a narrow area communication network different from the wide area communication network, perform control such that the communication terminal is connected to the specific connection unit as a connection destination of the communication terminal, based on the specific connection unit information of the information set including the acquired identification information.

Abstract: Plurality of users share a common key while permitting change of members sharing the common key and computational complexity required for key exchange is reduced. Ri and ci are computed based on a twisted pseudo-random function in a first key generation step. sid is generated based on a target-collision resistant hash function and (sid, R?, R?) is transmitted to communication devices Ui in a session ID generation step. T1 and T? are computed based on a pseudo-random function in a representative second key generation step. Tj is computed based on the pseudo-random function in a general second key generation step. k? is computed based on the twisted pseudo-random function and T?j is computed with respect to each j in a third key generation step. K1l and k1 are computed in a first session key generation step. A common key K2 is generated based on the pseudo-random function in a second session key generation step.

Abstract: Methods, systems, and storage media for multi-cloud data connections for white-labeled platforms are disclosed. Exemplary implementations may: receive an indication of a plurality of applications to be accessed; receive authentication information for the plurality of applications; establish a plurality of data connections to the plurality of applications, if authenticated with the authentication information; receive application data received from the plurality of data connections; normalize the application data to provide normalized data; generate a customizable feed with display parameters and displaying the normalized data according to the display parameters; and generate a visualization dashboard with visualization parameters and displaying the normalized data according to the visualization parameters.

Abstract: Methods and systems for secure authentication in an extended reality (XR) environment are described herein. An XR environment may be output by a computing device and for display on a device configured to be worn by a user. A first plurality of images may be determined via the XR environment. The first plurality of images may be determined based on a user looking at a plurality of objects, real or virtual, in the XR environment. The first plurality of images may be sent to a server, and the server may return a second plurality of images. A public key and private key may be determined based on different portions of each of the second plurality of images. The public key may be sent to the server to register and/or authenticate subsequent communications between the computing device and the server.

Abstract: The present disclosure relates to a communication method and system for converging a 5th-Generation (5G) communication system for supporting higher data rates beyond a 4th-Generation (4G) system with a technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. The present invention relates to an authentication method applied to a next generation 5G communication system and an apparatus for performing same, network slices, a method for managing the network slices, and an apparatus for performing the same.

Abstract: A method includes linking a first application with a first Transport Layer Security (TLS) library, linking a second application with a second TLS library, obtaining a sequence of cryptographic keys by a first agent, the sequence of cryptographic keys based on an agent key and provided from the first agent to the first TLS library, obtaining the sequence of cryptographic keys by a second agent, the sequence of cryptographic keys based on the agent key and provided from the second agent to the second TLS library, establishing communication between the first TLS library and the first agent to create a first trusted relationship, establishing communication between the second TLS library and the second agent to create a second trusted relationship, and establishing a third trusted relationship between the first agent and the second agent.

Abstract: Various embodiments are generally directed to an apparatus, method and other techniques to determine a secure memory region for a transaction, the secure memory region associated with a security association context to perform one or more of an encryption/decryption operation and an authentication operation for the transaction, perform one or more of the encryption/decryption operation and the authentication operation for the transaction based on the security association context, and cause communication of the transaction.

Abstract: Methods, apparatuses, and computer program products for edge device assisted mitigation of publish-subscribe denial of service (DoS) attacks are disclosed. An edge device hosts a virtualized copy of an Internet-of-Things (IoT) device subscribed to one or more publish-subscribe topics. When the edge device receives an indication to activate the virtualized copy of the IoT device, for example, during a DoS attack on the IoT device, the edge device activates the virtualized copy of the IoT device, which receives traffic from the publish-subscribe topic. The virtualized copy of the IoT device applies security policies to incoming traffic received from the subscription topics and transmits to the IoT device sanitized traffic obtained from the received incoming subscription content traffic.

Abstract: A method for operating an Internet of Things (IoT) system includes obtaining, by a device registration tool, identification information of a first IoT module, obtaining, by the device registration tool, identification information of a device with the first IoT module mounted thereon, and registering, by the device registration tool, the identification information of the first IoT module and the identification information of the device in a database accessible by an IoT network.

Abstract: A display apparatus includes an optical module, a display panel and a display panel driver. The display panel is disposed on the optical module. The display panel driver is configured to drive the display panel. The display panel includes a first display area including at least a portion overlapping with the optical module and a second display area not overlapping with the optical module in a plan view. The first display area includes pixels having a first pixel structure. The second display area includes pixels having a second pixel structure different from the first pixel structure.

Abstract: Embodiments described herein provide for system and methods to crowdsource the location of wireless devices and accessories that lack a connection to a wide area network. One embodiment provides for a data processing system configured to perform operations comprising loading a user interface on an electronic device, the user interface to enable the determination of a location of a wireless accessory that is associated with the electronic device, generating a set of public keys included within a signal broadcast by the wireless accessory, the signal broadcast during a first period, sending the set of public keys to a server with a request to return data that corresponds with a public key in the set of public keys, decrypting the location data using a private key associated with the public key, and processing the location data to determine a probable location for the wireless accessory.

Abstract: Techniques for managing secure login with authentication while viewing a unique code are described. In some examples, a requesting device displays a visual representation of data. An authenticating device detects the presence of the visual representation of data. The authenticating device prompts a user to provide authorization information at the authenticating device. The authenticating device receives a set of one or more inputs. The authenticating device transmits information authorizing access to content on the requesting device.

Abstract: A telecommunications network server system provides a digital identifier to a user device. The digital identifier may include identification data corresponding to a user of the user device. In addition, the telecommunications network server system receives, from one or more third-party systems, requests to authenticate the user for an electronic transaction with the respective third-party system. The telecommunications network server system provides a unique electronic transaction code to each third-party system. Responsive to receiving from the user device one of the unique electronic transaction codes, the telecommunications network server system provides, to the respective third-party system, authentication of the user.