Abstract: A method for setting up a communication channel for exchanging data between a server device and a client device is provided. The method includes: transmitting authentication information from an issuer device to the client device; transmitting the authentication information from the client device to the server device in a cryptographic security protocol, in particular in a TLS handshake protocol; authenticating the client device by means of the server device depending on the received authentication information; and setting up the communication channel between the server device and the authenticated client device by means of the cryptographic security protocol. The authentication of the client device can be carried out in the context of setting up the communication channel. In this case, the communication channel is established by means of the cryptographic security protocol.

Abstract: The present technology pertains to a system that authenticates the identity of a user trying to access a service. The system comprises an authentication provider configured to communicate authentication requirements to a continuous multifactor authentication device and the continuous multifactor authentication device configured to receive authentication requirements, to fuse multiple identification factors into an identification credential for a user according to the authentication requirements, and to send the authentication credential to the authentication provider. After receiving the identification credential meeting the authentication requirements, the authentication provider is configured to instruct a service provider to initiate a session.

Abstract: Methods, network nodes, computer programs, carrier and user equipment, wherein a proof-of-presence in communications between private land mobile networks (PLMNs) is presented. In an example method performed by a network node in a home public land mobile network (HPLMN) of a user equipment (UE), the network node obtains, from a visited public land mobile network (VPLMN), a proof-of-presence indicator that represents the UE as being present in the VPLMN. The network node verifies whether or not the UE is present in the VPLMN by determining whether or not the proof-of-presence indicator was generated by the UE using a secret shared between the UE and at least the HPLMN. Upon verification of the presence of the UE in the VPLMN, sensitive information can be communicated by the HPLMN to the VPLMN.

Abstract: A computer-implemented system and related method address malfunctioning peers in a blockchain, the method comprising receiving endorsement results from peers in the blockchain, where the endorsement results are for one or more transactions in the blockchain. The endorsement results include successful and failed endorsements. The method further comprises distributing the successful and failed endorsements to two or more endorsement collectors, determining which peers are successful endorsement peers (SEPs) that provided successful endorsements, and which peers are failed endorsement peers (FEPs) that provided failed endorsements. A reputation score is calculated for each peer based on endorsement information from the endorsement collectors. The reputation score is then sent to at least one of a client and a system administrator. This reputation score is then used to determine peer selection in a subsequent transaction.

Abstract: The present application is directed a computer-implemented methods and systems implementing control policies created or modified by Software Defined Network applications. The control policies can be provided to SDN controllers for implementation.

Abstract: Disclosed herein are methods, devices, and apparatuses, including computer programs stored on computer-readable media, for generating and verifying password. One of the methods includes: receiving a password setup request, the password setup request including a list identifying at least one verifier and data representing a user-provided password; forming a basis password based on the user-provided password; generating a plurality of system-generated passwords based on the basis password; encrypting the plurality of system-generated passwords to generate a plurality of encrypted passwords including a first encrypted password; submitting the plurality of encrypted passwords to a blockchain system for recordation; and providing a first address of the first encrypted password on the blockchain system to a first verifier identified in the list.

Abstract: A system and method for providing stringent tamper resistant protection against changes to key system security features. The tamper protection is configured such that any changes to the policy can only occur from a configuration manager console, thereby preventing local device admin users or other malicious actors from altering the setting. Thus, tamper protection locks the selected service and prevents security settings from being changed through third-party apps and methods. When a system administrator enables the feature for an enterprise's workstations, only administrators will be able to change the service settings across a company's computers. The tamper protection policy is digitally signed in the backend before being deployed to endpoints, and the endpoint verifies the validity and intent of the policy, establishing that it is a signed package that only security operations personnel with the necessary administrator rights can control.

Abstract: A system and method for biobehavioral identification may include a user device, a secure system/client device, and a server. The elements of the system work together to monitor the biologic features (e.g., fingerprints, pupils, or the like) and behavior (e.g., wake time, exercise time, location) to verify the authenticity of a user requesting access to a database and/or secure facility.

Abstract: Methods and systems for secure authentication in an extended reality (XR) environment are described herein. An XR environment may be output by a computing device and for display on a device configured to be worn by a user. A first plurality of images may be determined via the XR environment. The first plurality of images may be determined based on a user looking at a plurality of objects, real or virtual, in the XR environment. The first plurality of images may be sent to a server, and the server may return a second plurality of images. A public key and private key may be determined based on different portions of each of the second plurality of images. The public key may be sent to the server to register and/or authenticate subsequent communications between the computing device and the server.

Abstract: A system is provided for controlling access to data stored in a cloud-based storage service. A first request is received to access data stored at the cloud-based storage service, the data associated with a user account. The first request is authenticated based on a username and password associated with the user account. A second request is received for a file that is stored in an area associated with a heightened authentication protocol. The heightened authentication protocol is performed to authenticate the second request. In response to authenticating the second request, permission is granted to a temporary strong authentication state. The permission is to access the file that is stored in the area associated with the heightened authentication protocol.

Abstract: The present disclosure relates to two-factor authentication with a Hardware Security Module (HSM). In response to a login attempt, the HSM indicates that two-factor authentication is required. To generate the second authentication factor, a management console is accessed using credentials. The management console generates the second authentication factor and provides the second authentication factor to the client. The client then provides the second authentication factor to the HSM to complete the two-factor authentication operations.

Abstract: A biometric inspection device including a housing provided with an acquisition interface, the device including an optical sensor for acquiring at least one image of a portion of the body of a candidate for inspection appearing before the acquisition interface. The optical sensor is configured so that the image also covers an internal zone of the housing situated outside the acquisition interface.

Abstract: The concepts, systems and methods described herein are directed towards a method for secure booting running on a security device. The method is provided to include: receiving a public key from a security device; validating the security device by comparing the received public key with a hash code; in response that the security device is validated, receiving custom codes from the security device and storing the custom codes in a microprocessor, wherein the microprocessor is located in a programmable memory of a primary processor; programming the programmable memory by executing the custom codes; and executing a boot sequence of the primary processor by the programmable memory.

Abstract: A scanner may register one or more profile information to a memory, in a case where an operation for selecting specific profile information from among the one or more profile information registered to the memory is performed, send a first authentication request including first authentication information included in the specific profile information to the server, in a case where an authentication by the first authentication information fails in response to sending the first authentication request to the server, display an authentication information input screen, in a case where second authentication information is inputted in the authentication information input screen, send a second authentication request including the second authentication information to the server, and in a case where an authentication by the second authentication information is successful in response to sending the second authentication request to the server, send scan data to the server.

Abstract: A connection service providing method includes outputting, by a first user terminal from among a plurality of user terminals, a connection request signal to at least one second user terminal among the plurality of user terminals through an inaudible frequency range based on a trigger signal for initiating a connection between the plurality of user terminals; and connecting the at least one second user terminal and the first user terminal as a group; and providing a connection service associated with the group on the first user terminal.

Abstract: Systems, methods, and non-transitory computer-readable media can determine a set of mappings between vectors in a first dataset associated with a first party to a set of shared universal identifiers based on a secure multi-party computation. A set of mappings can be determined between vectors in a second dataset associated with a second party to the set of shared universal identifiers based on the secure multi-party computation. Membership information for each vector in the first dataset can be obtained. The membership information indicating whether an individual associated with the vector is assigned to a test group, a control group, or neither. Conversion information for each vector in the second dataset can be obtained. The conversion information indicating whether an individual converted. Conversion counts for the test group and the control group can be determined based at least in part on the membership information and the conversion information.

Abstract: An information processing device makes a communication connection with an external device. The information processing device establishes a service connection with the external device upon determining an input of a determination key from the external device in the determination-key-input-reception time.

Abstract: Disclosed embodiments relate to systems and methods for securely and seamlessly provisioning credentials for use by personal computing devices. Techniques include obtaining a session identifier; making available an encoded representation to a personal computing device, the encoded representation encoding the session identifier; wherein the personal computing device is configured to: decode the encoded representation, access an identity credential stored on the personal computing device, encrypt the identity credential using a first cryptographic key, and send, to a mediator resource, the session identifier and the encrypted identity credential; receiving, from the mediator resource, the session identifier and the encrypted identity credential; and storing the encrypted identity credential.

Abstract: Described are various embodiments of a hardware security module, hardwired port interconnection matrix, and embedded communication channel resources operable on selected hardware port-specific data communicated via this matrix.

Abstract: A computer-implemented method for authentication using a hashed fried password may include receiving a password value of a user, a salt key, a pepper key, and/or a temporary and randomly generated fry key, or otherwise modifying/appending the password with the salt key, pepper key, and/or fry key. The method may include hashing the modified password, such as performing a hash operation similar to Hash (Password, Salt Key, Pepper Key, Temporary Fry Key). The randomly generated fry key is not saved or otherwise stored, either locally or remotely. A remote server attempting to authenticate the user's password may check for each possible fry key, such as checking against a set of preapproved fry keys, that the hashed fried password may have been modified with in parallel. As a result, an online customer experience requiring a password is not impacted or impeded, while an attacker's attempts to learn the password are frustrated.

Abstract: An electronic device according to various embodiments of the present invention includes: a microphone; a communication module; a memory; and at least one processor, wherein the processor can receive and record a voice through the microphone while a function of receiving the voice is activated, generate first authentication data including data for the voice and identification data for the electronic device on the basis of the recorded voice, determine the mode of the electronic device on the basis of the recorded voice, send the first authentication data, receive second authentication data corresponding to the first authentication data, use identification data included in the second authentication data to connect communication with an external electronic device when the data for the voice included in the first authentication data matches data for voice included in the second authentication data, and perform, according to the mode, at least one function related to the communication-connected external electronic

Abstract: A method for operating an SDN-based mobile communication system is provided. The system provides a control plane function that possesses information from an access network about location and/or proximity of devices and information about rules and/or policies for setting up sessions for the devices. The system includes a mobile network having a control plane and a data plane, with a network controller being implemented therebetween. The method includes: upon a particular device's request for session establishment, receiving, via signaling and at the control plane, device related information; based on the device related information that is received via the signaling, performing, at the control plane, selection of an abstract data plane node or a group of abstract data plane nodes; and providing, at the control plane, the selected abstract data plane node or the selected group of abstract data plane nodes to the network controller.

Abstract: Apparatuses, methods, systems, and program products are disclosed for early data breach detection. An apparatus includes a data module configured to receive user data from a darknet. User data may include user credential information that has been misappropriated. An apparatus includes a match module configured to determine whether user credential information matches a user's credentials for a user's one or more online accounts. An apparatus includes an action module configured to trigger a security action related to a user's one or more online accounts to make the user's one or more online accounts more secure in response to determining that user credential data matches the user's credentials at the user's one or more online accounts.

Abstract: Disclosed herein are systems and methods that may generate so-called “honey credentials” that are transmitted to a “phishing” website, and are then stored into a honey credential database. The honey credentials appear to be valid credentials, but whenever a bad actor attempts to access an enterprise using the honey credentials, security appliances the enterprise may update the records of the honey credential database to include one or more unique identifiers for each bad actor device that attempts to access the enterprise network using the honey credentials. A server may automatically query the honey credential database to identify other accounts that have been accessed by devices that used the honey credentials to access the enterprise. The server may then flag the accounts and restrict their functionality.

Abstract: A device may include one or more processors to establish a media access control security (MACsec) key agreement (MKA) session between a first network device and a second network device via a MACsec link; establish a fast heartbeat session via the MACsec communication link, between a first packet processing engine of the first network device and a second packet processing engine of the second network device, to permit the first packet processing engine and the second packet processing engine to exchange fast heartbeat messages via the fast heartbeat session and the MACsec communication link; determine, based on the fast heartbeat session, that the MKA session has ended; and/or perform an action based on the MKA session ending.

Abstract: A method and system for white box infection detection and isolation. The methods and systems can monitor a plurality of white boxes deployed within a communications network; send a challenge to a first white box of the plurality of white boxes; determine a processing time to answer the challenge by the first white box; in response to receiving the answer to the challenge, determine whether the processing time exceeds an average processing time for the challenge by a predetermined percentage; and in response to the processing time exceeding the average processing time by the predetermined percentage, isolate the first white box from the communications network.

Abstract: Know your customer regulations and security concerns, among other reasons, motivate institutions to ensure that entities with whom the institutions have dealings are who they say they are. A block of the blockchain discussed herein includes entity verifications generated by institutions that participate in the blockchain. An individual verification may include a hash of personal information associated with an entity that was authenticated by an institution. An institution seeking to authenticate (or deny) an entity may receive personal information from the entity, hash that personal information, and search the blockchain for any matching verifications (e.g., by attempting to match the hashed personal information to hash(es) associated with a verification in the blockchain).

Abstract: Some embodiments are directed to a server device (100) and a client device (200) arranged to authenticating a user of client device (200). The user has access to an authentication string. Server device (100) is configured to encrypt a set of character/position data according to a homomorphic encryption algorithm. The client device allows the user to select a subset from the encrypted set from which a verification number is computed using the homomorphic operation.

Abstract: A method for biometric authentication is disclosed. Reference biometric data established at a first device can be stored at a backend server computer. The server computer can then provide the reference biometric data with a second device when needed for biometric authentication at the second device.

Abstract: Embodiments of the present invention provide a system for rapid bandwidth access deployment across multiple entities for secure, expedited bandwidth provisioning for entity connectivity. In this way, the invention provides a private, secure 5G connectivity network to generate specific remote points of connectivity for entity to entity connections. The 5G network may allow any user within the entity with authentication to connect from any random point-to-point faster, with much more time to transmit using an existing wave length within the 5G technology. Furthermore, in some embodiments, the system may provide a dedicated bandwidth pipeline that provides trades or communications within milliseconds for the entity users. This may be provided via a geographical location or the like and allow for 5G provisioning and presentment for faster than a traditional fiber based connectivity desired for entity communications.

Abstract: Deployment state based configuration generation is disclosed. For example, a first node is in a first deployment state, with a state daemon executing on the first node. A configuration generator may be associated with one or more processors. The state daemon records a first configuration instruction associated with a first modification to the first deployment state, where the first node is in a second deployment state after the first modification. The configuration generator generates a first configuration based on the second deployment state including the first configuration instruction. The first configuration is stored to a configuration repository, where the first configuration is deployed to a second node converting the second node to the second deployment state.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for identity verification are provided. One of the methods includes: generating a security question for verifying a target user; determining an answer for the target user to match the security question; determining a category identification of the answer for the target user; determining users' data corresponding to the category identification of the answer for the target user; searching, in the determined users' data, for one or more pieces of the users' data related to the answer for the target user to serve as one or more distraction answers; and verifying the target user according to the security question, the answer for the target user, and the one or more distraction answers.

Abstract: Methods and systems for ensuring security of in-car systems in vehicles, particularly, user data privacy and protection of in-car systems from cyber attacks, hacking etc. is provided. After a two-level authentication process, wherein user identification data, token and passwords are used and matched to authenticate the user, a secure OS container is created for use for the user accessing the IVI system of the vehicle. This container is created on the host root file system such that the environments of the container and the host root file system of the IVI system are sandboxed from each other.

Abstract: The present application provides an unlocking solution. In this solution, after obtaining a digital key seed, a user mobile device can generate a digital key for multiple times by using the digital key seed and first check data corresponding to a current unlocking operation, and then send the digital key to a smart door lock for verification and unlocking. Because the digital key includes the first check data only corresponding to the current unlocking operation, an attacker cannot use the digital key to perform unlocking again even if the attacker obtains the digital key. In addition, because the digital key seed can be used for multiple times, a smart door lock server does not need to be connected each time to obtain the digital key. Therefore, both security and ease of use are satisfied.

Abstract: A system for cognitive prioritization for report generation may include a processor and a memory cooperating therewith. The processor may be configured to accept a request for a new report from a user, the request having a user profile importance associated therewith and generate a predicted completion time for the new report based upon a historical completion time prediction model based upon historical data for prior reports. The processor may be configured to generate a predicted importance of the new report based upon a historical importance prediction model based upon the historical data for prior reports and determine a combined predicted importance based upon the user profile importance and the predicted importance. The processor may also be configured to generate a prioritization of the new report among other reports based upon the predicted completion time and the combined predicted importance and generate the new report based upon the prioritization.

Abstract: Disclosed are techniques for preparing data, received at unpredictable times from multiple data sources providing disparate proprietary data formats and input types, so that the data is readily available to be monetized, used for business analytics, or other purposes.

Abstract: A system and method to identify and prevent cybersecurity attacks on modern, highly-interconnected networks, to identify attacks before data loss occurs, using a combination of human level, device level, system level, and organizational level monitoring.

Abstract: A system for enhanced internet of things digital certificate security is provided. The system includes a computer device. The computer device is programmed to store, in a database, a plurality of statuses associated with a plurality of digital certificates. The computer device is also programmed to receive, from a first computer device, a status update for the first digital certificate. The computer device is further programmed to update the first status based on the status update. Subsequently to updating the first status, the computer device is programmed to receive a request for a connection from the first device. Subsequently to updating the first status, the computer device is also programmed to deny the request for a connection based on the first status.

Abstract: Embodiments disclosed herein are related to making a determination that a wearable device that is configured to host or access a DID management module is in contact with the skin of a DID owner. A determination is then made that the DID owner is authorized to use a DID that is associated with the DID management module. Finally, one or more DID-related functions are performed using the DID that is associated with the DID management module by communicating with a second computing system that is associated with a second DID. The wearable device allows the one or more DID-related functions to be performed in a portable and secure manner.

Abstract: A server is provided for managing access of an electronic entity to a communications network. The server includes a contact point in operable communication with the electronic entity. The contact point is configured to receive a network access granting request message from the electronic entity. The server further includes a processing module, configured to process the received network access granting request message, validate trust indicators contained within the network access granting request message, authorize access of the electronic entity to the network upon validation of the trust indicators, and transmit a response message to the electronic entity indicating a level of access to the network that has been authorized.

Abstract: The disclosed technology includes systems and methods for determining secondary authentication of a user's log-in attempts by comparing received behavioral biometric data and/or received scenario-specific data to saved behavioral biometric data and/or saved scenario-specific data, respectively. Responsive to determining that the received behavioral biometric data and/or received scenario-specific data is above a predetermined threshold of similarity with respect to the saved behavioral biometric data and/or saved scenario-specific data, respectively, the systems and methods can determine that the corresponding log-in attempt is secondarily authenticated. of a user device via behavioral biometric data. Responsive to determining that the level of similarity is not above the predetermined threshold, the systems and methods can initiate a secondary authentication method and can associate the received behavioral biometric data with a second user model.

Abstract: The present teaching relates to method, system, medium, and implementation for secure data management associated with a record owner. A request is first received from a service provider for validating one or more data items in order to carry out a transaction between the record owner and the service provider. The record owner performs authentication required and send the request to a trusted party seeking to validate the one or more data items, wherein the trusted party is authorized to access the one or more data items. When a cloaked identifier to be used for validating the one or more data items is received from the trusted party, it is sent to the service provider for the service provider to use for validating the one or more data items.

Abstract: Systems and methods for providing identity verification services to users by providing a staking mechanism to incentivize participants in an identity verification system to be truthful and accurate and determining validator accuracy and associated setting of fees for using validator attestations to create an efficient, private and secure system.

Abstract: Methods, systems, and computer program products are provided for real-time compromise detection based on behavioral analytics. The detection runs in real-time, during user authentication, for example, with respect to a resource. The probability that the authentication is coming from a compromised account is assessed. The features of the current authentication are compared with the features from past authentications of the user. After comparison, a match score is generated. The match score is indicative of the similarity of the authentication to the user's history of authentication. This score is then discretized into risk levels based on the empirical probability of compromise based on known past compromised user authentications. The risk levels may be used to detect whether user authentication is occurring via compromised credentials.

Abstract: A system for securely storing privacy information is provided. The system includes a plurality of nodes configured to maintain a distributed database containing consumer privacy information having a plurality of entries. Each entry of the plurality of entries in the distributed database is (i) encrypted with a unique encryption key associated with a consumer and the distributed database, and (ii) indexed based on a public encryption key associated with the consumer. A most recent entry associated with the consumer includes current personal information about the consumer. A first entry associated with the consumer includes an encrypted version of the unique encryption key.

Abstract: A method and system for peer-to-peer communication across network is described. At an internet key exchange (IKE) daemon, an IKE packet including an application data packet and an IKE header is received. The received IKE packet is de-multiplexed to identify a data destination that receives the application data packet, the data destination identified based on a data destination identifier included in the IKE header. Finally, the application data packet is forwarded to a receiving peer when the data destination is the receiving peer.

Abstract: For updating the password of a credential with a matching username, methods, apparatus, and systems are disclosed. One method includes storing a set of credentials, each credential in the set comprising a username and password. The method includes detecting an update to a first credential of the set of credentials, the first credential comprising a first username and a first stored password. Here, the update to the first credential indicates a new password to be associated with the first username. The method includes identifying a set of candidate credentials, each candidate credential having a username that matches the first username and a password that matches the stored password and updating the set of candidate credentials to comprise the new password.

Abstract: Methods, apparatuses and computer program products for implementing at least one communication barrier in a group-based communication system are described herein. The apparatus is configured to at least receive a first group correlation between a first user identifier and a first group identifier, receive a second group correlation between a second user identifier and a second group identifier, retrieve a communication separation settings set associated with the first group identifier and the second group identifier, and cause rendering a first electronic indication on a group-based communication interface. In some examples, the first user identifier is associated with a first workspace identifier and a first group-based communication channel. In some examples, the first group-based communication channel is associated with the first workspace identifier and a second workspace identifier.

Abstract: The present invention enables the selection of network routes based on a combination of traditional route table entries, identity policy information, and trust level information determined dynamically for each network session. This enables a network operator to apply different policies to network entities presenting differing identity credentials. It also allows network operators to block access to networks and network resources when identity credentials are not provided or are unauthorized.

Abstract: Disclosed embodiments relate to systems and methods for automatically detecting and addressing security risks in code segments. Techniques include identifying a request from a network identity for an action involving a target network resource, wherein the action requires a temporary access token. Techniques further include performing, based on a security policy, at least one of: storing the temporary access token separate from the network identity and providing the network identity with a customized replacement token having an attribute different from the temporary access token; or creating a customized replacement role for the network identity, the customized replacement role having associated permissions that are customized for the network identity based on the request.