Abstract: A system for credential authentication comprises an interface configured to receive a create indication to create a badge credential representing an employee badge and receive a claim indication from an authentication device to claim the badge credential, and a processor configured to provide the badge credential to the authentication device in response to the claim indication, receive a proof response from the authentication device comprising the badge credential and a lock identifier, validate the proof response using a distributed ledger, and provide a token for unlocking a lock associated with the lock identifier to the authentication device.

Abstract: A multitenant infrastructure server (MTIS) is configured to provide an environment to execute a computer routine of an arbitrary application. The MTIS receives a request from a webtask server to execute the computer routine in a webtask container. The computer routine is executed in the webtask container at the MTIS. Upon successful execution of the computer routine, a result set is returned to the webtask server. If the execution of the computer routine is unsuccessful, an error notification is returned to the webtask server. The resources consumed during the execution of the computer routine are determined. The webtask container is destroyed to prevent persistent storage of the computer routine on the MTIS.

Abstract: Systems and methods for managing requests to implement account related actions based on biometric data are disclosed herein. According to an aspect, a system includes a first computing device comprising a user account manager configured to manage an account of a user. The user account manager is also configured to receive a request to implement an action associated with the account. Further, the user account manager is configured to receive, from a second computing device of the user, biometric data associated with the user. The user account manager is also configured to manage the request to implement the action based on the received biometric data.

Abstract: Described herein is a data security system for enabling tokenized access to sensitive data, including a token provider configured to initiate a secure connection with a remote client computing device of a first data subject, and receive, from the remote client computing device, a request for an access token to provide a service provider with access to sensitive data associated with the first data subject. The request includes a data definition and authorization parameters. The token provider is also configured to generate the access token that enables access to the sensitive data, store the access token in a token database, and transmit, to the remote client computing device, a response including the access token and instructions that enable the remote computing device to display the access token to the first data subject or transmit the access token to the service provider.

Abstract: Embodiments described herein provide for system and methods to crowdsource the location of wireless devices and accessories that lack a connection to a wide area network. One embodiment provides for a data processing system configured to perform operations comprising loading a user interface on an electronic device, the user interface to enable the determination of a location of a wireless accessory that is associated with the electronic device, generating a set of public keys included within a signal broadcast by the wireless accessory, the signal broadcast during a first period, sending the set of public keys to a server with a request to return data that corresponds with a public key in the set of public keys, decrypting the location data using a private key associated with the public key, and processing the location data to determine a probable location for the wireless accessory.

Abstract: A method for pervasive resource identification includes receiving an authentication request from a first application service. The authentication request requests authentication of a user of a user device. The method includes obtaining device information associated with the user device of the user and generating a unique opaque identifier for the user device based on the device information. The method includes obtaining authentication credentials from the user device. The authentication credentials verify an identity of the user. In response to receiving the authentication credentials from the user device, the method includes generating an authentication token and encoding the unique opaque identifier into the authentication token. The method also includes transmitting the authentication token to the first application service.

Abstract: A lighting device according to an embodiment of the present invention comprises: a light source unit; a first communication unit for receiving library data from a mobile terminal; a storage unit for storing the library data; a second communication unit for receiving a control message indicating an execution command of a library corresponding to the library data from a control device; and a processor for controlling the light source unit such that the library is executed according to the control message, wherein the processor can control operation timing of the light source unit by sequentially receiving the control message at least a predetermined number of times at the initiation of the execution of the library.

Abstract: A system is provided for increasing authentication complexity for access to online systems. In particular, the system may use a hidden or obscured method for creating and enforcing a multi-factor authentication scheme. In this regard, the system may introduce authentication logic to a particular application in the network environment such that one or more “invalid” login credentials are generated by a local agent using a pre-shared key and/or algorithm. A back-end authentication system may be calculate its own set of “invalid” login credentials based on the same pre-shared key and/or algorithm, then subsequently compare the calculated incorrect credentials with the incorrect login credentials received from the local agent. If a match is detected, the system may permit a valid set of authentication credentials to be provided to authorize access to the target application and/or online system.

Abstract: The present disclosure generally relates to methods for providing an upgrade option for accessing an account on a service. In some embodiments, the method is performed at a computer system that is in communication with a display generation component and one or more input devices, and includes displaying a user interface that includes information associated with a service provided by a first entity, receiving a first user input, and in response to receiving the first user input, displaying a first selectable user interface object corresponding to an upgrade option. Enabling the upgrade option causes login requests corresponding to requests to log in to the service using an access account to be authenticated by a second entity different from the first entity.

Abstract: The present disclosure relates to a terminal device, a method and apparatus for unlocking a screen of the terminal device. The terminal device comprises a touch and display chip; the method is used on the touch and display chip and comprises: when the terminal device is in a dormant state, displaying a screen unlocking interface on the screen if touch information is detected on the screen; acquiring unlocking information for unlocking the screen via the screen unlocking interface; and unlocking the screen when the unlocking information is consistent with corresponding verification information. The terminal device, the method and apparatus for unlocking the screen of the terminal device according to the present disclosure greatly reduce the power consumption of the terminal device, and save battery power. Furthermore, the touch and display chip enables user verification during unlocking process to be securer.

Abstract: Methods and systems for performing a partial pass-through transfer are described. In an aspect, a method includes: receiving, from a first computing system, pass-through transfer definition data to be associated with a first logical storage area, the pass-through transfer definition data including a trigger condition for a pass-through transfer and an apportionment value for the pass-through transfer; storing a representation of the pass-through transfer definition data in association with the first logical storage area; detecting a first data transfer to the first logical storage area, the first data transfer representing a transfer of a resource; determining that the first data transfer satisfies the trigger condition; and in response to determining that the first data transfer satisfies the trigger condition: identifying a portion of the resource based on the apportionment value; and initiating a second data transfer.

Abstract: Systems, methods, and non-transitory computer-readable media can determine a first dataset provided by a first party, wherein the first dataset includes a set of vectors that are each associated with a user identifier. A second dataset provided by a second party can be determined, wherein the second dataset includes a set of vectors that are each associated with a user identifier. One or more vectors in the first dataset can be matched to vectors in the second dataset based on a secure multi-party computation without revealing respective graph information of the first party or the second party. Respective mappings between vectors in the first dataset to a set of shared universal identifiers can be provided to the first party. Respective mappings between vectors in the second dataset to the set of shared universal identifiers can be provided to the second party.

Abstract: An input device configured for multi-factor authentication. The input device includes a plurality of sensor electrodes, one or more light sources, and an authentication component. The plurality of sensor electrodes is configured for capacitive sensing in a sensing region of the input device. The one or more light sources are configured to illuminate at least a portion of the sensing region of the input device. The authentication component is configured to receive a first authentication input via a first authentication device, determine whether the first authentication input matches a first credential of an authorized user, and selectively activate the one or more light sources based at least in part on whether the first authentication input matches the first credential of an authorized user.

Abstract: A system for entering a secure Personal Identification Number (PIN) into a mobile computing device includes a mobile computing device and a peripheral device that are connected via a data communication link. The mobile computing device includes a mobile application and a display and the mobile application runs on the mobile computing device and displays a grid on the mobile computing device display. The peripheral device includes a display and an encryption engine, and the peripheral device display displays a grid corresponding to the grid displayed on the mobile computing device display. Positional inputs on the mobile computing device grid are sent to the peripheral device and the peripheral device decodes the positional inputs into PIN digits and generates an encrypted PIN and then sends the encrypted PIN back to the mobile computing device.

Abstract: Methods and systems for creating a verifiable digital identity are provided. The method includes obtaining a first user-generated item comprising an identifiable feature. The method also includes digitally signing the first user-generated item to generate a secure digital artifact. The method also includes uploading the secure digital artifact and the first user-generated item to an auditable chain of a public ledger. The method also includes verifying a digital identity of the user by auditing the auditable chain. The method also includes obtaining a second user-generated item generated comprising the identifiable feature. The method also includes comparing the first and second user-generated items. The method also includes uploading the second user-generated item to the public ledger when the comparing is within a threshold.

Abstract: Devices, computer-readable media, and methods for changing the state of a network-connected device in response to at least one facial gesture of a user are disclosed. For example, a processing system including at least one processor captures images of a face of a user, detects at least one facial gesture of the user from the images, determines an intention to change a state of a network-connected device from the at least one facial gesture, generates a command for the network-connected device in accordance with the intention, and outputs the command to cause the state of the network-connected device to change.

Abstract: A network-accessible service provides an enterprise with a view of all identity and data activity in the enterprise's cloud accounts. The service enables distinct cloud provider management models to be normalized with centralized analytics and views across large numbers of cloud accounts. The service enables an enterprise to model all activity and relationships across cloud vendors, accounts and third party stores. Display views of this information preferably can pivot on cloud provider, country, cloud accounts, application or data store. Using a domain-specific query language, the system enables rapid interrogation of a complete and centralized data model of all data and identity relationships. User reports may be generated showing all privileges and data to which a particular identity has access. Similarly, data reports shown all entities having access to an asset can be generated.

Abstract: A method, computer system, and a computer program product for assessing a likelihood of success associated with developing at least one machine learning (ML) solution is provided. The present invention may include generating a set of questions based on a set of raw training data. The present invention may also include computing a feasibility score based on an answer corresponding with each question from the generated set of questions. The present invention may then include, in response to determining that the computed feasibility score satisfies a threshold, computing a level of effort associated with developing the at least one ML solution to address a problem. The present invention may further include presenting, to a user, a plurality of results associated with assessing the likelihood of success of the at least one ML solution.

Abstract: A rollover system is provided to facilitate transitioning of client devices in a shared account network environment, from an old password to a new replacement password. The switching of passwords may take place gradually during a rollout period for client devices without required downtime and reducing a risk of lockouts. During the rollover period, a prior salt is temporarily carried over to a new verifier for the replacement password. Two new verifiers are generated: a temporary new verifier using the old salt for verification during the rollover period and another new verifier using a different new salt for verification after the rollover period had expired. During the rollover period, authentication involves the use of the temporary new verifier with the old salt or by the old verifier and old salt of the prior password. After the rollover period, authentication is based on the new verifier with a new salt.

Abstract: A first IoT device includes a memory, a transceiver, bloom filter evaluation, false positive comparison and control modules. The memory stores: a bloom filter set including an array of bits representing entries in a certificate revocation list; and a false positive set including a list of certificate entries falsely identified as being revoked. The transceiver receives from a second IoT device a message including a certificate. The bloom filter evaluation module receives the bloom filter set from a back office station and determines whether an identifier associated with the certificate is in the bloom filter set. The false positive comparison module receives the false positive set from the back office station and determines whether the identifier is in the false positive set. The control module permits communication between the first and second IoT devices based on whether the identifier is in the bloom filter and false positive sets.

Abstract: An on-vehicle communication system includes: a plurality of function units; and one or a plurality of switch devices, each switch device being configured to perform a relay process of relaying communication data between the function units. When unauthorized communication by a function unit has been detected, the switch device performs a validation process of validating a function unit other than an unauthorized-communication function unit that is the function unit for which the unauthorized communication has been detected.

Abstract: The invention provides a solution to accessing for a geographical location information-based service in a server of a machine type communication based communication system, where firstly a server broadcasts or multicasts a content request message, the content request message comprising information on requested content and information on a target geographical location; then the server receives a response message from at least one user equipment, the response message indicating that the at least one user equipment possesses the requested content and the at least one user equipment being located within the target geographical location; and finally the server acquires the requested content from the at least one user equipment.

Abstract: The presentation of a verifiable credential that is represented within a data structure that represents the verifiable credential as well as usage data of the verifiable credential. The usage of the verifiable credential is monitored, such that as usage of the verifiable credential changes or progresses, the stored usage data also changes. This data structure may be used to not only cause visual representations of the verifiable credential to be displayed to the user, but the user can selectively cause at least some of that usage data to also be presented to the user. Thus, the user can easily keep track of how their verifiable credential is being used, regardless of where or from which device the verifiable credential is presented.

Abstract: A system for performing a service by using biometric information is disclosed.

Abstract: Systems and methods are provided for scoped credentials within secure execution environments executing within virtual machines instances in an on-demand code execution system. In the on-demand code execution system, the execution environments are reset after every request or session. By resetting the single execution environment after each request or session, security issues are addressed, such as side-channel attacks and persistent malware. Additionally, the use of scoped credentials improves security by limiting the access rights for each code execution request or session to the smallest atomic level for the request or session. Following the request or session, the scoped credential is invalidated.

Abstract: Systems and methods of the present disclosure processors and devices for providing disposable account cards using a contactless reader and contactless communication tag. A processor receives, via an antenna module from the contactless reader, radio signal data of a radio signal emitted by a contactless tag, where the radio signal data includes encoded tag data including a tag identifier. The processor determines that the contactless tag is a new contactless tag based on the tag identifier being unlinked to any account, and generates a disposable account card identifier in a user account including a unique disposable account number. The processor generates an account link that links the tag identifier to the disposable account card identifier such that the tag identifier refers to the unique disposable account number for performing contactless electronic requests to the user account in place of a user account card.

Abstract: A virtual private network connection method and a memory card device using the virtual private network connection method are provided. Firstly, a virtual private network connection application program is provided. Then, the virtual private network connection application program is loaded in a memory card device. Then, the memory card device is installed in a medical device. After the virtual private network connection application program is executed and the memory card device is connected to a virtual private network server according to a connection request, the data from the medical device is transmitted to the virtual private network server through the memory card device. In such way, the data will not be attacked by malware and stolen by a third-party manufacturer during the transmission process.

Abstract: Exemplary embodiments relate to techniques for asserting the authenticity of digital content being communicated among client devices of a communication or computer system by configuring the digital content with one or more sensor responsive elements. The sensor responsive element may be a visual interface that dynamically reacts or responds to sensor data generated by one or more sensors (such as a gyroscope sensor, a microphone, and a camera) of a receiving client device. If the sensor responsive element does not dynamically react or respond to movement data, image data, or sound data generated by the one or more sensors, the digital content may fail user inspection and may indicate to the recipient that the digital content is a fake or a counterfeit.

Abstract: A method, system and apparatus for requesting a plurality of credentials from a trusted entity. A local validation device (LVD) receives a credential request or an identifier from each of a plurality of user devices. The LVD generates or compiles a bundle of credential requests corresponding to the plurality of user devices. The LVD transmits the bundle of credentials requests to the MVD. The MVD receives the bundle of request and performs a validation for each request in the bundle and then communicates the credentials and/or the results of the validations to the LVD. The LVD communicates credentials to each of the plurality of user devices. In some cases, the LVD performs the validation for each credential request. For instance, the LVD can receive a local enforcement policy from the MVD, which can provide instructions or guidance to the LVD as to how to perform the validations.

Abstract: An intelligent gateway device provided at a premise (home or business) for providing and managing application services associated with use and support of a plurality of digital endpoint devices associated with the premises. The device includes a communications and processing infrastructure integrated with a peer and presence messaging based communications protocol for enabling communications between the device and an external support network and between the device and connected digital endpoint devices. A services framework at the gateway device implements the communications and processing infrastructure for enabling service management, service configuration, and authentication of user of services at the intelligent gateway. The framework provides a storage and execution environment for supporting and executing received service logic modules relating to use, management, and support of the digital endpoint devices.

Abstract: A computer-implemented system with a processor provides a reversible transfer of an atomic token from one side of an imperfect link to the other, such that if the protocol (or process) on either side fails at a critical moment, the atomic token will be found on both sides to be verifiably incomplete, unless the protocol has completed successfully past its ‘irreversible threshold’ on both sides.

Abstract: A method for rendering results of an audit includes receiving data corresponding to the results of the audit. The data includes an image to be rendered on a display screen of an electronic computing device. The data includes one or more insights derived from the results of the audit. A user of the electronic computing device is identified. The image is rendered on the display screen. One or more insights derived from the results of the audit are rendered on top of the image on the display screen. A content of the one or more insights derived from the results of the audit that are rendered on top of the image on the display screen is dependent upon the identity of the user of the electronic computing device.

Abstract: A random sequence generation of defined values may be provided. A method comprises pre-loading a RAM block with an initial list comprising the defined values of a sequence of values to be updated, and shuffling the defined values of the sequence using a counter and a random offset for indices in the list.

Abstract: Systems and methods for authenticating a user are provided. A method may comprise providing interactive media on a computing device associated with a user. The interactive media may comprise a plurality of images. The plurality of images may be presented on a graphical display of the computing device. The method may also comprise receiving input data from the computing device when the user selects a sequence of images from the plurality of images on the graphical display of the computing device. The selected sequence of images may correspond to a sequence of grammatical words. The method may further comprise analyzing the input data by comparing the sequence of grammatical words to a passcode, and authenticating the user when the sequence of grammatical words is equal to the passcode.

Abstract: Authentication translation is disclosed. A request to access a resource is received at an authentication translator, as is an authentication input. The authentication input corresponds to at least one stored record. The stored record is associated at least with the resource. In response to the receiving, a previously stored credential associated with the resource is accessed. The credential is provided to the resource.

Abstract: Systems and methods are included for providing feature sets to groups of managed user devices within an enterprise mobility management (EMM) system. A feature set can enable a user device to detect one or more triggering events, and in response, automatically perform a specified action. An administrator can request a feature set using an interface provided by a management server. The management server can enroll the user device, install a management agent on the user device, and automatically build and deliver the requested feature set to the user device. After receiving the feature set, the management agent of the user device can monitor for recurring triggering events without further intervention from the management server.

Abstract: A secure method and/or system allowing a user to import, export, recover and use their private keys based in part on the user's location information, to allow for reliable, consistent, and easy management of user identity and private keys across all of a user's devices and eliminate of traditional username/password authentication schemes.

Abstract: The disclosed computer-implemented method for identifying and mitigating phishing attacks may include (i) receiving a request for sensitive data utilized to access a network service, (ii) launching an autofill provider for providing the sensitive data to the network service, (iii) identifying, utilizing the autofill provider, a domain for the network service and a data type associated with the sensitive data utilized to access the network service, (iv) determining, utilizing the autofill provider, a reputation for the network service based on the domain and the data type, and (v) performing a security action that protects against a phishing attack based on the reputation determined for the network service. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A resource management apparatus is communicable with a communication terminal that displays usage states of a plurality of resources. The resource management apparatus includes circuitry configured to transmit a request for reservation information indicating reservation contents of the plurality of resources to a reservation management apparatus that manages reservations of the plurality of resources, receive the reservation information relating to the plurality of resources transmitted by the reservation management apparatus, and transmit, to the communication terminal, image information of the plurality of resources, location information indicating locations of the plurality of resources, and usage states of the plurality of resources, and the received reservation information relating to the plurality of resources, the image information, the location information, and the usage states being managed by the resource management apparatus.

Abstract: A system for providing a query processing service based on personal-information protection, includes: a client terminal configured to allow a user to input and send query content for solving a problem; a relaying and processing server configured to extract and process personal information contained in the query content received from the client terminal, transmit processed query content the processed personal information to a cloud service server, and transmit an answer to a query received from the cloud service server to the client terminal; and the cloud service server configured to generate the answer to the query by analyzing the processed query content received from the relaying and processing server, and transmit the answer to the query to the relaying and processing server.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; identifying a security related activity of the entity, the security related activity being based upon the observable derived from the electronic data source, the security related activity being of analytic utility; associating the security related activity with a phase of a cyber kill chain; and, performing a security operation on the security related activity via a security system, the security operation disrupting performance of the phase of the cyber kill chain.

Abstract: Systems and methods of the present disclosure enable automated sharing of confidential information according to tiers of security by receiving an electronic information request from an automated form production application of a computing device associated with a third-party entity. A request security tier associated with the electronic information request is determined according to a security tier of the user-related secure data. At least one authentication requirement associated with the request is determined according to authentication settings of the security tier. An authentication request is generated enabling the user to provide an authentication response to approve the computing device for access to the user-related secure data.

Abstract: Techniques are described for enabling software applications to obtain temporary security credentials used to interact with a cloud provider network and, upon the revocation of an active set of temporary security credentials used by an application (e.g., due to concerns about the temporary credential's potential exposure to one or more unauthorized third parties), to readily obtain new temporary security credentials that the application can use to continue operation with minimal interruption. The temporary security credentials can be used, for example, to enable the cloud provider network to authenticate requests sent by software applications or users to various services or other components of the cloud provider network. An operator of a cloud provider network may provide a software development kit (SDK) that application developers can use to incorporate functionality related to the management of temporary security credentials.

Abstract: Methods and apparatus are disclosed for the maintenance of a virtual credit card pool for airline passenger vouchers. An example system includes server(s) that are configured to determine a target distribution of virtual credit cards within the virtual card pool for a current date-and-time. The server(s) are configured to, in response to determining that the current date-and-time corresponds with a predefined restocking time, for each card value: identify a current number of virtual credit cards within the virtual card pool; identify a threshold number of virtual credit cards based on the target distribution; compare the current and threshold numbers; in response to determining that the current number is less than the threshold number, transmit a request for virtual credit cards having the card value to an external server; and add the requested virtual credit cards to the virtual card pool upon receipt.

Abstract: A system and method comprising a server that automatically configures and sets up a restaurant's or business' information technology (IT) infrastructure, more specifically relating to point-of-sale devices (POS) and other networked devices such as scanners, tracking displays, and any other device that any business may use. Communication between the networked devices and the server is facilitated by a preconfigured router, wherein after initial communication with the server, the server may configure devices for a network connection, update firmware, operating parameters, and software packages of the preconfigured router and other networked devices.

Abstract: A system and method of providing two-way communication between an isolated POS system and a website are described. The POS system operates as an air gap system. In response to detecting a trigger event the two-way communication is initiated for installation, diagnostic and repair services. POS information for transmission to the website through the internet is generated using a QR code that includes the website address and a data payload that depends on the desired service. The QR code is read by a smart phone and transmitted to the website. The website responds by sending response data dependent on the QR code and desired service. The response data is communicated to the POS system via another QR code for further operations by the POS system based thereon.

Abstract: Responsive to a user instruction or a security breach occurring in an enterprise computing environment, an emergency shutdown and restore module is adapted to obtain and evaluate an identity population definition to determine a population of identities (e.g., a forensic team) associated with accounts distributed across applications in the enterprise computing environment. The emergency shutdown and restore module is further adapted to determine source systems of such accounts and communicate with those source systems via source-specific connectors. The emergency shutdown and restore module can respectively request the source systems to shut down access to the applications by the accounts associated with the population of identities, or to exclude the accounts associated with the population of identities in shutting down access to the applications.

Abstract: Systems and methods are described for communications between computing devices via an ephemeral data stream routing service, which allows the devices to establish a single-use connection for streaming arbitrary amounts of data. A computing device may request an ephemeral data stream from the ephemeral data stream routing service, which may respond by creating an endpoint and providing a single-use URL that locates the endpoint. The sending and receiving computing devices may then use the single-use URL to connect to the endpoint, which may be implemented on a single routing device or a pair of routing devices within the ephemeral data stream routing service. The service then relays a data stream from the sender to the receiver, and may forward the data stream from one routing device to another within the service as needed. The ephemeral data stream routing service then removes the endpoint and invalidates the single-use URL.

Abstract: Techniques are disclosed for generating a token identity that is assigned to a device identity module of a customer device. The token identity may be used to incorporate various types of customer identifier data to verify a customer identity during an electronic transaction. For instance, a customer may initially provide customer information on a customer device, which may be used to obtain a digital identification associated with the customer. The customer may subsequently provide an input including a customer identifier on the customer device, which may be verified against the customer information included in the digital identification.

Abstract: Cloud storage systems and methods provide event-based user state synchronization among the various cloud elements. A global user directory is maintained on a remote cloud storage system. The global user directory includes a plurality of global user definitions associated with a plurality of user accounts, where each of the user accounts has access to one of a remote file system (RFS) hosted by the remote cloud storage system and a local file system (LFS) hosted by a local cloud storage system. As global user definition are altered on the remote cloud storage system, user events are generated and communicated to the local cloud storage system, where they are applied to synchronize the local user definitions with the global user definitions. The invention facilitates centralized control of user definitions, near real-time event delivery to local cloud storage systems, and separation of authentication processes from customers' active directory services.