Abstract: Methods, apparatuses and computer program products for implementing at least one communication barrier in a group-based communication system are described herein. The apparatus is configured to at least receive a first group correlation between a first user identifier and a first group identifier, receive a second group correlation between a second user identifier and a second group identifier, retrieve a communication separation settings set associated with the first group identifier and the second group identifier, and cause rendering a first electronic indication on a group-based communication interface. In some examples, the first user identifier is associated with a first workspace identifier and a first group-based communication channel. In some examples, the first group-based communication channel is associated with the first workspace identifier and a second workspace identifier.

Abstract: The present invention enables the selection of network routes based on a combination of traditional route table entries, identity policy information, and trust level information determined dynamically for each network session. This enables a network operator to apply different policies to network entities presenting differing identity credentials. It also allows network operators to block access to networks and network resources when identity credentials are not provided or are unauthorized.

Abstract: Disclosed embodiments relate to systems and methods for automatically detecting and addressing security risks in code segments. Techniques include identifying a request from a network identity for an action involving a target network resource, wherein the action requires a temporary access token. Techniques further include performing, based on a security policy, at least one of: storing the temporary access token separate from the network identity and providing the network identity with a customized replacement token having an attribute different from the temporary access token; or creating a customized replacement role for the network identity, the customized replacement role having associated permissions that are customized for the network identity based on the request.

Abstract: An example computing device includes a memory to store a cryptographic key, a processor coupled to the memory, and a set of instructions stored in the memory. The set of instructions, when executed by the processor, is to capture an encrypted passcode originating from a basic input/output system (BIOS) of a managed device as a challenge to grant local access to the BIOS and authenticate with a server using a user credential. When authentication with the server is successful, the set of instructions is to decrypt the encrypted passcode with the cryptographic key to obtain a decrypted passcode and output the decrypted passcode. When authentication with the server is unsuccessful, the set of instructions is to delete the cryptographic key.

Abstract: One-time password (“OTP”) generation on a smartwatch is provided. OTP generation may include communication between an application on a smartwatch and an application on a smartphone. The request for an OTP may be received at the smartwatch. A biometric identifier may also be received at the smartwatch. The smartwatch application may communicate with the smartphone application. An OTP may be generated within a third-party library within the smartphone application. The generated OTP may be transmitted from the smartphone application to the smartwatch application. The OTP may be displayed on the smartwatch.

Abstract: Plurality of users share a common key while permitting change of members sharing the common key and computational complexity required for key exchange is reduced. Ri and ci are computed based on a twisted pseudo-random function in a first key generation step. sid is generated based on a target-collision resistant hash function and (sid, R?, R?) is transmitted to communication devices Ui in a session ID generation step. T1 and T? are computed based on a pseudo-random function in a representative second key generation step. Tj is computed based on the pseudo-random function in a general second key generation step. k? is computed based on the twisted pseudo-random function and T?j is computed with respect to each j in a third key generation step. K11 and k1 are computed in a first session key generation step. A common key K2 is generated based on the pseudo-random function in a second session key generation step.

Abstract: In some embodiments, a first device performs ranging operations to allow a user to perform one or more operations on the first device without providing device-access credentials. For example, when a second device is within a first distance of the first device, the first device determines that the second device is associated with a first user account that is authorized to perform operations on the first device. In response to the determination, the first device enables at least one substitute interaction (e.g., a password-less UI interaction) to allow the operations to be performed on the first device to be accessed without receiving access credentials through a user interface. In response to detecting an occurrence of the substitute interaction, the operation is authorized on the first device.

Abstract: A system and method for rapid check-in and inheriting trust using a user entity device. The system and method described herein allows an identity to be continuously proven because of user entity's behavior and their biometrics. With all the fraud and risk that exists today, if someone has a user entity's driver's license they can do a lot of harm. By tying a user entity's identity to their user entity device (e.g., a mobile smartphone), then when a user entity checks into a location (e.g., airport, hotel, bank), an identity provider continues a process of continuous authentication while the user entity device travels about a location and interacts with the services offered by the location.

Abstract: Managing user sessions in a networked computing environment. A method includes, at an identity provider computer system, providing a first id token to a resource provider for an entity. The first id token has therein a first policy check interval having a value defining a period when the first id token should be revalidated. Due to expiration of the first policy check interval, a first refresh token is received from a resource provider computer system that received the first id token. As a result of receiving the first refresh token from the resource provider computer system, the identity provider computer system evaluates conditional access policy for the entity. If the identity provider computer system determines that the conditional access policy for the entity has been met, the identity provider computer system provides a new id token and a new refresh token to the resource provider computer system.

Abstract: A privacy-enhancing system, method, and non-transitory computer-readable medium for securely identifying an individual over time without retaining sensitive biometric data. In one embodiment, the system includes a local identity server including an electronic processor, a communication interface, and a memory. The electronic processor is configured to initiate a personalization of a partner-specific identification vehicle that identifies the individual based at least in part on an individual global unique identifier associated with the individual, receive a request for a service from the individual via the communication interface, receive consent and registration information from the individual via the communication interface, generate an identity confirmation that confirms an identity of the individual, and output the identity confirmation via the communication interface.

Abstract: A multifunction peripheral stores normal user information for executing user authentication in and an auxiliary storage. The multifunction peripheral has a quick login mode for simple authentication. When registering a new user in the quick login mode, the CPU determines whether a login name in the normal user information of an existing user matches a login name of the new user. When the two login names match, the user is allowed to select whether to associate the new user with the existing user. When selected to associate the new user with the existing user, the quick user information of the new user including the first management information and the second management information is generated using at least user ID in the normal user information of the existing user, the first management information is stored in the auxiliary storage, and the second management information is stored in a main storage.

Abstract: Upon an attempt to access a service of a third-party server, full-duplex password-less authentication provides a one-time password to the user displayed at the client device and at a mobile device associated with the user. The user verifies the access by comparing the one-time password displayed at the mobile device and the one-time password displayed at the client device. The one-time password is displayed as a combination of a picture and a set of alphanumeric characters for ease in making the comparison. The user determines whether to accept or deny the authentication sequence after a simple visual comparison.

Abstract: There is provided systems and method for a token management layer for automating authentication during communication channel interactions. A user may contact an organization, such as an online service or payment provider through a first communication channel. During communications with the service provider, the user may provide authentication and/or personal information to step-up the users authentication and identity verification with the service provider. The service provider may provide a token management layer that stores the provided information with a tokenization system and allows the information to be provided for future authentication step-ups when the token is access and/or received. This may be due to additional communications by the user with the service provider, or may occur when the user contacts another service provider that is enrolled with the token management layer. The service provider may also issue other authentication tokens, such as voice authentication.

Abstract: Methods and systems are disclosed for enabling the creation of substitute low-value token creation, comprising providing software content to a content delivery network wherein, when transmitted to a user browser, the software content is configured to enable the user browser to create a substitute low-value token if a token service is unavailable, wherein the content delivery network is configured to provide the software content to at least one user browser, and receiving the substitute low-value token from a merchant system, the substitute low-value token having been generated by the user browser in response to the user browser being unable to obtain a low-value token from the token service.

Abstract: As the world progresses towards a cashless payment society, there has been a rise in the various forms of emerging payment technologies. Such technologies may include digital wallet payment systems. There is a need for a bridging protocol and conversion engine that would connect gaps between these various emerging payment technologies and their respective proprietary ecosystems. There is also a need for a digital holding account that provides a protective layer to fund transfers between cashless ecosystems. The digital holding account may hold and monitor currency processed by the conversion engine. Such currency would not be transferred directly into checking account. The digital holding account may be subject to rigorous validations to scrutinize the source and destination of transferred currency. Validation may include checking distributed ledger transaction records of prior transfers of the received currency.

Abstract: Systems and methods are provided for verifying a user, through an account associated with the user, in connection with a subscription of the user to a service from a service provider. One exemplary system includes a memory having an account for the user, and a platform computing device coupled to and/or including the memory. The computing device is configured to receive a request from the service provider, in connection with the user subscribing to the service, and authenticate the user. When the user is authenticated, the computing device is configured to generate a subscription message for the user comprising assurance data based on the user's account, a timestamp, and an identifier associated with the user, and transmit the subscription message to the service provider, to thereby permit the service provider to rely on the assurance data to verify the user.

Abstract: A telecommunications network server system provides a digital identifier to a user device. The digital identifier may include identification data corresponding to a user of the user device. In addition, the telecommunications network server system receives, from one or more third-party systems, requests to authenticate the user for an electronic transaction with the respective third-party system. The telecommunications network server system provides a unique electronic transaction code to each third-party system. Responsive to receiving from the user device one of the unique electronic transaction codes, the telecommunications network server system provides, to the respective third-party system, authentication of the user.

Abstract: Biometric features are derived from security data associated with a subject. The security data is obtained from a security device. A biometric value is calculated from the biometric features. The biometric value is anonymized to an identifier associated with the subject. The identifier is integrated with event data associated with a security system. In an embodiment, the security device is a Personal Identification Number (PIN) pad integrated into a transaction terminal, the security data is fingerprint data, which is read from a finger of the subject placed on a fingerprint reader integrated into the PIN pad, and the biometric value is a PIN calculated from fingerprint data during a transaction at the transaction terminal. In an embodiment, the security device is a security camera, the security data is a secure video stream, and the biometric features are facial features of the subject in the secure video stream.

Abstract: A method includes receiving, at an access point, an access request from a first device after an expiration of a first passcode. The access request is encrypted based on the first passcode. The method includes making a determination by the access point before an expiration of a usage time of a first passcode usage list that an identifier of the first device is included in the first passcode usage list. The method also includes, in response to making the determination, generating, at the access point, data representing a second passcode by encrypting the second passcode using the first passcode; and sending the data representing the second passcode from the access point to the first device.

Abstract: Methods and systems for verifying a user's identity on a computing device using two-factor authentication are described. More particularly, the system can use a personal identification number input by a user, together with one or more of a secure browsing feature, a device fingerprint, and a token generator to authenticate the user on the computer.

Abstract: Provided is a process of distributing offers to non-location-sensing devices based on a geolocation sensed by another device, the process comprising: obtaining a geolocation of a user from a mobile device of the user; associating the geolocation of the user with an identifier of the user in an offers engine; receiving a request for an offer from another computing device of the user, the request including or prompting obtaining data from the other computing device sufficient to identify the user; retrieving the geolocation of the user obtained from the mobile device by identifying the user with the data from the other computing device sufficient to identify the user account; selecting, with the offers engine, a responsive offer based on the geolocation of the user obtained from the mobile device; and sending the responsive offer to the other computing device of the user.

Abstract: A user may conduct a plurality of access requests with a plurality of resource provider computers. A processor server computer may determine whether resource provider computers store access data associated with the user in various ways, including detecting patterns in sets of a plurality of access requests conducted between the user and each of the plurality of resource provider computers. Upon detecting that access data has changed, the processor server computer may automatically send the updated access data to each of the identified resource provider computer.

Abstract: In one embodiment, a web content management system is coupled to remote resources via a framework that has one or more corresponding adapters which enable editing of content by invoking editors which are native to the respective remote resources. The system retrieves a content item from a remote resource and stores a copy of the content item in a local repository, while the original content item remains in the repository of the remote resource. A content item can be selected in in a local authoring tool, causing the system to examine the content item's metadata to identify the source repository and invoke the native editor of the corresponding remote resource, enabling editing of the content item using the native editor. The copy of the content item in the local repository can then be synchronized to the edited version of the content item in the remote resource.

Abstract: A method of social key recovery for a first communication device supporting blockchain technology with asymmetric cryptographic algorithm is disclosed. The method comprises transmitting a device identity of the first communication to a second communication on the blockchain, performing a verification operation with the second communication device, receiving a message including a verification code of the first communication device and a public key of the second communication device, from the second communication device, wherein the first message is encrypted with a public key of the first communication device, decrypting the message with a private key of the first communication device, to obtain the public key of the second communication device, and transmitting seed phrases encrypted with the public key of the second communication device for restoring a crypto wallet on the blockchain, to the second communication device.

Abstract: This application discloses a method implemented at a server to facilitate secure offline transactions. The server receives, from a client device, an authorization request that includes a user identifier, first financial account information and a secure code. The server authenticates the authorization request, and sends a first transaction approval to the client device. Then, in accordance with the information received in the authorization request, the server facilitates a secure transaction between the client device and a point-of-sale (POS) machine while the client device is offline. Specifically, the server receives, from the POS machine, a transaction request that includes at least the user identifier and the security code. The server retrieves the first financial account information from a memory according to the user identifier and the security code, performs a transaction operation associated with the first financial account information, and sends a second transaction approval to the POS machine.

Abstract: Carrying out a penetration testing campaign in a networked system by a penetration testing system, for determining a way for an attacker to compromise the networked system, comprises determining that the attacker can obtain user credentials of a first user, determining that when using the user credentials the first user has access rights to a first network node of the networked system, determining that a second network node of the networked system is compromisable by the attacker during the penetration testing campaign, determining that the first network node was accessed from the second network node, and based on the foregoing, determining that the first network node is compromisable by the attacker during the penetration testing campaign, and determining the way for the attacker to compromise the networked system which includes a step of compromising the first network node using the user credentials of the first user.

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising a memory configured to store an encryption key and a list of access tokens and at least one processing core configured to select a first access token from the list of access tokens based, at least partly, on at least one of a current time and a sequence number, decide, based at least partly on the first access token, whether to grant a user device access to the apparatus, and cause the apparatus to receive a second list of access tokens from at least one of the user device and a second user device.

Abstract: Methods and systems for managing data transmissions. The methods disclosed herein may involve receiving requests for a first and a second service, and routing communications with the second service through the first service without requiring the firewall to be reconfigured to allow communications with the second service.

Abstract: A method for securing a direct communication connection between a first and a second user equipment, both configured to operate with base stations of a wireless network, in which the first user equipment maintains an authentication code received from a first security center accessible via the wireless network, said first security center being assigned to a first area, the method comprising the steps for the first user equipment of: maintaining a trust level of the authentication code, reducing the trust level relating to the time of last access to one of the base stations of the wireless network, submitting to the second user equipment the authentication code and the trust level, for setting up the direct communication connection, and in case of reception of a confirmation transmission from the second user equipment: setting up the direct communication connection with the second user equipment.

Abstract: There is provided an information processing apparatus and a method of controlling the same. The information processing apparatus performs a device search, displays search results of the device search, and generates tag information to be written into a short range wireless communication tag, using identification information of a device selected by a user based on the displayed search results. Then, the information processing apparatus writes the generated tag information into the short range wireless communication tag with the short range wireless communication.

Abstract: A telecommunications network server system provides a digital identifier to a user device. The digital identifier may include identification data corresponding to a user of the user device. In addition, the telecommunications network server system receives, from one or more third-party systems, requests to authenticate the user for an electronic transaction with the respective third-party system. The telecommunications network server system provides a unique electronic transaction code to each third-party system. Responsive to receiving from the user device one of the unique electronic transaction codes, the telecommunications network server system provides, to the respective third-party system, authentication of the user.

Abstract: A data loss prevention mechanism for a cloud-based security analytics system is provided that utilizes a compact repository that improves the ratio of false positives over traditional methods, maintains a small data size, permits distribution of compact repository files to a large number of analyzing nodes, and provides metadata for matched events. A compressed bitmap of information found in a compact repository is used, thereby improving the utilization of storage space for a repository containing information associated with a significant number of data fingerprints. Compression further allows for a larger entry size in the compact repository, thereby providing a lower false positive rate. A mechanism for distributing updates to compact repositories residing on cloud servers is provided by updating a central server and propagating the updates to remote servers.

Abstract: An attestation component to make attestations about itself to a relying party. The attestation component offers identity attestations of a particular decentralized identity, and manages use of a private key of that decentralized identity. However, the attestation component also has its own private key that is different than the private key of the decentralized identity for which it offers attestations. As an example, the attestation component might, using its own private key, provide an integrity attestation from which an integrity with which the attestation component has managed the private key of the decentralized identity may be determined. Based on this integrity attestation, a relying party can determine whether to trust other attestations provided by the attestation component on behalf of the decentralized identity.

Abstract: Systems, apparatuses and methods may provide for technology to receive first payment details of a first transaction, where the first transaction is an online purchase by a user from a first merchant. The technology identifies a multiple-transaction selection associated with the first transaction. The technology receives second payment details of a second transaction, where the second transaction is an online purchase by the user from a second merchant. The technology performs a single security validation to validate the first payment details and the second payment details.

Abstract: A method for authenticating to a network comprising a plurality of Internet of Things (“IoT”) devices is provided. The method may include using a mobile telephone apparatus, a wrist-worn apparatus and a head-worn apparatus to monitor the level of at least one of a wearer's pulse, body temperature, voice, gait and/or other biorhythmic indicator. One of the aforementioned apparatus may operate as a hub apparatus. The method may further include using the hub apparatus to assign a federated biometric marker based at least in part on the first, second and third biometric markers. The method may also include using artificial intelligence to monitor for one or more outliers with respect to historical monitoring. Each of the one or more outliers may include a magnitude that exceeds a security threshold difference between the current magnitude and the historically monitored magnitude.

Abstract: A control circuit configured to control a display panel under normal display includes a display driver circuit, a touch sensing circuit and a fingerprint sensing circuit. The touch sensing circuit, coupled to the display driver circuit, is configured to detect a predetermined touch gesture on the display panel and determine a position of the display panel on which the predetermined touch gesture is detected. The fingerprint sensing circuit, coupled to the touch sensing circuit, is configured to perform fingerprint sensing on at least one zone corresponding to the position when the predetermined touch gesture is detected, in order to perform a specific function.

Abstract: Methods, systems, and devices for enterprise-wide management of disparate devices, applications, and users are described. A cloud-based central server may maintain an integrated hosted directory, which may allow user authentication, authorization, and management of information technology (IT) resources across device types, operating systems, and software-as-a-service (SaaS) and on-premises applications. IT resources for multiple and separate customers may be managed from a single, central directory, and servers may be brought online to allow access to the directory according to system loading.

Abstract: Embodiments of the present disclosure relate to a data access method and apparatus, an electronic device, and a computer-readable storage medium. The method may include, in response to receiving a first access request sent from a first access device in a set of access devices to a first storage device in a set of storage devices, sending an updated first access request to the first storage device, the first access request including identity information of the first access device. The method may further include, in response to receiving data from the set of storage devices, determining identity information included in the data. The method may further include, in response to the determined identity information being corresponding to the identity information of the first access device, sending the data to the first access device.

Abstract: Disclosed herein are system, method, and device embodiments for time-based trust token (TBTT) depreciation. In an example embodiment, a service provider system (e.g., a service provider and API service) may receive a connection request including a demographic attribute associated with a first client account from a partner device, match the demographic attribute to client information associated with the first client account, send the partner device a connection request identifier and a URL including a depreciating token, and authenticate a second client account via a login page associated with the URL.

Abstract: A device may generate a registration mapping that associates a client identifier of a media client and a messaging identifier of a user device. The device may store the registration mapping in a registration data structure. The device may receive, via a messaging protocol, a message from the user device. The message may include the message identifier and an input for an application session of the media client. The device may determine, based on the registration data structure including the registration mapping and the message, that the user device is associated with the media client. The device may provide, via the messaging protocol, the message to the media client to permit the application session to operate according to the input.

Abstract: Methods and apparatus are disclosed for the maintenance of a virtual credit card pool for airline passenger vouchers. An example system includes server(s) that are configured to determine a target distribution of virtual credit cards within the virtual card pool for a current date-and-time. The server(s) are configured to, in response to determining that the current date-and-time corresponds with a predefined restocking time, for each card value: identify a current number of virtual credit cards within the virtual card pool; identify a threshold number of virtual credit cards based on the target distribution; compare the current and threshold numbers; in response to determining that the current number is less than the threshold number, transmit a request for virtual credit cards having the card value to an external server; and add the requested virtual credit cards to the virtual card pool upon receipt.

Abstract: A system, method, and computer-readable medium are disclosed for generating an adaptive trust profile, comprising: monitoring an electronically-observable action of an entity, the electronically-observable action of the entity corresponding to an event enacted by the entity; converting the electronically-observable action of the entity to electronic information representing the action of the entity; and generating the adaptive trust profile based upon the action of the entity, the adaptive trust profile being privacy enhanced.

Abstract: Embodiments of the present disclosure provide a method, a device and a computer program product for protecting service security. The method of protecting service security comprises receiving, from a client, a deployment request to deploy a service into a cloud environment, and in response to the deployment request, deploying a service instance corresponding to the service in the cloud environment. The method further comprises setting, based on information specific to the service instance, an initial credential for accessing the service instance, and providing information associated with the initial credential to the client so as to enable the client to derive the initial credential.

Abstract: Methods, systems, and devices for enterprise-wide management of disparate devices, applications, and users are described. A cloud-based central server may maintain an integrated hosted directory, which may allow user authentication, authorization, and management of information technology (IT) resources and/or user account information across device types, operating systems, and software-as-a-service (SaaS) and on-premises applications. User account information for multiple and separate customers may be managed from a single, central directory, and servers may be brought online to allow access to the directory according to system loading.

Abstract: An electronic apparatus includes a memory configured to store a preset password, and a processor configured to provide information with respect to a password modification method and to perform an authentication process for an input password using the preset password and the password modification method.

Abstract: A method of score generation from validated secured data includes storing, in a requestor-linked data store, at least an encrypted data record from a requestor, the requestor-linked data store including a local database and a multi-nodal secure datastore, receiving a data access request including a unique key associated with a requestor, locating, in the requestor-linked data store, at least an encrypted data record as a function of the data access request, determining that the requestor is authorized to access the at least an encrypted data record, as a function of the unique key, decrypting the at least an encrypted data record based on the determination that the requestor is authorized to access the data record, calculating a talent and risk calculation score.

Abstract: Techniques for managing secure login with authentication while viewing a unique code are described. In some examples, a requesting device displays a visual representation of data. An authenticating device detects the presence of the visual representation of data. The authenticating device prompts a user to provide authorization information at the authenticating device. The authenticating device receives a set of one or more inputs. The authenticating device transmits information authorizing access to content on the requesting device.

Abstract: A method for facilitating synchronization of a remote file system (RFS) and a local file system (LFS) includes maintaining a global revision identifier associated with the RFS, where the global revision identifier has a variable state, and responsive to the RFS being modified, updating metadata associated with one or more of the file system objects of the RFS based on a state of the global revision identifier. More particularly, the method includes updating the global revision identifier to a new state in response to the RFS modification and then updating the metadata of the folder(s) associated with the RFS modification. The RFS metadata is partitioned by folder and file to facilitate efficient searching based on a requested namespace view. Another method utilizes prior revision identifiers stored in the LFS to limit the RFS metadata returned to the local cloud during a rescan, by excluding the data set that has not changed, which improves the efficiency of the rescan synchronization.

Abstract: Techniques are provided for security code for integration with an application. A first request associated with a request by an application to an application server is received. The application includes security code that performs a set of one or more operations on one or more input parameters. The application is provided one or more parameter values, wherein the security code generates a secret cryptographic key based on the one or more parameter values. A security key is received that includes encrypted client data collected at the client device that is encrypted using the secret cryptographic key. The secret cryptographic key is generated based on the one or more parameter values and knowledge of the set of one or more operations. It is determined that the decrypted client data matches a pattern of data associated with malware. The application server is prevented from processing a second request.

Abstract: Disclosed are a device and method for providing a checking question designed to allow a user to perform the checking study of correct answers or incorrect answers by using the choices of one or more incorrectly answered questions. The device includes: an incorrectly answered question selection unit which selects one or more questions incorrectly answered by a user from among questions provided to the user; a choice extraction unit which extracts correct answers as choices for the respective selected incorrectly answered questions; a checking question generation unit which generates one or more checking questions designed to allow the user to study the incorrectly answered questions by allocating the extracted choices so that the extracted choices become the choices of the checking questions; and a checking study provision unit which provides the study of the incorrectly answered questions by transmitting the generated checking questions to a user terminal.