Abstract: Systems and methods of the present disclosure processors and devices for providing disposable account cards using a contactless reader and contactless communication tag. A processor receives, via an antenna module from the contactless reader, radio signal data of a radio signal emitted by a contactless tag, where the radio signal data includes encoded tag data including a tag identifier. The processor determines that the contactless tag is a new contactless tag based on the tag identifier being unlinked to any account, and generates a disposable account card identifier in a user account including a unique disposable account number. The processor generates an account link that links the tag identifier to the disposable account card identifier such that the tag identifier refers to the unique disposable account number for performing contactless electronic requests to the user account in place of a user account card.

Abstract: A virtual private network connection method and a memory card device using the virtual private network connection method are provided. Firstly, a virtual private network connection application program is provided. Then, the virtual private network connection application program is loaded in a memory card device. Then, the memory card device is installed in a medical device. After the virtual private network connection application program is executed and the memory card device is connected to a virtual private network server according to a connection request, the data from the medical device is transmitted to the virtual private network server through the memory card device. In such way, the data will not be attacked by malware and stolen by a third-party manufacturer during the transmission process.

Abstract: A computer-implemented system with a processor provides a reversible transfer of an atomic token from one side of an imperfect link to the other, such that if the protocol (or process) on either side fails at a critical moment, the atomic token will be found on both sides to be verifiably incomplete, unless the protocol has completed successfully past its ‘irreversible threshold’ on both sides.

Abstract: An intelligent gateway device provided at a premise (home or business) for providing and managing application services associated with use and support of a plurality of digital endpoint devices associated with the premises. The device includes a communications and processing infrastructure integrated with a peer and presence messaging based communications protocol for enabling communications between the device and an external support network and between the device and connected digital endpoint devices. A services framework at the gateway device implements the communications and processing infrastructure for enabling service management, service configuration, and authentication of user of services at the intelligent gateway. The framework provides a storage and execution environment for supporting and executing received service logic modules relating to use, management, and support of the digital endpoint devices.

Abstract: Exemplary embodiments relate to techniques for asserting the authenticity of digital content being communicated among client devices of a communication or computer system by configuring the digital content with one or more sensor responsive elements. The sensor responsive element may be a visual interface that dynamically reacts or responds to sensor data generated by one or more sensors (such as a gyroscope sensor, a microphone, and a camera) of a receiving client device. If the sensor responsive element does not dynamically react or respond to movement data, image data, or sound data generated by the one or more sensors, the digital content may fail user inspection and may indicate to the recipient that the digital content is a fake or a counterfeit.

Abstract: A method for rendering results of an audit includes receiving data corresponding to the results of the audit. The data includes an image to be rendered on a display screen of an electronic computing device. The data includes one or more insights derived from the results of the audit. A user of the electronic computing device is identified. The image is rendered on the display screen. One or more insights derived from the results of the audit are rendered on top of the image on the display screen. A content of the one or more insights derived from the results of the audit that are rendered on top of the image on the display screen is dependent upon the identity of the user of the electronic computing device.

Abstract: A method, system and apparatus for requesting a plurality of credentials from a trusted entity. A local validation device (LVD) receives a credential request or an identifier from each of a plurality of user devices. The LVD generates or compiles a bundle of credential requests corresponding to the plurality of user devices. The LVD transmits the bundle of credentials requests to the MVD. The MVD receives the bundle of request and performs a validation for each request in the bundle and then communicates the credentials and/or the results of the validations to the LVD. The LVD communicates credentials to each of the plurality of user devices. In some cases, the LVD performs the validation for each credential request. For instance, the LVD can receive a local enforcement policy from the MVD, which can provide instructions or guidance to the LVD as to how to perform the validations.

Abstract: A random sequence generation of defined values may be provided. A method comprises pre-loading a RAM block with an initial list comprising the defined values of a sequence of values to be updated, and shuffling the defined values of the sequence using a counter and a random offset for indices in the list.

Abstract: Authentication translation is disclosed. A request to access a resource is received at an authentication translator, as is an authentication input. The authentication input corresponds to at least one stored record. The stored record is associated at least with the resource. In response to the receiving, a previously stored credential associated with the resource is accessed. The credential is provided to the resource.

Abstract: Systems and methods for authenticating a user are provided. A method may comprise providing interactive media on a computing device associated with a user. The interactive media may comprise a plurality of images. The plurality of images may be presented on a graphical display of the computing device. The method may also comprise receiving input data from the computing device when the user selects a sequence of images from the plurality of images on the graphical display of the computing device. The selected sequence of images may correspond to a sequence of grammatical words. The method may further comprise analyzing the input data by comparing the sequence of grammatical words to a passcode, and authenticating the user when the sequence of grammatical words is equal to the passcode.

Abstract: Systems and methods are included for providing feature sets to groups of managed user devices within an enterprise mobility management (EMM) system. A feature set can enable a user device to detect one or more triggering events, and in response, automatically perform a specified action. An administrator can request a feature set using an interface provided by a management server. The management server can enroll the user device, install a management agent on the user device, and automatically build and deliver the requested feature set to the user device. After receiving the feature set, the management agent of the user device can monitor for recurring triggering events without further intervention from the management server.

Abstract: A secure method and/or system allowing a user to import, export, recover and use their private keys based in part on the user's location information, to allow for reliable, consistent, and easy management of user identity and private keys across all of a user's devices and eliminate of traditional username/password authentication schemes.

Abstract: The disclosed computer-implemented method for identifying and mitigating phishing attacks may include (i) receiving a request for sensitive data utilized to access a network service, (ii) launching an autofill provider for providing the sensitive data to the network service, (iii) identifying, utilizing the autofill provider, a domain for the network service and a data type associated with the sensitive data utilized to access the network service, (iv) determining, utilizing the autofill provider, a reputation for the network service based on the domain and the data type, and (v) performing a security action that protects against a phishing attack based on the reputation determined for the network service. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A resource management apparatus is communicable with a communication terminal that displays usage states of a plurality of resources. The resource management apparatus includes circuitry configured to transmit a request for reservation information indicating reservation contents of the plurality of resources to a reservation management apparatus that manages reservations of the plurality of resources, receive the reservation information relating to the plurality of resources transmitted by the reservation management apparatus, and transmit, to the communication terminal, image information of the plurality of resources, location information indicating locations of the plurality of resources, and usage states of the plurality of resources, and the received reservation information relating to the plurality of resources, the image information, the location information, and the usage states being managed by the resource management apparatus.

Abstract: A system for providing a query processing service based on personal-information protection, includes: a client terminal configured to allow a user to input and send query content for solving a problem; a relaying and processing server configured to extract and process personal information contained in the query content received from the client terminal, transmit processed query content the processed personal information to a cloud service server, and transmit an answer to a query received from the cloud service server to the client terminal; and the cloud service server configured to generate the answer to the query by analyzing the processed query content received from the relaying and processing server, and transmit the answer to the query to the relaying and processing server.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; identifying a security related activity of the entity, the security related activity being based upon the observable derived from the electronic data source, the security related activity being of analytic utility; associating the security related activity with a phase of a cyber kill chain; and, performing a security operation on the security related activity via a security system, the security operation disrupting performance of the phase of the cyber kill chain.

Abstract: Systems and methods of the present disclosure enable automated sharing of confidential information according to tiers of security by receiving an electronic information request from an automated form production application of a computing device associated with a third-party entity. A request security tier associated with the electronic information request is determined according to a security tier of the user-related secure data. At least one authentication requirement associated with the request is determined according to authentication settings of the security tier. An authentication request is generated enabling the user to provide an authentication response to approve the computing device for access to the user-related secure data.

Abstract: A system and method comprising a server that automatically configures and sets up a restaurant's or business' information technology (IT) infrastructure, more specifically relating to point-of-sale devices (POS) and other networked devices such as scanners, tracking displays, and any other device that any business may use. Communication between the networked devices and the server is facilitated by a preconfigured router, wherein after initial communication with the server, the server may configure devices for a network connection, update firmware, operating parameters, and software packages of the preconfigured router and other networked devices.

Abstract: Techniques are described for enabling software applications to obtain temporary security credentials used to interact with a cloud provider network and, upon the revocation of an active set of temporary security credentials used by an application (e.g., due to concerns about the temporary credential's potential exposure to one or more unauthorized third parties), to readily obtain new temporary security credentials that the application can use to continue operation with minimal interruption. The temporary security credentials can be used, for example, to enable the cloud provider network to authenticate requests sent by software applications or users to various services or other components of the cloud provider network. An operator of a cloud provider network may provide a software development kit (SDK) that application developers can use to incorporate functionality related to the management of temporary security credentials.

Abstract: Methods and apparatus are disclosed for the maintenance of a virtual credit card pool for airline passenger vouchers. An example system includes server(s) that are configured to determine a target distribution of virtual credit cards within the virtual card pool for a current date-and-time. The server(s) are configured to, in response to determining that the current date-and-time corresponds with a predefined restocking time, for each card value: identify a current number of virtual credit cards within the virtual card pool; identify a threshold number of virtual credit cards based on the target distribution; compare the current and threshold numbers; in response to determining that the current number is less than the threshold number, transmit a request for virtual credit cards having the card value to an external server; and add the requested virtual credit cards to the virtual card pool upon receipt.

Abstract: A system and method of providing two-way communication between an isolated POS system and a website are described. The POS system operates as an air gap system. In response to detecting a trigger event the two-way communication is initiated for installation, diagnostic and repair services. POS information for transmission to the website through the internet is generated using a QR code that includes the website address and a data payload that depends on the desired service. The QR code is read by a smart phone and transmitted to the website. The website responds by sending response data dependent on the QR code and desired service. The response data is communicated to the POS system via another QR code for further operations by the POS system based thereon.

Abstract: Systems and methods are described for communications between computing devices via an ephemeral data stream routing service, which allows the devices to establish a single-use connection for streaming arbitrary amounts of data. A computing device may request an ephemeral data stream from the ephemeral data stream routing service, which may respond by creating an endpoint and providing a single-use URL that locates the endpoint. The sending and receiving computing devices may then use the single-use URL to connect to the endpoint, which may be implemented on a single routing device or a pair of routing devices within the ephemeral data stream routing service. The service then relays a data stream from the sender to the receiver, and may forward the data stream from one routing device to another within the service as needed. The ephemeral data stream routing service then removes the endpoint and invalidates the single-use URL.

Abstract: Responsive to a user instruction or a security breach occurring in an enterprise computing environment, an emergency shutdown and restore module is adapted to obtain and evaluate an identity population definition to determine a population of identities (e.g., a forensic team) associated with accounts distributed across applications in the enterprise computing environment. The emergency shutdown and restore module is further adapted to determine source systems of such accounts and communicate with those source systems via source-specific connectors. The emergency shutdown and restore module can respectively request the source systems to shut down access to the applications by the accounts associated with the population of identities, or to exclude the accounts associated with the population of identities in shutting down access to the applications.

Abstract: Techniques are disclosed for generating a token identity that is assigned to a device identity module of a customer device. The token identity may be used to incorporate various types of customer identifier data to verify a customer identity during an electronic transaction. For instance, a customer may initially provide customer information on a customer device, which may be used to obtain a digital identification associated with the customer. The customer may subsequently provide an input including a customer identifier on the customer device, which may be verified against the customer information included in the digital identification.

Abstract: Cloud storage systems and methods provide event-based user state synchronization among the various cloud elements. A global user directory is maintained on a remote cloud storage system. The global user directory includes a plurality of global user definitions associated with a plurality of user accounts, where each of the user accounts has access to one of a remote file system (RFS) hosted by the remote cloud storage system and a local file system (LFS) hosted by a local cloud storage system. As global user definition are altered on the remote cloud storage system, user events are generated and communicated to the local cloud storage system, where they are applied to synchronize the local user definitions with the global user definitions. The invention facilitates centralized control of user definitions, near real-time event delivery to local cloud storage systems, and separation of authentication processes from customers' active directory services.

Abstract: An automation system includes at least one automation unit, multiple automation servers and a central management unit interconnected via a communication network, wherein the automation servers communicate with the automation unit using a pre validated certificate of the automation unit, where in order to validate the certificate, the automation servers check a chain of trust of the respective certificate and, by accessing a black list, the validity thereof, where communication of the respective chain of trust only occurs when corresponding chains of trust are revoked from all other automation servers beforehand, corresponding certificates are entered into the black list or the certificate is otherwise invalid.

Abstract: A method and technical module in a technical installation, which includes at least one technical function and which is configured for integration into a higher-level control level of the technical installation, wherein functional rights relating to the at least one technical function are stored in the technical module.

Abstract: Systems, computer program products, and methods are described herein for implementing a cognitive robotic process automation (RPA) architecture. The present invention is configured to electronically receive a video file from a repository, wherein the video file demonstrating one or more actions to be executed in a sequential manner on an application programming interface associated with an application; initiate a neural processing graph generator on the video file; generate, using the neural processing graph generator, a conjugate task graph comprising one or more nodes and one or more edges; initiate a neural task engine on the conjugate task graph; and execute, using the neural task engine, the conjugate task graph.

Abstract: A system for authenticating an encrypted device identity is provided. The system comprises a memory device with computer-readable program code stored thereon; a communication device connected to a network; and a processing device, wherein the processing device is configured to execute the computer-readable program code to: receive an encrypted device identification of a user device, the encrypted device identification comprising a stream of generated data; identify a unique stream pattern of the encrypted device identification, wherein the unique stream pattern is a distinguishable characteristic in the stream generated data; store the unique stream pattern; receive an interaction request comprising a provided device identification; analyze the provided device identification to determine if the provided device identification has the unique stream pattern; and based on determining that the provided device identification has the unique stream pattern, authenticate the interaction request.

Abstract: Data shipper agent management and configuration systems and methods are disclosed herein. In some embodiments, an example method includes enrolling data shipper agents which are installed on edge nodes, receiving selections of one or more tags for the data shipper agents, each of the one or more tags representing one or more services assigned to the data shipper agents, configurations of the services being modifiable through the one or more GUIs using a configuration application programming interface (API), providing the one or more GUIs, receiving configurations for at least one of the modules of one of the data shipper agents through one of the one or more GUIs, and automatically reconfiguring the configurations to other ones of the data shipper agents automatically.

Abstract: Systems, methods, and non-transitory computer-readable media can be configured to generate a first key for a first entity. A second key for a second entity can be generated wherein the first entity can authenticate the second entity based on an authentication token generated based on the second key. In some instances, the first entity can be a server and the second entity can be a client.

Abstract: A method may include registering, with an offline job to be executed by a computer processor, an application programming interface (API) and an operation, obtaining, from a repository, a user consent of a user for the operation, and in response to obtaining the user consent, creating, for the user, an access token including the operation and the API. The user consent may be stored external to the access token. The method may further include transmitting the access token to the offline job, and calling, by the offline job, the API using the access token.

Abstract: The present disclosure relates to systems, devices and methods for device security and trust score determinations. In one embodiment, a method includes requesting, by a first device, trust score data for a second device, wherein the first device requests trust score data from a trust score management server, and receiving, by the first device, trust score data from the trust score management server. The method also includes generating a first trust score for the second device and transmitting the first trust score for the second device with a trust score management server. The method also includes configuring, by the first device, at least one control parameter for operation of the first device with the second device based on the first trust score, wherein configuring adjusts a previous control parameter to restrict operation of the first device relative to the second device. Device and systems are provided to enhance network security.

Abstract: Systems, methods, and computer media for securing software applications are provided herein. Through the use of an identifier such as a digital fingerprint, application sessions or session requests that use the same credentials can be distinguished, and malicious users can be detected and managed. A request to establish a session with an application can be received. Based on a digital fingerprint associated with the request, it can be determined that although a credential included in the request is valid, the request is unauthorized by comparing the digital fingerprint to known malicious fingerprints. When the fingerprint is found to be malicious, a cloned application session having at least partially fake data can be established instead of the requested application, thus limiting an attacker's access to real application data without revealing to the attacker that the attack has been detected.

Abstract: There is provided a method for identifying malicious activity that changes the integrity of data sent out from a vehicle, comprising: intercepting, by an output data monitoring agent that monitors data sent out from the vehicle to an external receiving computing unit using a communication interface in communication with a network; intercepting, by at least one sensor data monitoring agent that monitors sensor data outputted by at least one sensor associated with the vehicle; monitoring the integrity of the data sent out by the vehicle by analyzing the data collected by the output data monitoring agent with the sensor data collected by the at least one sensor data monitoring agent to identify a mismatch; and identifying an indication of malicious activity that changed the data sent out from the vehicle relative to the data sensed by the at least one sensor.

Abstract: A method for sending sensitive information includes: receiving, by a service provider, a request for sensitive information from a user; upon receipt of the request, sending, by a security provider, a security code to the user; receiving, by the service provider, a code from the user; verifying, by the service provider, the user when the received code matches the security code; sending, by the service provider, the sensitive information to the security provider after the user is verified; and providing, by the security provider, a sensitive data link to the user. The sensitive data link includes the sensitive information and may expire after the sensitive data link is viewed once.

Abstract: A method, system and computer-usable medium are disclosed for identifying security risks to a computer system based on a distribution of categorical features of events. Certain embodiments are directed to a computer-implemented method comprising: receiving a stream of events, the stream of events including a plurality of events; extracting a categorical feature from the plurality of events, where the categorical feature includes a set of categorical feature members, where the set of categorical feature members are generated on the fly from string values included in the extracted categorical feature; constructing a distribution for the categorical feature based on categorical feature members extracted from the plurality of events; and, analyzing the distribution of the categorical feature to identify one or more security risk factors.

Abstract: An apparatus and method for providing an immutable audit trail for machine learning applications is described herein. The audit trail is preserved by recording the machine learning models and data in a data structure in immutable storage such as a WORM device, a cloud storage facility, or in a blockchain. The immutable audit trail is important for providing bank auditors with the reasons for lending or account opening reasons, for example. A graphical user interface is described to allow the archive of machine learning models to be viewed.

Abstract: A method is provided. The method includes receiving information about user data and user behavior relating to a user, where the information is derived at least in part from a human resources database. The method includes applying analytics to the received information. The method includes, as a result of applying analytics to the received information, generating a threat score for the user.

Abstract: Methods, systems, and devices for secure endpoint authentication credential control are described. An endpoint agent may receive an indication from an operating system of an endpoint device that the operating has received authentication credentials from a user. The endpoint agent may be housed in the endpoint device, and may detect a change between the received set of authentication credentials and a previous version of authentication credentials. Based on this detection, the endpoint agent may transmit the received authentication credentials to a central server. The central server may transmit the authentication credentials to an information technology (IT) resource which requires user authentication prior to granting access to a user.

Abstract: A system is provided for controlling access to data stored in a cloud-based storage service. A first request is received to access data stored at the cloud-based storage service, the data associated with a user account. The first request is authenticated based on a username and password associated with the user account. A second request is received for a file that is stored in an area associated with a heightened authentication protocol. The heightened authentication protocol is performed to authenticate the second request. In response to authenticating the second request, permission is granted to a temporary strong authentication state. The permission is to access the file that is stored in the area associated with the heightened authentication protocol.

Abstract: A method for setting up a communication channel for exchanging data between a server device and a client device is provided. The method includes: transmitting authentication information from an issuer device to the client device; transmitting the authentication information from the client device to the server device in a cryptographic security protocol, in particular in a TLS handshake protocol; authenticating the client device by means of the server device depending on the received authentication information; and setting up the communication channel between the server device and the authenticated client device by means of the cryptographic security protocol. The authentication of the client device can be carried out in the context of setting up the communication channel. In this case, the communication channel is established by means of the cryptographic security protocol.

Abstract: The present technology pertains to a system that authenticates the identity of a user trying to access a service. The system comprises an authentication provider configured to communicate authentication requirements to a continuous multifactor authentication device and the continuous multifactor authentication device configured to receive authentication requirements, to fuse multiple identification factors into an identification credential for a user according to the authentication requirements, and to send the authentication credential to the authentication provider. After receiving the identification credential meeting the authentication requirements, the authentication provider is configured to instruct a service provider to initiate a session.

Abstract: Methods, network nodes, computer programs, carrier and user equipment, wherein a proof-of-presence in communications between private land mobile networks (PLMNs) is presented. In an example method performed by a network node in a home public land mobile network (HPLMN) of a user equipment (UE), the network node obtains, from a visited public land mobile network (VPLMN), a proof-of-presence indicator that represents the UE as being present in the VPLMN. The network node verifies whether or not the UE is present in the VPLMN by determining whether or not the proof-of-presence indicator was generated by the UE using a secret shared between the UE and at least the HPLMN. Upon verification of the presence of the UE in the VPLMN, sensitive information can be communicated by the HPLMN to the VPLMN.

Abstract: A computer-implemented system and related method address malfunctioning peers in a blockchain, the method comprising receiving endorsement results from peers in the blockchain, where the endorsement results are for one or more transactions in the blockchain. The endorsement results include successful and failed endorsements. The method further comprises distributing the successful and failed endorsements to two or more endorsement collectors, determining which peers are successful endorsement peers (SEPs) that provided successful endorsements, and which peers are failed endorsement peers (FEPs) that provided failed endorsements. A reputation score is calculated for each peer based on endorsement information from the endorsement collectors. The reputation score is then sent to at least one of a client and a system administrator. This reputation score is then used to determine peer selection in a subsequent transaction.

Abstract: The present application is directed a computer-implemented methods and systems implementing control policies created or modified by Software Defined Network applications. The control policies can be provided to SDN controllers for implementation.

Abstract: A system and method for biobehavioral identification may include a user device, a secure system/client device, and a server. The elements of the system work together to monitor the biologic features (e.g., fingerprints, pupils, or the like) and behavior (e.g., wake time, exercise time, location) to verify the authenticity of a user requesting access to a database and/or secure facility.

Abstract: A system and method for providing stringent tamper resistant protection against changes to key system security features. The tamper protection is configured such that any changes to the policy can only occur from a configuration manager console, thereby preventing local device admin users or other malicious actors from altering the setting. Thus, tamper protection locks the selected service and prevents security settings from being changed through third-party apps and methods. When a system administrator enables the feature for an enterprise's workstations, only administrators will be able to change the service settings across a company's computers. The tamper protection policy is digitally signed in the backend before being deployed to endpoints, and the endpoint verifies the validity and intent of the policy, establishing that it is a signed package that only security operations personnel with the necessary administrator rights can control.

Abstract: Disclosed herein are methods, devices, and apparatuses, including computer programs stored on computer-readable media, for generating and verifying password. One of the methods includes: receiving a password setup request, the password setup request including a list identifying at least one verifier and data representing a user-provided password; forming a basis password based on the user-provided password; generating a plurality of system-generated passwords based on the basis password; encrypting the plurality of system-generated passwords to generate a plurality of encrypted passwords including a first encrypted password; submitting the plurality of encrypted passwords to a blockchain system for recordation; and providing a first address of the first encrypted password on the blockchain system to a first verifier identified in the list.

Abstract: The present disclosure relates to two-factor authentication with a Hardware Security Module (HSM). In response to a login attempt, the HSM indicates that two-factor authentication is required. To generate the second authentication factor, a management console is accessed using credentials. The management console generates the second authentication factor and provides the second authentication factor to the client. The client then provides the second authentication factor to the HSM to complete the two-factor authentication operations.