Abstract: A system is provided for controlling access to data stored in a cloud-based storage service. A first request is received to access data stored at the cloud-based storage service, the data associated with a user account. The first request is authenticated based on a username and password associated with the user account. A second request is received for a file that is stored in an area associated with a heightened authentication protocol. The heightened authentication protocol is performed to authenticate the second request. In response to authenticating the second request, permission is granted to a temporary strong authentication state. The permission is to access the file that is stored in the area associated with the heightened authentication protocol.

Abstract: A biometric inspection device including a housing provided with an acquisition interface, the device including an optical sensor for acquiring at least one image of a portion of the body of a candidate for inspection appearing before the acquisition interface. The optical sensor is configured so that the image also covers an internal zone of the housing situated outside the acquisition interface.

Abstract: Methods and systems for secure authentication in an extended reality (XR) environment are described herein. An XR environment may be output by a computing device and for display on a device configured to be worn by a user. A first plurality of images may be determined via the XR environment. The first plurality of images may be determined based on a user looking at a plurality of objects, real or virtual, in the XR environment. The first plurality of images may be sent to a server, and the server may return a second plurality of images. A public key and private key may be determined based on different portions of each of the second plurality of images. The public key may be sent to the server to register and/or authenticate subsequent communications between the computing device and the server.

Abstract: A scanner may register one or more profile information to a memory, in a case where an operation for selecting specific profile information from among the one or more profile information registered to the memory is performed, send a first authentication request including first authentication information included in the specific profile information to the server, in a case where an authentication by the first authentication information fails in response to sending the first authentication request to the server, display an authentication information input screen, in a case where second authentication information is inputted in the authentication information input screen, send a second authentication request including the second authentication information to the server, and in a case where an authentication by the second authentication information is successful in response to sending the second authentication request to the server, send scan data to the server.

Abstract: The concepts, systems and methods described herein are directed towards a method for secure booting running on a security device. The method is provided to include: receiving a public key from a security device; validating the security device by comparing the received public key with a hash code; in response that the security device is validated, receiving custom codes from the security device and storing the custom codes in a microprocessor, wherein the microprocessor is located in a programmable memory of a primary processor; programming the programmable memory by executing the custom codes; and executing a boot sequence of the primary processor by the programmable memory.

Abstract: A connection service providing method includes outputting, by a first user terminal from among a plurality of user terminals, a connection request signal to at least one second user terminal among the plurality of user terminals through an inaudible frequency range based on a trigger signal for initiating a connection between the plurality of user terminals; and connecting the at least one second user terminal and the first user terminal as a group; and providing a connection service associated with the group on the first user terminal.

Abstract: Systems, methods, and non-transitory computer-readable media can determine a set of mappings between vectors in a first dataset associated with a first party to a set of shared universal identifiers based on a secure multi-party computation. A set of mappings can be determined between vectors in a second dataset associated with a second party to the set of shared universal identifiers based on the secure multi-party computation. Membership information for each vector in the first dataset can be obtained. The membership information indicating whether an individual associated with the vector is assigned to a test group, a control group, or neither. Conversion information for each vector in the second dataset can be obtained. The conversion information indicating whether an individual converted. Conversion counts for the test group and the control group can be determined based at least in part on the membership information and the conversion information.

Abstract: Disclosed embodiments relate to systems and methods for securely and seamlessly provisioning credentials for use by personal computing devices. Techniques include obtaining a session identifier; making available an encoded representation to a personal computing device, the encoded representation encoding the session identifier; wherein the personal computing device is configured to: decode the encoded representation, access an identity credential stored on the personal computing device, encrypt the identity credential using a first cryptographic key, and send, to a mediator resource, the session identifier and the encrypted identity credential; receiving, from the mediator resource, the session identifier and the encrypted identity credential; and storing the encrypted identity credential.

Abstract: An information processing device makes a communication connection with an external device. The information processing device establishes a service connection with the external device upon determining an input of a determination key from the external device in the determination-key-input-reception time.

Abstract: A method for operating an SDN-based mobile communication system is provided. The system provides a control plane function that possesses information from an access network about location and/or proximity of devices and information about rules and/or policies for setting up sessions for the devices. The system includes a mobile network having a control plane and a data plane, with a network controller being implemented therebetween. The method includes: upon a particular device's request for session establishment, receiving, via signaling and at the control plane, device related information; based on the device related information that is received via the signaling, performing, at the control plane, selection of an abstract data plane node or a group of abstract data plane nodes; and providing, at the control plane, the selected abstract data plane node or the selected group of abstract data plane nodes to the network controller.

Abstract: A computer-implemented method for authentication using a hashed fried password may include receiving a password value of a user, a salt key, a pepper key, and/or a temporary and randomly generated fry key, or otherwise modifying/appending the password with the salt key, pepper key, and/or fry key. The method may include hashing the modified password, such as performing a hash operation similar to Hash (Password, Salt Key, Pepper Key, Temporary Fry Key). The randomly generated fry key is not saved or otherwise stored, either locally or remotely. A remote server attempting to authenticate the user's password may check for each possible fry key, such as checking against a set of preapproved fry keys, that the hashed fried password may have been modified with in parallel. As a result, an online customer experience requiring a password is not impacted or impeded, while an attacker's attempts to learn the password are frustrated.

Abstract: Described are various embodiments of a hardware security module, hardwired port interconnection matrix, and embedded communication channel resources operable on selected hardware port-specific data communicated via this matrix.

Abstract: An electronic device according to various embodiments of the present invention includes: a microphone; a communication module; a memory; and at least one processor, wherein the processor can receive and record a voice through the microphone while a function of receiving the voice is activated, generate first authentication data including data for the voice and identification data for the electronic device on the basis of the recorded voice, determine the mode of the electronic device on the basis of the recorded voice, send the first authentication data, receive second authentication data corresponding to the first authentication data, use identification data included in the second authentication data to connect communication with an external electronic device when the data for the voice included in the first authentication data matches data for voice included in the second authentication data, and perform, according to the mode, at least one function related to the communication-connected external electronic

Abstract: A method and system for white box infection detection and isolation. The methods and systems can monitor a plurality of white boxes deployed within a communications network; send a challenge to a first white box of the plurality of white boxes; determine a processing time to answer the challenge by the first white box; in response to receiving the answer to the challenge, determine whether the processing time exceeds an average processing time for the challenge by a predetermined percentage; and in response to the processing time exceeding the average processing time by the predetermined percentage, isolate the first white box from the communications network.

Abstract: Disclosed herein are systems and methods that may generate so-called “honey credentials” that are transmitted to a “phishing” website, and are then stored into a honey credential database. The honey credentials appear to be valid credentials, but whenever a bad actor attempts to access an enterprise using the honey credentials, security appliances the enterprise may update the records of the honey credential database to include one or more unique identifiers for each bad actor device that attempts to access the enterprise network using the honey credentials. A server may automatically query the honey credential database to identify other accounts that have been accessed by devices that used the honey credentials to access the enterprise. The server may then flag the accounts and restrict their functionality.

Abstract: Apparatuses, methods, systems, and program products are disclosed for early data breach detection. An apparatus includes a data module configured to receive user data from a darknet. User data may include user credential information that has been misappropriated. An apparatus includes a match module configured to determine whether user credential information matches a user's credentials for a user's one or more online accounts. An apparatus includes an action module configured to trigger a security action related to a user's one or more online accounts to make the user's one or more online accounts more secure in response to determining that user credential data matches the user's credentials at the user's one or more online accounts.

Abstract: A device may include one or more processors to establish a media access control security (MACsec) key agreement (MKA) session between a first network device and a second network device via a MACsec link; establish a fast heartbeat session via the MACsec communication link, between a first packet processing engine of the first network device and a second packet processing engine of the second network device, to permit the first packet processing engine and the second packet processing engine to exchange fast heartbeat messages via the fast heartbeat session and the MACsec communication link; determine, based on the fast heartbeat session, that the MKA session has ended; and/or perform an action based on the MKA session ending.

Abstract: A method for biometric authentication is disclosed. Reference biometric data established at a first device can be stored at a backend server computer. The server computer can then provide the reference biometric data with a second device when needed for biometric authentication at the second device.

Abstract: Know your customer regulations and security concerns, among other reasons, motivate institutions to ensure that entities with whom the institutions have dealings are who they say they are. A block of the blockchain discussed herein includes entity verifications generated by institutions that participate in the blockchain. An individual verification may include a hash of personal information associated with an entity that was authenticated by an institution. An institution seeking to authenticate (or deny) an entity may receive personal information from the entity, hash that personal information, and search the blockchain for any matching verifications (e.g., by attempting to match the hashed personal information to hash(es) associated with a verification in the blockchain).

Abstract: Some embodiments are directed to a server device (100) and a client device (200) arranged to authenticating a user of client device (200). The user has access to an authentication string. Server device (100) is configured to encrypt a set of character/position data according to a homomorphic encryption algorithm. The client device allows the user to select a subset from the encrypted set from which a verification number is computed using the homomorphic operation.

Abstract: Embodiments of the present invention provide a system for rapid bandwidth access deployment across multiple entities for secure, expedited bandwidth provisioning for entity connectivity. In this way, the invention provides a private, secure 5G connectivity network to generate specific remote points of connectivity for entity to entity connections. The 5G network may allow any user within the entity with authentication to connect from any random point-to-point faster, with much more time to transmit using an existing wave length within the 5G technology. Furthermore, in some embodiments, the system may provide a dedicated bandwidth pipeline that provides trades or communications within milliseconds for the entity users. This may be provided via a geographical location or the like and allow for 5G provisioning and presentment for faster than a traditional fiber based connectivity desired for entity communications.

Abstract: Methods and systems for ensuring security of in-car systems in vehicles, particularly, user data privacy and protection of in-car systems from cyber attacks, hacking etc. is provided. After a two-level authentication process, wherein user identification data, token and passwords are used and matched to authenticate the user, a secure OS container is created for use for the user accessing the IVI system of the vehicle. This container is created on the host root file system such that the environments of the container and the host root file system of the IVI system are sandboxed from each other.

Abstract: Deployment state based configuration generation is disclosed. For example, a first node is in a first deployment state, with a state daemon executing on the first node. A configuration generator may be associated with one or more processors. The state daemon records a first configuration instruction associated with a first modification to the first deployment state, where the first node is in a second deployment state after the first modification. The configuration generator generates a first configuration based on the second deployment state including the first configuration instruction. The first configuration is stored to a configuration repository, where the first configuration is deployed to a second node converting the second node to the second deployment state.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for identity verification are provided. One of the methods includes: generating a security question for verifying a target user; determining an answer for the target user to match the security question; determining a category identification of the answer for the target user; determining users' data corresponding to the category identification of the answer for the target user; searching, in the determined users' data, for one or more pieces of the users' data related to the answer for the target user to serve as one or more distraction answers; and verifying the target user according to the security question, the answer for the target user, and the one or more distraction answers.

Abstract: A system for cognitive prioritization for report generation may include a processor and a memory cooperating therewith. The processor may be configured to accept a request for a new report from a user, the request having a user profile importance associated therewith and generate a predicted completion time for the new report based upon a historical completion time prediction model based upon historical data for prior reports. The processor may be configured to generate a predicted importance of the new report based upon a historical importance prediction model based upon the historical data for prior reports and determine a combined predicted importance based upon the user profile importance and the predicted importance. The processor may also be configured to generate a prioritization of the new report among other reports based upon the predicted completion time and the combined predicted importance and generate the new report based upon the prioritization.

Abstract: Disclosed are techniques for preparing data, received at unpredictable times from multiple data sources providing disparate proprietary data formats and input types, so that the data is readily available to be monetized, used for business analytics, or other purposes.

Abstract: A system and method to identify and prevent cybersecurity attacks on modern, highly-interconnected networks, to identify attacks before data loss occurs, using a combination of human level, device level, system level, and organizational level monitoring.

Abstract: The present application provides an unlocking solution. In this solution, after obtaining a digital key seed, a user mobile device can generate a digital key for multiple times by using the digital key seed and first check data corresponding to a current unlocking operation, and then send the digital key to a smart door lock for verification and unlocking. Because the digital key includes the first check data only corresponding to the current unlocking operation, an attacker cannot use the digital key to perform unlocking again even if the attacker obtains the digital key. In addition, because the digital key seed can be used for multiple times, a smart door lock server does not need to be connected each time to obtain the digital key. Therefore, both security and ease of use are satisfied.

Abstract: The present teaching relates to method, system, medium, and implementation for secure data management associated with a record owner. A request is first received from a service provider for validating one or more data items in order to carry out a transaction between the record owner and the service provider. The record owner performs authentication required and send the request to a trusted party seeking to validate the one or more data items, wherein the trusted party is authorized to access the one or more data items. When a cloaked identifier to be used for validating the one or more data items is received from the trusted party, it is sent to the service provider for the service provider to use for validating the one or more data items.

Abstract: Embodiments disclosed herein are related to making a determination that a wearable device that is configured to host or access a DID management module is in contact with the skin of a DID owner. A determination is then made that the DID owner is authorized to use a DID that is associated with the DID management module. Finally, one or more DID-related functions are performed using the DID that is associated with the DID management module by communicating with a second computing system that is associated with a second DID. The wearable device allows the one or more DID-related functions to be performed in a portable and secure manner.

Abstract: A server is provided for managing access of an electronic entity to a communications network. The server includes a contact point in operable communication with the electronic entity. The contact point is configured to receive a network access granting request message from the electronic entity. The server further includes a processing module, configured to process the received network access granting request message, validate trust indicators contained within the network access granting request message, authorize access of the electronic entity to the network upon validation of the trust indicators, and transmit a response message to the electronic entity indicating a level of access to the network that has been authorized.

Abstract: The disclosed technology includes systems and methods for determining secondary authentication of a user's log-in attempts by comparing received behavioral biometric data and/or received scenario-specific data to saved behavioral biometric data and/or saved scenario-specific data, respectively. Responsive to determining that the received behavioral biometric data and/or received scenario-specific data is above a predetermined threshold of similarity with respect to the saved behavioral biometric data and/or saved scenario-specific data, respectively, the systems and methods can determine that the corresponding log-in attempt is secondarily authenticated. of a user device via behavioral biometric data. Responsive to determining that the level of similarity is not above the predetermined threshold, the systems and methods can initiate a secondary authentication method and can associate the received behavioral biometric data with a second user model.

Abstract: A system for enhanced internet of things digital certificate security is provided. The system includes a computer device. The computer device is programmed to store, in a database, a plurality of statuses associated with a plurality of digital certificates. The computer device is also programmed to receive, from a first computer device, a status update for the first digital certificate. The computer device is further programmed to update the first status based on the status update. Subsequently to updating the first status, the computer device is programmed to receive a request for a connection from the first device. Subsequently to updating the first status, the computer device is also programmed to deny the request for a connection based on the first status.

Abstract: Methods, systems, and computer program products are provided for real-time compromise detection based on behavioral analytics. The detection runs in real-time, during user authentication, for example, with respect to a resource. The probability that the authentication is coming from a compromised account is assessed. The features of the current authentication are compared with the features from past authentications of the user. After comparison, a match score is generated. The match score is indicative of the similarity of the authentication to the user's history of authentication. This score is then discretized into risk levels based on the empirical probability of compromise based on known past compromised user authentications. The risk levels may be used to detect whether user authentication is occurring via compromised credentials.

Abstract: A method and system for peer-to-peer communication across network is described. At an internet key exchange (IKE) daemon, an IKE packet including an application data packet and an IKE header is received. The received IKE packet is de-multiplexed to identify a data destination that receives the application data packet, the data destination identified based on a data destination identifier included in the IKE header. Finally, the application data packet is forwarded to a receiving peer when the data destination is the receiving peer.

Abstract: Systems and methods for providing identity verification services to users by providing a staking mechanism to incentivize participants in an identity verification system to be truthful and accurate and determining validator accuracy and associated setting of fees for using validator attestations to create an efficient, private and secure system.

Abstract: A system for securely storing privacy information is provided. The system includes a plurality of nodes configured to maintain a distributed database containing consumer privacy information having a plurality of entries. Each entry of the plurality of entries in the distributed database is (i) encrypted with a unique encryption key associated with a consumer and the distributed database, and (ii) indexed based on a public encryption key associated with the consumer. A most recent entry associated with the consumer includes current personal information about the consumer. A first entry associated with the consumer includes an encrypted version of the unique encryption key.

Abstract: For updating the password of a credential with a matching username, methods, apparatus, and systems are disclosed. One method includes storing a set of credentials, each credential in the set comprising a username and password. The method includes detecting an update to a first credential of the set of credentials, the first credential comprising a first username and a first stored password. Here, the update to the first credential indicates a new password to be associated with the first username. The method includes identifying a set of candidate credentials, each candidate credential having a username that matches the first username and a password that matches the stored password and updating the set of candidate credentials to comprise the new password.

Abstract: Methods, apparatuses and computer program products for implementing at least one communication barrier in a group-based communication system are described herein. The apparatus is configured to at least receive a first group correlation between a first user identifier and a first group identifier, receive a second group correlation between a second user identifier and a second group identifier, retrieve a communication separation settings set associated with the first group identifier and the second group identifier, and cause rendering a first electronic indication on a group-based communication interface. In some examples, the first user identifier is associated with a first workspace identifier and a first group-based communication channel. In some examples, the first group-based communication channel is associated with the first workspace identifier and a second workspace identifier.

Abstract: The present invention enables the selection of network routes based on a combination of traditional route table entries, identity policy information, and trust level information determined dynamically for each network session. This enables a network operator to apply different policies to network entities presenting differing identity credentials. It also allows network operators to block access to networks and network resources when identity credentials are not provided or are unauthorized.

Abstract: An example computing device includes a memory to store a cryptographic key, a processor coupled to the memory, and a set of instructions stored in the memory. The set of instructions, when executed by the processor, is to capture an encrypted passcode originating from a basic input/output system (BIOS) of a managed device as a challenge to grant local access to the BIOS and authenticate with a server using a user credential. When authentication with the server is successful, the set of instructions is to decrypt the encrypted passcode with the cryptographic key to obtain a decrypted passcode and output the decrypted passcode. When authentication with the server is unsuccessful, the set of instructions is to delete the cryptographic key.

Abstract: Disclosed embodiments relate to systems and methods for automatically detecting and addressing security risks in code segments. Techniques include identifying a request from a network identity for an action involving a target network resource, wherein the action requires a temporary access token. Techniques further include performing, based on a security policy, at least one of: storing the temporary access token separate from the network identity and providing the network identity with a customized replacement token having an attribute different from the temporary access token; or creating a customized replacement role for the network identity, the customized replacement role having associated permissions that are customized for the network identity based on the request.

Abstract: Plurality of users share a common key while permitting change of members sharing the common key and computational complexity required for key exchange is reduced. Ri and ci are computed based on a twisted pseudo-random function in a first key generation step. sid is generated based on a target-collision resistant hash function and (sid, R?, R?) is transmitted to communication devices Ui in a session ID generation step. T1 and T? are computed based on a pseudo-random function in a representative second key generation step. Tj is computed based on the pseudo-random function in a general second key generation step. k? is computed based on the twisted pseudo-random function and T?j is computed with respect to each j in a third key generation step. K11 and k1 are computed in a first session key generation step. A common key K2 is generated based on the pseudo-random function in a second session key generation step.

Abstract: One-time password (“OTP”) generation on a smartwatch is provided. OTP generation may include communication between an application on a smartwatch and an application on a smartphone. The request for an OTP may be received at the smartwatch. A biometric identifier may also be received at the smartwatch. The smartwatch application may communicate with the smartphone application. An OTP may be generated within a third-party library within the smartphone application. The generated OTP may be transmitted from the smartphone application to the smartwatch application. The OTP may be displayed on the smartwatch.

Abstract: A privacy-enhancing system, method, and non-transitory computer-readable medium for securely identifying an individual over time without retaining sensitive biometric data. In one embodiment, the system includes a local identity server including an electronic processor, a communication interface, and a memory. The electronic processor is configured to initiate a personalization of a partner-specific identification vehicle that identifies the individual based at least in part on an individual global unique identifier associated with the individual, receive a request for a service from the individual via the communication interface, receive consent and registration information from the individual via the communication interface, generate an identity confirmation that confirms an identity of the individual, and output the identity confirmation via the communication interface.

Abstract: Managing user sessions in a networked computing environment. A method includes, at an identity provider computer system, providing a first id token to a resource provider for an entity. The first id token has therein a first policy check interval having a value defining a period when the first id token should be revalidated. Due to expiration of the first policy check interval, a first refresh token is received from a resource provider computer system that received the first id token. As a result of receiving the first refresh token from the resource provider computer system, the identity provider computer system evaluates conditional access policy for the entity. If the identity provider computer system determines that the conditional access policy for the entity has been met, the identity provider computer system provides a new id token and a new refresh token to the resource provider computer system.

Abstract: In some embodiments, a first device performs ranging operations to allow a user to perform one or more operations on the first device without providing device-access credentials. For example, when a second device is within a first distance of the first device, the first device determines that the second device is associated with a first user account that is authorized to perform operations on the first device. In response to the determination, the first device enables at least one substitute interaction (e.g., a password-less UI interaction) to allow the operations to be performed on the first device to be accessed without receiving access credentials through a user interface. In response to detecting an occurrence of the substitute interaction, the operation is authorized on the first device.

Abstract: A system and method for rapid check-in and inheriting trust using a user entity device. The system and method described herein allows an identity to be continuously proven because of user entity's behavior and their biometrics. With all the fraud and risk that exists today, if someone has a user entity's driver's license they can do a lot of harm. By tying a user entity's identity to their user entity device (e.g., a mobile smartphone), then when a user entity checks into a location (e.g., airport, hotel, bank), an identity provider continues a process of continuous authentication while the user entity device travels about a location and interacts with the services offered by the location.

Abstract: A multifunction peripheral stores normal user information for executing user authentication in and an auxiliary storage. The multifunction peripheral has a quick login mode for simple authentication. When registering a new user in the quick login mode, the CPU determines whether a login name in the normal user information of an existing user matches a login name of the new user. When the two login names match, the user is allowed to select whether to associate the new user with the existing user. When selected to associate the new user with the existing user, the quick user information of the new user including the first management information and the second management information is generated using at least user ID in the normal user information of the existing user, the first management information is stored in the auxiliary storage, and the second management information is stored in a main storage.

Abstract: Upon an attempt to access a service of a third-party server, full-duplex password-less authentication provides a one-time password to the user displayed at the client device and at a mobile device associated with the user. The user verifies the access by comparing the one-time password displayed at the mobile device and the one-time password displayed at the client device. The one-time password is displayed as a combination of a picture and a set of alphanumeric characters for ease in making the comparison. The user determines whether to accept or deny the authentication sequence after a simple visual comparison.