Abstract: Provided are a method and device for residing a short message verification code. This method includes: conducting keyword matching on a short message content using a regular expression; when the short message content contains a keyword, matching a verification code for the short message content using the regular expression, to acquire a matched verification code; and displaying the verification code on a current interface and displaying a pre-set time. This method can automatically extract a verification code in a short message and display a pre-set time on a current interface. Within this pre-set time, a user can fill in a verification code on a verification code interface according to the displayed verification code without the need for the user to remember the verification code and to frequently switch between a short message application and a current application as well.

Abstract: Access level and security group information can be updated for a data instance without having to take down or recycle the instance. A data instance created in a data environment will have at least one default security group. Permissions can be applied to the default security group to limit access via the data environment. A control security group can be created in a control environment and associated with the default security group. Permissions can be applied and updated with respect to the control security group without modifying the default security group, such that the data instance does not need to be recycled or otherwise made unavailable. Requests to perform actions with respect to the control security groups are made via the control environment, while allowing native access to the data via the data environment.

Abstract: A method for creating a secure communication session between a user and an application server is provided. The method includes: providing a database associating a plurality of authorized user identifiers with a plurality of security credentials approved by the application server; assigning an IP address to the user; providing the serving gateway with the IP address and the user identifier of the user connected to the core network; checking whether the user identifier of the connected user to the core network is present in the database among the authorized user identifiers; forming a secure connection between the application server and the serving gateway using the security credential associated to the authorized user identifier of the user connected to the core network; and forwarding all packets from the application network addressed to the user via the secure connection to the user and vice versa.

Abstract: Methods and systems for creating a verifiable digital identity are provided. The method includes obtaining a first user-generated item comprising an identifiable feature. The method also includes digitally signing the first user-generated item to generate a secure digital artifact. The method also includes uploading the secure digital artifact and the first user-generated item to an auditable chain of a public ledger. The method also includes verifying a digital identity of the user by auditing the auditable chain. The method also includes obtaining a second user-generated item generated comprising the identifiable feature. The method also includes comparing the first and second user-generated items. The method also includes uploading the second user-generated item to the public ledger when the comparing is within a threshold.

Abstract: According to the present invention, a method for delegating a login via PKI-based authentication for a login request of a user by using a smart contract and a blockchain database is provided.

Abstract: An authorization code response is transmitted to a client, and the client uses a parameter included in the authorization code response and a parameter included in the authorization code response transmitted by a transmitting unit to verify that the authorization code response corresponds to an authorization code request.

Abstract: A method is used in managing passwords. A proposed new password is received. The proposed new password is associated with contextual information indicating a context in which the proposed password is to be used. A machine learning model is dynamically selected from a set of machine learning models based on the contextual information. A quality metric is derived from the proposed new password based on the selected machine learning model.

Abstract: A method for conducting monetary and financial transactions in an economy by treating amounts as collections of distinct individual, minimal, and indivisible units of account, each of which has a persistent identity and history throughout its lifecycle. A method is disclosed for conducting monetary transactions on the basis of appending the record of relationship between each individual unit of account and its respective owners throughout the lifecycle of the unit. Further, a method is disclosed for identifying the units in binary computer notation and assigning specific informational content to each unit by designating various sub-sections within the binary identifier of each unit to hold specific information and values relevant to the unit.

Abstract: A method for generating digital certificates for anonymous users in blockchain transactions includes: storing a blockchain comprised of a plurality of blocks, each block including a block header and transaction values, where each transaction value includes data related to a blockchain transaction including a sending address, recipient address, and transaction amount; receiving a certificate request from a computing device, the request including a user public key of a cryptographic key pair; identifying a subset of transaction values in the blockchain where the sending address or recipient address was generated using the user public key; determining a confidence level based on the data included in each transaction value included in the subset; generating a digital certificate based on the determined confidence level; and transmitting the generated digital certificate to the computing device.

Abstract: Techniques for resource allocation are described. Some embodiments provide a computing system and method for resource allocation in a virtualized computing environment comprising at least one physical computing system hosting multiple virtual machines, that performs at least some of the described techniques. In one embodiment, a user connection server is configured to receive a request for allocation of a virtual machine, for a user. The user connection server determines an attribute value of the user. Based on the attribute value of the user, allocation of physical computing resources for the virtual machine is determined. A management server is configured to boot the virtual machine for access by the user, the virtual machine booted with the determined allocation of physical computing resources for the virtual machine.

Abstract: Security is provided for enterprise local area networks (LANs) by pre-vetting and identifying the security characteristic and actions of any new wireless networks that tries to connect to a secure LAN network. The disclosure herein provides for identification and classification of IEEE 802.11 wireless networks by using monitoring sensor system within and managed by a centralized cloud. The monitoring sensors interrogate the network mimicking the behavior of known platforms, such as an end-user's workstation or mobile device followed by random actions simulating a human person. The response characteristics of the wireless network including the behavior patterns relating to the LAN system and human behavior are collected.

Abstract: There is provided a method for identifying malicious activity that changes the integrity of data sent out from a vehicle, comprising: intercepting, by an output data monitoring agent that monitors data sent out from the vehicle to an external receiving computing unit using a communication interface in communication with a network; intercepting, by at least one sensor data monitoring agent that monitors sensor data outputted by at least one sensor associated with the vehicle; monitoring the integrity of the data sent out by the vehicle by analyzing the data collected by the output data monitoring agent with the sensor data collected by the at least one sensor data monitoring agent to identify a mismatch; and identifying an indication of malicious activity that changed the data sent out from the vehicle relative to the data sensed by the at least one sensor.

Abstract: A computing system includes: a storage unit configured to store protected personal information of a life profile; and a control unit, coupled to the storage unit, configured to: determine an event indicator for the protected personal information; monitor an event source associated with the protected personal information for the event indicator; determine the occurrence of a life event based on detecting the event indicator from the event source; and generate a life guidance to address the life event for displaying on a device.

Abstract: An example device includes a processor coupled to a network and a memory coupled to the processor. The memory includes computer code for causing the processor to establish a secure connection between a manageability application and an interconnect device, the interconnect device being in communication with a newly connected networked device; and securely communicate, from the manageability application to the interconnect device, temporary login information for the networked device.

Abstract: A test system for Internet-of-Things (IoT) end-to-end (e2e) testing is provided. The test system comprises a network simulator and a device under test. The device under test is adapted to initiate a communication with the network simulator and to send a Domain Name System (DNS) query and/or a Message Queue Telemetry Transport (MQTT) request to the network simulator. The network simulator is adapted to determine a platform according to which the device under test intends to communicate based on the Domain Name System query and/or the Message Queue Telemetry Transport request.

Abstract: This document discloses a heuristic data analytics method and system for analysing potential information security threats in information security events. In particular, the heuristic data analytics method and system analyses Binary Large Objects (BLOBs) of structured and unstructured information security events at high speed and in real-time to anticipate potential security breaches that will occur in the near future using algorithms and large scale computing systems.

Abstract: Static and dynamic embodiments are presented for generating chaff passwords for use in a password-hardening system. Chaff passwords are generated by modifying portions of base passwords based on a distribution with which particular strings of digits and symbols appear in user passwords. Location oblivious chaff passwords are generated from a chaff set of passwords obtained from a chaff generation method by applying a random permutation over the elements of the obtained chaff set of passwords.

Abstract: The present invention proposes a method for transmitting a broadcasting signal. The method for transmitting a broadcasting signal according to the present invention proposes a system capable of supporting a next generation broadcasting service in an environment which supports next generation hybrid broadcasting using a terrestrial broadcasting network and an Internet network. In addition, the present invention proposes an efficient signaling method which can cover both the terrestrial broadcasting network and the Internet network in the environment which supports the next generation hybrid broadcasting.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving, from a computer system, a request comprising a phone number, identifying a primary channel and one or more secondary channels based on, at least in part, respective performance data of the primary and secondary channels, sending a first message comprising a first text string via the primary channel to a destination device associated with the phone number, after sending the first message, determining that a conversion event for the message and the primary channel did not occur within a specified time period, and based on the determining, sending a second message comprising the first text string via a particular secondary channel to the destination device.

Abstract: A method for execution by a storage unit of a dispersed storage network includes receiving an access request from a requestor. An access anomaly of the access request is detected, and the access request is queued for processing in response. An anomaly detection indicator is issued to a plurality of other storage units. A secondary authentication process is initiated with the requestor, and a secondary authentication response from the requestor. The access request is processed when the secondary authentication response is favorable.

Abstract: A system is configured to receive a notification that variable information, associated with a variable, is stored in a logical workspace; obtain, in response to the notification, the logical workspace; and generate meta information associated with the variable, where the meta information includes information associated with a temporal attribute of the variable, information associated with an application that generated the variable information, information associated with a contextual attribute of the variable, or information associated with a spatial attribute of the variable. The system is also configured to associate, the meta information with the variable information, where associating the meta information with the variable information permits an operation to be performed on the meta information or on the variable information based on the meta information.

Abstract: In various implementations, a security management and control system for monitoring and management of security for cloud services can include automated techniques for identifying the privileged users of a given cloud service. In various examples, the security management and control system can obtain activity logs from the cloud service, where the activity logs record actions performed by users of an organization in using the cloud service. In various examples, the security management and control system can identify actions in the activity logs that are privileged with respect to the cloud service. In these and other examples, the security management and control system can use the actions in the activity log to identify privileged users. Once the privileged users are identified, the security management and control system can monitor the privileged users with a higher degree of scrutiny.

Abstract: This invention provides an authentication center system which enables a user to manage the specific account information of the user's accounts at different service parties centrally in one authentication center.

Abstract: Certain embodiments provide means for managing automated access to computers, e.g., using SSH user keys and other kinds of trust relationships. Certain embodiments also provide for managing certificates, Kerberos credentials, and cryptographic keys. Certain embodiments provide for remediating legacy SSH key problems and for automating configuration of SSH keys, as well as for continuous monitoring.

Abstract: Embodiments for applying host access control rules for application containers by one or more processors. A first set of user identifiers and permissions is extracted from a temporary container and a second set of user identifiers and permissions is extracted from a host on which a working container will reside. The first set and the second set of user identifiers and permissions are combined into an aggregate set of user identifiers and permissions and injected into the working container.

Abstract: A method for operating a communication device is disclosed. One embodiment includes the steps of: generating an intermediary key corresponding to peer to peer (P2P) communication between a client and a counterpart client; transmitting the intermediary key to the counterpart client; obtaining an intermediary path corresponding to the intermediary key; receiving the data through the intermediary path from the client that did not receive an acknowledgement for data transmitted to the counterpart client because of a change of a network address of the counterpart client; and transmitting the data to the counterpart client if the counterpart client accesses the changed network address by using the intermediary key.

Abstract: Provided is an authentication service system and authentication service method. According to embodiments of the present disclosure, when a plurality of authentication processes are performed using different authentication factors, an access token is issued based on an authentication factor used in a previous authentication process; and a subsequent authentication process is performed according to validity of the access token issued in the previous authentication process.

Abstract: A management system includes: an information terminal that reads an information code attached to a management target, the information code storing code identification information that specifies the management target; and a server communicable with the information terminal. The information terminal includes: a reading portion that optically reads display information including the information code; a position information acquisition portion that acquires position information of the information terminal; a terminal-side transmission portion that transmits the position information as reading position information to the server; and a notification portion that notifies predetermined information.

Abstract: The present invention utilizes an application which is loaded onto the mobile devices of attendees who will be attending festivals, concerts, etc, where the large crowds attending the event will create wireless and mobile network congestion. The application will be preloaded with a plurality of presentations which the presenter will utilize during the event to enhance the experience for the attendee. Each presentation will have a triggering mechanism encoded in the app which will initiate the presentation to begin and will synchronize the presentation on the phone with event. In addition to displaying preloaded presentations to the attendees at crowded events, the application can also track the activities of the attendees at the event to see what portions of the events they attended and when, and display real time text messages on the screen of the phone.

Abstract: Techniques are disclosed relating to a computer system including a first mobile device that stores information that is inaccessible without a value stored on a second mobile device. In some embodiments, the first mobile device stores a plurality of one-time password generation routines executable to generate one-time passwords usable to authenticate user access to an electronic resource, and the second mobile device stores a plurality of supplemental authentication values that correspond to the one-time password generation routines. A particular one-time password generated by the first mobile device using a particular one-time password generation routine is inaccessible without the corresponding particular supplemental authentication value stored on the second mobile device.

Abstract: An online system determines a client device associated with a user that is to receive a new notification. The client device presents the notification and receives an input to forward the notification to a different client device and/or a different application. The client device sends a request to the online system to forward the notification. The online system determines a list of available client devices and/or available applications that are able to receive a forwarded version of the notification and provides the list to the client device for selection. Upon receiving a selection, the client device sends the selection to the online system which generates the forward notification that is appropriate for the selected client device and/or selected application. Thus, the online system avoids over-notifying a user, while also enabling the user to consume the content of the notification according to his/her preferences.

Abstract: Disclosed embodiments relate to systems and methods for dynamically providing coupling between auxiliary computing devices and secure endpoint computing resources. Techniques include identifying a request for an identity to access an endpoint computing resource; obtaining a unique session identifier in response to the request; transmitting the unique session identifier via short-range communications from the endpoint computing resource to an auxiliary computing device associated with the identity; obtaining, in response to the auxiliary computing device transmitting the unique session identifier and the identification data, authentication data sufficient to comply with the authentication requirement of the endpoint computing resource; and dynamically coupling the identity to the endpoint computing resource based on the authentication data and consistent with the authentication requirement.

Abstract: A document management computer system can validate a user with validation codes sent through a plurality of communication modes. The validated user may be provided with access to a stored electronic document.

Abstract: A system and method for improving the security and reliability of industrial control system (ICS) and supervisory control and data acquisition (SCADA) communication networks utilized within power systems is provided. For power system intelligent electronic devices (IEDs) that comprise these networks, a number of settings are created and stored inside the device settings files that define the IED's communication parameters. Inspection of a settings and configuration file (SCF) allows the identification and extraction of the device's configured and therefore permissible communication characteristics. Using this extracted information, rulesets are generated and subsequently pushed to one or more network security devices, e.g. firewalls, managed switches, and intrusion detection/prevention systems. In such a manner, the described innovation is able to derive a perspective of the allowable system communication and issue rulesets and settings to network security devices (NSDs).

Abstract: A system and method are disclosed in which a new or updated password is tested on other websites before being accepted as a password for a website of a bank. The tested websites may include those of competitor banks or other financial institutions, popular websites, and/or websites frequently used by the customer. If a login at one of the other websites using the new or updated password is successful, the password is not accepted at the bank and the user is asked to create a different password. The new or updated password is discarded after the test of other websites are made and is not saved by the bank.

Abstract: Techniques are disclosed for providing users of an access management system the capability to manage the user's active sessions. The system may receive a first request by a user at a first device to modify one or more sessions established for the user. The system may access session information about the one or more sessions that are associated with the user, wherein a session of the one or more sessions provides the user with access to one or more resources. The system may send the session information to the first device, the session information causing the first device to display a graphical interface including the session information about the one or more sessions. The system may receive, from the first device, a second request indicating a modification to the session. The system may modify the session in accordance with the modification indicated in the second request.

Abstract: A network surveillance method to detect attackers, including planting one or more honeytokens in one or more resources in a network of computers in which users access the resources in the network based on credentials, wherein a honeytoken is an object in memory or storage of a first resource that may be used by an attacker to access a second resource using decoy credentials, including planting a first honeytoken in a first resource, R1, used to access a second resource, R2, using first decoy credentials, and planting a second honeytoken in R1, used to access a third resource, R3, using second decoy credentials, and alerting that an attacker is intruding the network only in response to both (i) an attempt to access R2 using the first decoy credentials, and (ii) a subsequent attempt to access R3 using the second decoy credentials.

Abstract: The application is directed to a computer-implemented method and apparatus for provisioning an Internet of Things (IoT) device on an IoT network. The application is also directed to a method for managing access to functionality of an IoT device in a networked group.

Abstract: Embodiments of the invention generally relate to apparatus, systems and methods for authenticating an entity for computer and/or network security and for selectively granting access privileges and providing other services in response to such authentications.

Abstract: A device determines that a data breach of an application has been reported and determines that an individual has an account with the application based on identifying an association between an application identifier and a username the individual uses to access the application. The device receives, from a user device associated with the individual, password information used to access the application. The device uses the password information and usernames for a group of applications with which the individual has accounts to perform a login procedure for the group of applications to determine that login information for one or more of the applications includes the password information used to access the application affected by the data breach. The device provides, to the user device or another device, a recommendation to change the password information used to access the application and the one or more applications.

Abstract: A security system can provide monitoring and vulnerability testing of networks within a vehicle and perform patching or take other remedial action when vulnerabilities are found. Monitoring can comprise maintaining and enforcing security policies on use of the networks of the vehicle, performing anti-virus and/or anti-malware monitoring and/or scanning on messages and use of the networks of the vehicle, monitoring in real-time for certain conditions or on certain aspects of operation of the networks, or performing one or more of a number of different types of automated vulnerability scans on the networks of the vehicle. Patching or take other remedial action can comprise, blocking access to one or more of the networks of the vehicle by an application, component, user, etc. when a threat is detected or a vulnerability is found, reporting a detected threat or vulnerability, obtaining and applying a patch or automatically taking other corrective action as needed.

Abstract: A method for authenticating to a network comprising a plurality of Internet of Things (“IoT”) devices is provided. The method may include using a mobile telephone apparatus, a wrist-worn apparatus and a head-worn apparatus to monitor the level of at least one of a wearer's pulse, body temperature, voice, gait and/or other biorhythmic indicator. One of the aforementioned apparatus may operate as a hub apparatus. The method may further include using the hub apparatus to assign a federated biometric marker based at least in part on the first, second and third biometric markers. The method may also include using artificial intelligence to monitor for one or more outliers with respect to historical monitoring. Each of the one or more outliers may include a magnitude that exceeds a security threshold difference between the current magnitude and the historically monitored magnitude.

Abstract: Provided is a process that affords out-of-band authentication based on a secure channel to a trusted execution environment on a client device. The authentication process includes one or more authentication steps in addition to verifying any credentials provided by a client device. A notification may be transmitted by a server to a device other than the client device attempting to access the asset. That device may be a mobile device with a trusted execution environment storing user credential information, and the server may store representations of those credentials. The mobile device collects user input credentials and transmits representations for matching the previously stored representations and signed data for verification by the server that received data originated from the mobile device. The access attempt by the client is granted based in part on the result of authenticating the data received from the mobile device in a response to the notification.

Abstract: A password recovery technique for access to a system includes receiving a request from a first party to recover the first party's password to access the system, receiving a selection of a second party from the first party, sending a message to the second party requesting that the second party authorize the request to recover the first party's password, receiving authorization from the second party for the request to recover the first party's password, and resetting the first party's password responsive to receiving authorization from the second party.

Abstract: Exclusive threads for multiple queues is described. A computing system adds a first event associated with a first entity to a first queue in response to receiving the first event. The computing system adds a second event associated with a second entity to a second queue in response to receiving the second event. The computing system adds a third event associated with the second entity to the second queue in response to receiving the third event. A first thread in the computing system removes the first event from the first queue, wherein any event in the first queue is removed exclusively by the first thread. The first thread processes the first event.

Abstract: A system includes hardware processors and a token exchange module configured to create a uniquely identified first digital token including an owner ID field identifying the current possessor of the digital token, associate the first digital token with digital content presented to the first user in a mixed reality environment, present the digital within the MR environment, make the first digital token available for acquisition, receive a request to acquire the first digital token, assign possession of the first digital token, via the owner ID field, to the first unique user ID of the first user based on the request to acquire the first digital token, receive a request to transfer the first digital token from the first user to the second user, the second user having a second unique user ID, and changing the owner ID field to the second unique user ID based on the request to transfer.

Abstract: Devices and methods for managing a mobile communications profile stored in a nonvolatile memory of a secure element and performed by the secure element are disclosed. The devices and methods may include operations such as reading the state of a flag stored in the nonvolatile memory of the secure element and indicating whether the profile may be deleted; determining the active or inactive state of the profile; and if the flag indicates that the profile may be deleted and if it is determined that the profile is inactive, then deleting the profile.

Abstract: Described herein are embodiments for managing policies of a mobile device. In embodiments, a mobile device receives policy containers from a plurality of disparate management agents. Each policy container has one or more policies. Each policy corresponds to a particular category that governs various aspects of the device. The policies described herein may be device wide policies corresponding to various features on the device. The policies may also be data specific policies which dictate how data is stored on and transferred to and from the device. Once the policies are received, a determination is made as to which policy in each category is the most secure policy. The most secure policy for each category is merged to create a global policy that is applied to the mobile device.

Abstract: Systems and methods for securing or encrypting data or other information arising from a user's interaction with software and/or hardware, resulting in transformation of original data into ciphertext. Generally, the ciphertext is generated using context-based keys that depend on the environment in which the original data originated and/or was accessed. The ciphertext can be stored in a user's storage device or in an enterprise database (e.g., at-rest encryption) or shared with other users (e.g., cryptographic communication). The system generally allows for secure federation across organizations, including mechanisms to ensure that the system itself and any other actor with pervasive access to the network cannot compromise the confidentially of the protected data.

Abstract: Techniques are provided for client-side security key generation. An initial request is received from an application executing on a client device. The application includes a security component includes security code. In response to the initial request, a key component is generated. The key component includes one or more parameters from which a valid security key can be generated at the client device by executing the security code. The key component is provided to the client device. A security key associated with a request from the client device to an application server is received. The security key is checked for validity. In response to determining that the security key is valid, processing of the request by the application server is caused.