Abstract: A card reader of a terminal is cryptographically verified upon initialization, power up, connection, or start of day processing of the terminal. A cryptographic and signed token is provided from and verified by an Encrypted Personal Identification Number (PIN) pad (EPP) of the terminal. Each time the reader initializes, the token is verified by the EPP and a new token is generated and provided to the reader for use during a next initialization cycle of the reader. If the reader lacks a token when the EPP has record that is should have the token, the reader is not authorized to perform card transactions for the terminal. If a token provided by the reader during an initialization cycle is not verified, the reader is not authorized to perform card transactions for the terminal.

Abstract: A method for slice authentication in a mobile telephone network. A WTRU performs, during a registration procedure with an Access and Mobility management Function, AMF, of a network, primary authentication of the WTRU, during which registration procedure the WTRU receives from the AMF a message indicating successful registration and including at least one of an indication of at least one network slice-specific authentication and authorization for slice access, SSSA, procedure to be executed following the registration procedure, a list of slices for which the WTRU is allowed access, and a list of slices for which SSSA is needed for access by the WTRU, and performs, after successful registration, at least one SSSA of the WTRU for accessing a first slice in the network.

Abstract: A processor-implemented method is disclosed. The method includes: receiving, via a terminal device, input of a first password during a card session that begins when a value transfer card is inserted into the terminal device, the value transfer card being associated with a plurality of passwords; verifying that the first password is a valid password associated with the value transfer card; identifying at least one card control setting associated with the first password, the at least one card control setting being a setting that is not associated with another one of the plurality of passwords; and processing a transaction initiated at the terminal device based on the identified at least one card control setting.

Abstract: Disclosed is an electronic device that operates based on a cloud server including a biometric sensor, a database that stores identification information on at least one of the biometric sensor, a user, and the electronic device and biometric information registered by the biometric sensor, and at least one processor, wherein the processor receives an authentication request of an authentication server through the cloud server, acquires biometric information of a user through the biometric sensor in response to the authentication request being received, determines whether the acquired biometric information corresponds to biometric information stored in the database, generates a response value including information on a result of the determining, and transmits the response value and the identification information to the cloud server, and the response value is transmitted to the authentication server when the transmitted identification information matches at least one of identification information stored in the clo

Abstract: Embodiments of the present disclosure are directed to systems and methods for remote deauthentication of electronic devices. A virtual authentication session manager or an electronic device maintains authentication across multiple electronic devices. The virtual authentication session manager receives authentication requests from electronic devices and generates a unique ID and a readable name for each device. A user can remotely deauthenticate any of the electronic devices that have previously been authenticated.

Abstract: Systems and methods for identifying a user to a merchant include creating a token for the user, the token identifying the user and user information of the user, where creating the token includes generating a string based on a user biometric and hashing the string to generate a hashed string, sending a notification indicating that a merchant requests the user information of the user, sending the token to a user device associated with the user where the token is configured to be activated via the user device before the token is selectively transmitted by the user device, receiving the token from a merchant computing system associated with a merchant, identifying the user and the user information based on the received token, receiving an indication from the user device, and withholding the user information from the merchant computing system based on the indication.

Abstract: A server receives encrypted data from a protected-resource-requesting device that includes an encrypted combination of the device and user identification. The first server requests a most recent copy of data of a distributed ledger from a randomly selected logged-in workstation. The first server searches for a match of the encrypted data from the first device in the distributed ledger data received from the randomly selected workstation. In response to determining a match, the first server updates a table of a second server with a one-time-password (OTP) and a copy of the encrypted data received from the device. The first server sends the OTP and an instruction to the device to send the OTP and the encrypted data to the second server, which determines whether a match exists. In response to a confirmed match, the first server grants access to the device.

Abstract: Described herein are techniques for preventing a user from continuing to access an online service once access rights have been revoked. In some embodiments, the techniques comprise receiving a request to determine a current status of access rights in association with a user and an online service, determining, based on one or more conditions associated with the online service, the current status of access rights, upon determining that the current status of access rights indicates that the user is not authorized to access the online service, identifying at least one user device associated with the user, generating programmatic instructions to cause a session token associated with the online service to be removed from a memory of the at least one user device, and providing the programmatic instructions to the at least one user device.

Abstract: A centralized document system integrates online document execution and conferencing to control access to precipitant information. Precipitant information includes access codes, personal identification numbers, sensitive information, or any other secured information for which execution of an online document is a prerequisite for access to the secured information. The centralized document system detects precipitant information that is presented during a conference and controls access to the detected precipitant information (e.g., by generating permission rules that specify a type of online document to be executed to gain access). The centralized document system may determine whether a user has executed one or more online documents and thus, has authorization to access the detected precipitant information. If the user has not executed the online documents, the centralized document system can control access to the precipitant information by modifying the conference (e.g., using censors or breakout rooms).

Abstract: A system, method, and computer-readable medium for performing a security operation.

Abstract: There is provided mechanisms for cyberattack identification in a network environment. A method is performed by a security analytics module. The method comprises obtaining logged events. The events having occurred and are logged in the network environment. Each logged event is associated with a cyber security deviation score and cyber security deviation statistics. The method comprises matching each logged event to a cyber-attack lifecycle phase by comparing characteristics of each logged event, as given by the cyber security deviation statistics, to known cyberattack lifecycle phases. The method comprises linking together the logged events by forming at least one chain of the logged events. Each chain corresponds to one type of cyberattack as given by combinations of the known cyberattack lifecycle phases. The cyber security deviation scores and cyber security deviation statistics are updated based on how the logged events are linked together.

Abstract: A computer system includes a database, a communication interface, and a processor(s). The processor(s) is programmed to receive a consent message from a cardholder computing device. The consent message includes cardholder consent information indicating consent to one or more data services. The processor(s) is also programmed to receive transaction card details from the cardholder computing device. The transaction card details correspond to a transaction card of a cardholder and are associated with a financial account of the cardholder. Based on the transaction card details, the processor(s) generates a digital access token. The digital access token is associated with the financial account and the cardholder consent information. The processor(s) stores the digital access token in the database, transmits a cardholder authentication request message to an issuer, and receives an authentication ID from the cardholder computing device.

Abstract: In an example, techniques of this disclosure include establishing, by a computing device, authentication data for authenticating a user of a service provided by a service provider, where the authentication data comprises one or more first data entries and one or more second data entries that correspond to the one or more first data entries. The techniques also include retrieving, from at least one third-party service provider, one or more second data entries maintained by the at least one third-party service provider that correspond to the one or more first data entries, and authenticating the user based on the authentication data, where authenticating the user comprises comparing the one or more first data entries to the one or more second data entries retrieved from the at least one third-party service provider.

Abstract: System and methods utilize Information Handling Systems (IHSs) in updating shared-use peripheral devices, such as peripherals available at a public or shared-use workstation. The coupling of a first shared-use peripheral device to the IHS is detected. The coupling of the first shared-use peripheral device is reported to a remote orchestrator that may support the operation of workspaces on the IHS. Files are received from the remote orchestrator for updating the first shared-use peripheral device. The IHS updates the first shared-use peripheral device using the received files. A coupling is detected of a coupling of a second shared-use peripheral device to the IHS, such as resulting form movement to a different shared-use workstation. If compatible, the second shared-use peripheral device is also updated using the received files. An IHS that is regularly coupled to different peripherals at different shared-use workstations may be selected to effectively distribute updates to these peripherals.

Abstract: A method of generating a virtual reality payment authentication entry interface includes receiving, over a computer network, a request for payment authorization; identifying a virtual reality interface; generating a plurality of payment authentication characters in the virtual reality interface; receiving user input associated with at least one character of the plurality of payment authentication characters in the virtual reality interface; and generating a payment authorization response to the request for payment authorization based on the received user input.

Abstract: A system or method of secure data entry can include one or more processors and memory having computer instructions which when executed by the one or more processors causes the one or more processors to perform the operations at a client edge device of executing a user interface data entry application on the client edge device, receiving data by the user interface data entry application, wherein the data entered is a graphic input pattern corresponding to characters, communicating the data entered to a server, and receiving access to the server if a data processing application at the server interprets the data entered as a credential based on rules negotiated between the data entry application and the data processing application and a template for the graphic input pattern.

Abstract: Provided are a method for providing an electronic document using a chatbot and a method and apparatus for writing an electronic document using a chatbot. The electronic document providing method using a chatbot includes receiving a chatting input associated with an electronic document from a user terminal, generating an electronic document based on the chatting input, and providing the generated electronic document to the user terminal.

Abstract: A method is provided for authenticating a user. A request to access a resource is received from a user agent. A cookie associated with the request is identified. The cookie includes a first subset of data that was previously used to authenticate the user. The cookie is validated based on the first subset of the data. Responsive to validating the cookie, a second subset of the data is retrieved from server-side storage. A risk decision is generated based on the first subset and the second subset. When the risk decision meets a threshold, the user is authenticated without presenting an authentication challenge, and access to the resources permitted.

Abstract: Methods and systems for multi-point token-based access control to online resources using a single wallet verification. A system, such as an e-commerce platform, receives a wallet address and digital signature from a user device during a user session, and obtains ownership data from a blockchain network with regard to the wallet address. Based on token ownership, the system determines whether the wallet address satisfies a token-based access condition. The system then detects a second access control event at a subsequent phase of the user session and, in response, obtains current ownership data from the blockchain network to determine whether a second token-based condition is satisfied before permitting a requested transaction in the subsequent phase.

Abstract: The present disclosure discloses an interactive method, an electronic device and a storage medium. In an embodiment, the method is applied to an electronic device including an interactive apparatus, and the method includes: receiving login request information and performing identity authentication; displaying information and/or at least one control corresponding to an authentication result; and displaying information corresponding to a control or executing a function corresponding to the control in response to an operation on the control.

Abstract: Disclosed herein are system, method and/or computer program product embodiments, and/or combinations thereof, for training a conversational recommendation system. An embodiment generates a probabilistic pseudo-user neural network model based on at least one interest probability distribution corresponding to a pseudo-user profile. The embodiment trains, using the pseudo-user neural network model, the conversational recommendation system to learn a recommendation policy, where the conversational recommendation system includes an interest-exploration engine and a prompt-decision engine. The training includes performing an iterative learning process that includes selecting an interest-exploration strategy based on one or more of the following: an interest-exploration policy, an earlier pseudo-user response generated by the pseudo-user neural network model, content data, and pseudo-user interaction history.

Abstract: A system and method that assigns a portable personal rating based on data verification. The decentralized system and methods operate with algorithms, software, devices, and databases allowing a decentralized distribution of token rewards based on the trust rating of the user. The system uses blockchain technology and is directed to a decentralized trust rating assignment wherein the verified information is saved in a blockchain ecosystem.

Abstract: Various implementations disclosed herein include devices, systems, and methods that authenticate user identities based on input/sensor data received from remote workstations and/or during remote communication sessions. The input/sensor data may correspond to timing and patterns from which user identities may be authenticated. Some implementations disclosed herein communicate input/sensor data in a way that preserves the timing and pattern information of the data and/or in a way that allows such information to be used for authentication in real-time. Some implementations enable continuous provision of input/sensor data and/or enable continuous authentication of user identities during remote communication sessions.

Abstract: A method includes initiating, by a device manager associated with a cluster manager proxy, a connection with a cluster of computing devices, wherein initiating the connection includes providing first credentials to the cluster of computing devices to access the cluster manager proxy. The method further includes receiving, at the cluster manager proxy, a first request to register the cluster of computing devices with a cluster manager, the first request including the first credentials to access the cluster manager proxy and sending, from the cluster manager proxy to the cluster manager, a second request to register the cluster of computing devices with the cluster manager, the second request including second credentials to access the cluster manager.

Abstract: A method, apparatus, and computer-readable medium are described that enable agent instances to be instantiated in secure, containerized environments. When a new container is detected, a list of agent instances expected to be running in a compute instance or in a container may be obtained and compared with status information regarding which agent instances are active. For a non-active agent instance, an agent object and configuration information for the agent instance may be obtained from a storage. Based on the available name, the agent object, and the configuration information, the agent instance may be instantiated and connected to an agent status server. An application related to the new agent instance may be deployed in the secure containerized environment.

Abstract: Provided is a first acoustic information acquisition unit configured to acquire a first acoustic information obtained by receiving a sound wave emitted from a first sound source by a wearable device worn by a user, a second acoustic information acquisition unit configured to acquire a second acoustic information obtained by receiving a sound wave emitted from a second sound source that is different from the first sound source by the wearable device, and a third acoustic information acquisition unit configured to acquire a third acoustic information used for biometric matching of the user based on the first acoustic information and the second acoustic information.

Abstract: Provided are an information processing apparatus, an information processing method, and a storage medium that can efficiently perform an immigration examination. The information processing apparatus includes: an examination unit that, based on user information acquired from a user who completed a departure examination of a first country but has not started boarding for a second country and related to the user, performs an immigration examination of the second country; and a transmission unit that transmits a notification related to the immigration examination.

Abstract: Techniques are described for using a decentralized group of authentication server nodes to prevent singular dependence upon any given online platform for authenticating avatars. For each epoch duration of time, a consensus protocol operating on a blockchain is used to elect an authentication server node. The elected node can then act as an authentication server on behalf of the online platform for that fixed epoch duration of time. Within this epoch of time, a client device (e.g., used by a user to access an online platform) performs a periodic heartbeat authentication with the elected authentication server node using an efficient authentication protocol that relies on a keyed-hashing mechanism. A client device can use the described system and authentication methods concurrently with multiple different online platforms (e.g., separate metaverses or other virtual worlds).

Abstract: The present disclosure provides a communication network node for providing data to a distributed ledger, wherein the node has circuitry configured to perform at least one of provide verification of input data which is used as input to a smart contract, provide verification whether output data, which is based on an output from a smart contract, is correctly received at a predetermined dev.

Abstract: An information processing apparatus includes: a storage storing restriction information indicating a restriction that a first communication address of a user registered in an external authentication apparatus is to satisfy in order to be permitted to use the information processing apparatus based on an authentication linkage with the external authentication apparatus; and a processor configured to acquire first information indicating authentication success, the first information being issued by the external authentication apparatus and including a second communication address generated by the external authentication apparatus in association with the first communication address, transmit, to the second communication address included in the first information, second information requesting execution of communication with a predetermined verification device, acquire, from the predetermined verification device, a verification result as to whether the first communication address satisfies the restriction, the first

Abstract: Systems and methods for centralized client application management are provided. In an example embodiment, a client state is received from a mobile device at a management device. The client state comprises information about a particular application. A first instruction for the mobile device is generated by one or more hardware processors. The first instruction comprises an instruction to the mobile device to prevent user interaction with a user interface of a particular application. The first instruction is communicated to the mobile device, and the mobile device performs the first instruction to prevent user interaction with the user interface of the particular application.

Abstract: Systems, methods, and non-transitory computer readable medium disclosed herein relate to identity verification and authorization method. In one embodiment, the system can generate and send a message to a device associated with a user based on an initiated request from the user and a determination the user should be authenticated, wherein the message requests a content-based response from the user to authenticate the user. In another embodiment, the system can receive the content-based response from the user in reply to the message, wherein the content-based response comprises SMS (short message service) metadata, emoji, photo, video, audio, or a combination thereof. In another embodiment, the system can authenticate the user based on a determination of a confirmed match between the content-based response from the user and a response key preselected by the user.

Abstract: Techniques are disclosed relating to verifying that an alias value is unique across multiple different network regions. In various embodiments a server system located in a first network region may maintain an alias map that specifies encoded versions of alias values that are in use across multiple different network regions. For example, for a given alias value, the alias map may specify a corresponding encoded version of the alias value and an identifier for a given one of the network regions with which the given alias value is associated. In various embodiments, the server system may receive a user-provided alias value from a user during an account registration process and, using the alias map, determine whether the user-provided alias value is already in use in any of the network regions.

Abstract: Apparatuses, methods, and systems for data source reporting are disclosed. A method includes receiving, by a network provider, data types a customer user is to have reported from one or more data sources of the customer user, wherein the reporting is from data sources, and wherein the wireless reporting is through a wireless uplink between the data sources to a base station, providing, by the network provider, options of data packages to the customer, wherein the options of data packages are selected from the set of data packages based on the data types provided by the customer user, and receiving, by the network provider, from the customer user, a selection of a data package from the provided options of data packages, wherein the selected data package includes one or more data types, and when data within the selected data package are to be reported.

Abstract: Systems and methods for authenticating a user in an authentication system using a computing device configured to capture authentication biometric identity information. The authentication biometric identify information captured during an authentication session. The authentication biometric identify information may comprise or be derived from one or more images of the user being authenticated. The authentication biometric identify information is compared to root identify biometric information. The root identify biometric information is captured from a trusted source, such as trusted devices located at trusted locations, such as a government entity, financial institution, or business. Identity verification may occur by comparing the trusted root identify biometric information to the biometric identify information captured during an authentication session. Liveness determination may also occur to verify the user is a live person.

Abstract: Apparatuses, systems, methods, and computer program products are disclosed for data supplementation and verification. A method includes determining that an identifier within aggregated data is not a previously classified known identifier. A method includes transmitting an identifier to a search interface of a server of a third party service provider. A method includes receiving results associated with an identifier from a third party service provider. A method includes parsing results to determine whether a plurality of results have a common pattern associated with a classification. A method includes, in response to determining that a plurality of results have a common pattern associated with a classification, associating the classification with an identifier based on the common pattern.

Abstract: Disclosed herein are systems and methods for using machine learning for geographic analysis of access attempts. In an embodiment, a trained machine-learning model classifies source IP addresses of login attempts to a system as either blacklisted or allowed based on a set of aggregated features that correspond to login attempts to the system from the source IP addresses. The set of aggregated features includes, in association with each respective source IP address, a geographical login-attempt failure rate of login attempts to the system from each of one or more geographical areas that each correspond to the respective source IP address. Source IP addresses that are classified by the machine-learning model as blacklisted are added to a system blacklist, such that the system will disallow login attempts from such source IP addresses.

Abstract: A system for wearable authentication and management is disclosed. In particular, the system may include identifying and authenticating a user through biometric data or movement signatures specific to the wearer of a wearable device. Once the user and wearable device are authenticated, the system may activate and provision connectivity services for the wearable device, associate the device with a device ecosystem of the user, and push predefined settings to the wearable device. Additionally, the system may deliver communications that are transmitted to other devices in the device ecosystem to the wearable device while the wearable device is worn by the user. If the user no longer wears the wearable device or the wearable device is not utilized for a period of time, the system may deactivate the connectivity services for the wearable device and remove any settings pushed to the wearable device.

Abstract: There is provided a method to detect phishing websites so as to protect users from sending their sensitive information to criminal servers. When browsing a web site having an input form asking sensitive information, the input fields are recorded (i.e. username field and password field). Then false credentials are generated and submitted in background. The new control layer then checks the response page content whether it includes an input form and if there is an input, it checks whether the form has the same fields as the first form. If the responded page does not have a form, or it has a form but includes different fields than the initial page's form, then the original site is identified as phishing.

Abstract: A heightened level of security is provided in a computing platform by monitoring usage of applications and/or services residing on or accessible to a computing platform to determine abnormal usage patterns. In response to determining an abnormal pattern of usage, the user is required to provide biometric data, such as voice data, facial feature data, fingerprint data or the like, as a means of authenticating the user. The abnormal pattern of usage may be determined dynamically by comparing current usage patterns to known user baseline usage patterns. Alternatively, the abnormal pattern of usage is predefined, such as the resetting of passwords in a predefined number of applications and/or services over a predefined period of time.

Abstract: Disclosed herein are methods and apparatus for automatically switching virtual private networks.

Abstract: Hardware and/or software systems, devices, networks, and methods for managing for access authentication, and verification to devices, networks, and systems based on a wireless signal identity developed for wireless-enabled devices based on wireless signal information associated with wireless signals previously detected by the wireless-enabled devices. The system may be used to authenticate access requests, transactions, etc. based on comparison between wireless signal information associated with wireless signals presently detected by the WED and its wireless signal identity via a management platform and/or the WED itself.

Abstract: Systems and methods are described for determining whether to activate a voice activated device based on a speaking cadence of the user. When the user speaks with a first cadence the system may determine that the user does not intend to activate the device and may accordingly not to trigger a voice activated device. When the user speaks with a second cadence the system may determine that the user does wish to trigger the device and may accordingly trigger the voice activated device.

Abstract: Apparatus and methods are provided for providing and simulating authentication within a metaverse. A user may request to be authenticated by a computer program. The program may authenticate the user. The program may create a time-limited avatar overlay for the user to utilize within the metaverse. The time-limited avatar overlay may be transmitted to the user. The user may use the avatar overlay within the metaverse to authenticate the user. The user may authenticate through any appropriate method, including by providing a copy of a real identification card to the program. In an embodiment, the avatar overlay may be a digital representation of the identification card or a digital token.

Abstract: A system can include a processor in communication with a data store. The processor can obtain personal identifiable information (PII) data and segregate the PII data into two or more secondary representations. The processor can generate a plurality of co-occurrence matrices based on the two or more secondary representations. The processor can perform a convolution between each of the plurality of co-occurrence matrices and one of a plurality of Gaussian kernels, wherein each of the plurality of Gaussian kernels comprises a different width. The processor can generate a tertiary representation of the PII data by performing a linear combination of the plurality of co-occurrence matrices. The processor can generate a vector based on the tertiary representation and perform a lossy tokenization process on the vector to generate a token. The processor can store the token at the data store.

Abstract: The present invention is generally related to systems and methods for providing an improved authentication and verification system through the use of compiled user data and user location or traffic data from multiple channels of input. Multiple devices may be utilized by the system in order to receive and process data to authenticate user identities and verify the validity of account activity.

Abstract: Disclosed are example methods, systems, and devices that allow for generation and maintenance of a central identity databank for a user's digital life. The identity databank may include identity elements with payload values and metadata values corresponding immutable attributes of the user. A multifactor identity authentication protocol allows service provider devices to more reliably validate transactions with user devices via an identity system. The identity databank may include passwords, which may be generated by the identity system linked to user accounts and/or service providers. The passwords may be provided to service provider devices, eliminating the need for users to conceive of a multitude of varying passwords for the user's accounts.

Abstract: Disclosed are example methods, systems, and devices that allow for generation and maintenance of a central identity databank for a user's digital life. The identity databank may include identity elements with payload values and metadata values corresponding immutable attributes of the user. A multifactor identity authentication protocol allows service provider devices to more reliably validate transactions with user devices via an identity system. The identity databank may include passwords, which may be generated by the identity system linked to user accounts and/or service providers. The passwords may be provided to service provider devices, eliminating the need for users to conceive of a multitude of varying passwords for the user's accounts.

Abstract: Training an adversarial perturbation detector comprises accessing a training set comprising an enrolled biometric sample xi and a public biometric sample x of an enrolled user, and submitted biometric samples x? of a second user, the submitted biometric samples x? comprising perturbed adversarial samples x?+?x?. A transformation function k(?) is provided having learnable a parameter ? and a classifier having a learnable parameter ?. The training set is used to learn the parameters ? and ? by inputting the training set to the transformation function k(?). The transformation function k(?) generates transformed enrolled samples k(xi), a transformed public biometric sample k(x), and a transformed adversarial sample k(x?+?x?). The classifier classifies the transformed adversarial sample k(x?+?x?) as a success or as a fail based on the transformed enrolled samples k(xi). Based on a result of the classification, the learnable parameters ? and ? are updated.

Abstract: An information processing system acquires biological information of a target and generates output information determined in correspondence with identification information using the identification information associated with the biological information. Then, the output information is output.