Abstract: Provided are an information processing apparatus, an information processing method, and a storage medium that can efficiently perform an immigration examination. The information processing apparatus includes: an examination unit that, based on user information acquired from a user who completed a departure examination of a first country but has not started boarding for a second country and related to the user, performs an immigration examination of the second country; and a transmission unit that transmits a notification related to the immigration examination.

Abstract: The present disclosure provides a communication network node for providing data to a distributed ledger, wherein the node has circuitry configured to perform at least one of provide verification of input data which is used as input to a smart contract, provide verification whether output data, which is based on an output from a smart contract, is correctly received at a predetermined dev.

Abstract: Techniques are described for using a decentralized group of authentication server nodes to prevent singular dependence upon any given online platform for authenticating avatars. For each epoch duration of time, a consensus protocol operating on a blockchain is used to elect an authentication server node. The elected node can then act as an authentication server on behalf of the online platform for that fixed epoch duration of time. Within this epoch of time, a client device (e.g., used by a user to access an online platform) performs a periodic heartbeat authentication with the elected authentication server node using an efficient authentication protocol that relies on a keyed-hashing mechanism. A client device can use the described system and authentication methods concurrently with multiple different online platforms (e.g., separate metaverses or other virtual worlds).

Abstract: An information processing apparatus includes: a storage storing restriction information indicating a restriction that a first communication address of a user registered in an external authentication apparatus is to satisfy in order to be permitted to use the information processing apparatus based on an authentication linkage with the external authentication apparatus; and a processor configured to acquire first information indicating authentication success, the first information being issued by the external authentication apparatus and including a second communication address generated by the external authentication apparatus in association with the first communication address, transmit, to the second communication address included in the first information, second information requesting execution of communication with a predetermined verification device, acquire, from the predetermined verification device, a verification result as to whether the first communication address satisfies the restriction, the first

Abstract: Systems, methods, and non-transitory computer readable medium disclosed herein relate to identity verification and authorization method. In one embodiment, the system can generate and send a message to a device associated with a user based on an initiated request from the user and a determination the user should be authenticated, wherein the message requests a content-based response from the user to authenticate the user. In another embodiment, the system can receive the content-based response from the user in reply to the message, wherein the content-based response comprises SMS (short message service) metadata, emoji, photo, video, audio, or a combination thereof. In another embodiment, the system can authenticate the user based on a determination of a confirmed match between the content-based response from the user and a response key preselected by the user.

Abstract: Systems and methods for centralized client application management are provided. In an example embodiment, a client state is received from a mobile device at a management device. The client state comprises information about a particular application. A first instruction for the mobile device is generated by one or more hardware processors. The first instruction comprises an instruction to the mobile device to prevent user interaction with a user interface of a particular application. The first instruction is communicated to the mobile device, and the mobile device performs the first instruction to prevent user interaction with the user interface of the particular application.

Abstract: Techniques are disclosed relating to verifying that an alias value is unique across multiple different network regions. In various embodiments a server system located in a first network region may maintain an alias map that specifies encoded versions of alias values that are in use across multiple different network regions. For example, for a given alias value, the alias map may specify a corresponding encoded version of the alias value and an identifier for a given one of the network regions with which the given alias value is associated. In various embodiments, the server system may receive a user-provided alias value from a user during an account registration process and, using the alias map, determine whether the user-provided alias value is already in use in any of the network regions.

Abstract: Apparatuses, methods, and systems for data source reporting are disclosed. A method includes receiving, by a network provider, data types a customer user is to have reported from one or more data sources of the customer user, wherein the reporting is from data sources, and wherein the wireless reporting is through a wireless uplink between the data sources to a base station, providing, by the network provider, options of data packages to the customer, wherein the options of data packages are selected from the set of data packages based on the data types provided by the customer user, and receiving, by the network provider, from the customer user, a selection of a data package from the provided options of data packages, wherein the selected data package includes one or more data types, and when data within the selected data package are to be reported.

Abstract: Systems and methods for authenticating a user in an authentication system using a computing device configured to capture authentication biometric identity information. The authentication biometric identify information captured during an authentication session. The authentication biometric identify information may comprise or be derived from one or more images of the user being authenticated. The authentication biometric identify information is compared to root identify biometric information. The root identify biometric information is captured from a trusted source, such as trusted devices located at trusted locations, such as a government entity, financial institution, or business. Identity verification may occur by comparing the trusted root identify biometric information to the biometric identify information captured during an authentication session. Liveness determination may also occur to verify the user is a live person.

Abstract: Apparatuses, systems, methods, and computer program products are disclosed for data supplementation and verification. A method includes determining that an identifier within aggregated data is not a previously classified known identifier. A method includes transmitting an identifier to a search interface of a server of a third party service provider. A method includes receiving results associated with an identifier from a third party service provider. A method includes parsing results to determine whether a plurality of results have a common pattern associated with a classification. A method includes, in response to determining that a plurality of results have a common pattern associated with a classification, associating the classification with an identifier based on the common pattern.

Abstract: Disclosed herein are systems and methods for using machine learning for geographic analysis of access attempts. In an embodiment, a trained machine-learning model classifies source IP addresses of login attempts to a system as either blacklisted or allowed based on a set of aggregated features that correspond to login attempts to the system from the source IP addresses. The set of aggregated features includes, in association with each respective source IP address, a geographical login-attempt failure rate of login attempts to the system from each of one or more geographical areas that each correspond to the respective source IP address. Source IP addresses that are classified by the machine-learning model as blacklisted are added to a system blacklist, such that the system will disallow login attempts from such source IP addresses.

Abstract: A system for wearable authentication and management is disclosed. In particular, the system may include identifying and authenticating a user through biometric data or movement signatures specific to the wearer of a wearable device. Once the user and wearable device are authenticated, the system may activate and provision connectivity services for the wearable device, associate the device with a device ecosystem of the user, and push predefined settings to the wearable device. Additionally, the system may deliver communications that are transmitted to other devices in the device ecosystem to the wearable device while the wearable device is worn by the user. If the user no longer wears the wearable device or the wearable device is not utilized for a period of time, the system may deactivate the connectivity services for the wearable device and remove any settings pushed to the wearable device.

Abstract: There is provided a method to detect phishing websites so as to protect users from sending their sensitive information to criminal servers. When browsing a web site having an input form asking sensitive information, the input fields are recorded (i.e. username field and password field). Then false credentials are generated and submitted in background. The new control layer then checks the response page content whether it includes an input form and if there is an input, it checks whether the form has the same fields as the first form. If the responded page does not have a form, or it has a form but includes different fields than the initial page's form, then the original site is identified as phishing.

Abstract: A heightened level of security is provided in a computing platform by monitoring usage of applications and/or services residing on or accessible to a computing platform to determine abnormal usage patterns. In response to determining an abnormal pattern of usage, the user is required to provide biometric data, such as voice data, facial feature data, fingerprint data or the like, as a means of authenticating the user. The abnormal pattern of usage may be determined dynamically by comparing current usage patterns to known user baseline usage patterns. Alternatively, the abnormal pattern of usage is predefined, such as the resetting of passwords in a predefined number of applications and/or services over a predefined period of time.

Abstract: Hardware and/or software systems, devices, networks, and methods for managing for access authentication, and verification to devices, networks, and systems based on a wireless signal identity developed for wireless-enabled devices based on wireless signal information associated with wireless signals previously detected by the wireless-enabled devices. The system may be used to authenticate access requests, transactions, etc. based on comparison between wireless signal information associated with wireless signals presently detected by the WED and its wireless signal identity via a management platform and/or the WED itself.

Abstract: Disclosed herein are methods and apparatus for automatically switching virtual private networks.

Abstract: Apparatus and methods are provided for providing and simulating authentication within a metaverse. A user may request to be authenticated by a computer program. The program may authenticate the user. The program may create a time-limited avatar overlay for the user to utilize within the metaverse. The time-limited avatar overlay may be transmitted to the user. The user may use the avatar overlay within the metaverse to authenticate the user. The user may authenticate through any appropriate method, including by providing a copy of a real identification card to the program. In an embodiment, the avatar overlay may be a digital representation of the identification card or a digital token.

Abstract: Systems and methods are described for determining whether to activate a voice activated device based on a speaking cadence of the user. When the user speaks with a first cadence the system may determine that the user does not intend to activate the device and may accordingly not to trigger a voice activated device. When the user speaks with a second cadence the system may determine that the user does wish to trigger the device and may accordingly trigger the voice activated device.

Abstract: A system can include a processor in communication with a data store. The processor can obtain personal identifiable information (PII) data and segregate the PII data into two or more secondary representations. The processor can generate a plurality of co-occurrence matrices based on the two or more secondary representations. The processor can perform a convolution between each of the plurality of co-occurrence matrices and one of a plurality of Gaussian kernels, wherein each of the plurality of Gaussian kernels comprises a different width. The processor can generate a tertiary representation of the PII data by performing a linear combination of the plurality of co-occurrence matrices. The processor can generate a vector based on the tertiary representation and perform a lossy tokenization process on the vector to generate a token. The processor can store the token at the data store.

Abstract: The present invention is generally related to systems and methods for providing an improved authentication and verification system through the use of compiled user data and user location or traffic data from multiple channels of input. Multiple devices may be utilized by the system in order to receive and process data to authenticate user identities and verify the validity of account activity.

Abstract: Disclosed are example methods, systems, and devices that allow for generation and maintenance of a central identity databank for a user's digital life. The identity databank may include identity elements with payload values and metadata values corresponding immutable attributes of the user. A multifactor identity authentication protocol allows service provider devices to more reliably validate transactions with user devices via an identity system. The identity databank may include passwords, which may be generated by the identity system linked to user accounts and/or service providers. The passwords may be provided to service provider devices, eliminating the need for users to conceive of a multitude of varying passwords for the user's accounts.

Abstract: Disclosed are example methods, systems, and devices that allow for generation and maintenance of a central identity databank for a user's digital life. The identity databank may include identity elements with payload values and metadata values corresponding immutable attributes of the user. A multifactor identity authentication protocol allows service provider devices to more reliably validate transactions with user devices via an identity system. The identity databank may include passwords, which may be generated by the identity system linked to user accounts and/or service providers. The passwords may be provided to service provider devices, eliminating the need for users to conceive of a multitude of varying passwords for the user's accounts.

Abstract: Training an adversarial perturbation detector comprises accessing a training set comprising an enrolled biometric sample xi and a public biometric sample x of an enrolled user, and submitted biometric samples x? of a second user, the submitted biometric samples x? comprising perturbed adversarial samples x?+?x?. A transformation function k(?) is provided having learnable a parameter ? and a classifier having a learnable parameter ?. The training set is used to learn the parameters ? and ? by inputting the training set to the transformation function k(?). The transformation function k(?) generates transformed enrolled samples k(xi), a transformed public biometric sample k(x), and a transformed adversarial sample k(x?+?x?). The classifier classifies the transformed adversarial sample k(x?+?x?) as a success or as a fail based on the transformed enrolled samples k(xi). Based on a result of the classification, the learnable parameters ? and ? are updated.

Abstract: An information processing system acquires biological information of a target and generates output information determined in correspondence with identification information using the identification information associated with the biological information. Then, the output information is output.

Abstract: A system and method for agentless detection of sensitive data in a cloud computing environment. The method includes detecting a first data object including a data schema and a content in a cloud computing environment; detecting a second data object, having the data schema of the first data object; generating in a security graph: a first data object node representing the first data object, a second data object node representing the second data object, and a data schema node representing the data schema; storing a classification based on the content in the security graph, wherein the content is classified as sensitive data or non-sensitive data; and rendering an output based on the classification and the data schema node, in lieu of the first data object node and the second data object node, in response to receiving a query to detect a node representing a data object classified as sensitive data.

Abstract: An inspection system acquires an inspection target person image including an inspection target person, irradiates an electromagnetic wave having a wavelength of equal to or more than 30 micrometers and equal to or less than one meter toward the inspection target person and receives a reflection wave, performs detection processing of detecting an anomalous state based on a signal of the reflection wave, causes a storage unit to store tracking target person information indicating an external appearance of a tracking target person being the inspection target person in which the anomalous state is detected, acquires a worker peripheral image including scenery in the periphery of a worker; detects the tracking target person from the worker peripheral image based on the tracking target person information, and notifies the worker of a position of the tracking target person detected from the worker peripheral image.

Abstract: A method of updating a first device (e.g., one or more locking devices) to reflect information located on a second device (e.g., a server) is provided, where the first device and the second device cannot communicate directly with one another. The method may include employing a third untrusted device (e.g., a mobile device) temporarily as an intermediary between the first device and second device. The method may include receiving, at the first device and from a third device, a request for the first device to communicate with the third device. In response to determining that the third device is authorized to communicate with the first device, the first device may receive information from the third device that was provided by the second device. The first device may transmit at least one message to the third device that is to be provided to second device.

Abstract: In one example of the technology, a first third-party service is registered with the IoT support service. A first IoT device of a plurality of IoT devices is caused to be provisioned with the IoT support service. An authentication is received token for the first IoT device. The authentication token is based on an authentication of the first IoT device with the first third-party service. The authentication token is verified. The first IoT device is authenticated with the IoT support service based on the verification.

Abstract: A system and method for the prevention, mitigation, and detection of cyberattack attacks on computer networks using logon session tracking and logging. The system uses local session monitors to monitor logon sessions within a network, track session details, and generate an event log for any suspicious sessions or details. Cyber-physical graphs and histograms using persisted time-series data provides critical information, patterns, and alerts about configurations, attack vectors, and vulnerabilities which enable information technology and cybersecurity professionals greater leverage and control over their infrastructure.

Abstract: Methods and systems for creating a multi-applicant account profile are described. During a first remote session, a first applicant provides at least two pieces of contact data for second applicant. A unique link and a one-time password are transmitted to the second applicant using respective first and second pieces of contact data. A second remote session is initiated, in response to receipt of the one-time password, provided via the unique link. During the second remote session, identification information of the second applicant is provided. A new multi-applicant account profile is then created, after verifying the identification information of the first applicant and the second applicant.

Abstract: This application discloses a remote attestation mode negotiation method and apparatus. Before remote attestation is performed, automatic negotiation is performed between a to-be-verified network device and a server, so that the to-be-verified network device and the server can determine, through negotiation from remote attestation modes supported by both the to-be-verified network device and the server, a remote attestation mode used to subsequently perform remote attestation between the network device and the server, and there is no need to manually statically configure a remote attestation mode for the network device and the server, thereby greatly reducing labor costs of determining the remote attestation mode. In addition, when there are a large quantity of devices, the automatic remote attestation mode negotiation method also helps configure a remote attestation mode more flexibly.

Abstract: In some implementations, a physical medium may include a radio frequency (RF) component and an integrated circuit (IC) chip component. The physical medium may be configured to detect, via the RF component, that the physical medium is within a communicative proximity of a first user device or a first medium associated with a first account. The physical medium may communicate, via the RF component, with the first user device or the first medium based on detecting that the physical medium is within the communicative proximity of the first user device or the first medium. The physical medium may configure the IC chip component to indicate that the physical medium is paired with the first account. The physical medium may transmit, via the RF component or the IC chip component and to a terminal, an indication that the physical medium is paired with the first account.

Abstract: Embodiments disclosed herein are related to a method that can include displaying first content on a media display, receiving first data generated from or determined by an Internet of Things (IoT) device, and displaying second content in response to receiving the first data from the IoT device.

Abstract: Implementations relate to a method for establishing an end-to-end encrypted data communication link between a portable medical apparatus and a data-management device. The method comprises at least the following steps: out-of-band transmission of a public key from the medical apparatus to the data-management device, wherein the transmission does not take place via Bluetooth; setting up an encrypted Bluetooth data communication link between the medical apparatus and the data-management device; transmitting a public key from the data-management device to the medical apparatus via the Bluetooth link that has been set up; calculating a combined key on the data-management device and on the medical apparatus; setting up an end-to-end encrypted link between the medical apparatus and the data-management device using the combined key, such as a symmetrical, key.

Abstract: An authentication server enrolls a user's mobile device as a trusted device with a vendor software after verifying the network ID of the user's mobile device. The authentication server associates the network ID in an authentication entry with authentication information such as a push notification token and cryptographic key. Later, when the user attempts to log in to the vendor software, the authentication server may attempt to cryptographically authenticate the user. Otherwise, the authentication server may use the push notification token to transmit an OTP to the user's mobile device as a push notification.

Abstract: A system and method can provide charter-based access to resources using an object model. Charters are defined by an administrator to have certain markings, each marking indicating a control (e.g., permission, credential, qualification, constraint, requirement, etc.) that regulates work under the charter. Users are also associated with markings. A user starts a session to access the system and is authenticated. The system determines charters having markings that the user has, and these charters are provided to the user to select from. Selecting a charter allows the user access to resources associated with the charter, under the controls indicated by the markings. Charters, controls, qualifications, resources, authorizations and links between them can be implemented using an object model. Markings can control session parameters (e.g.

Abstract: A computing support system is configured to programmatically manage support access to a computing system via a support technician console across multiple levels of support access. The system receives a request to authenticate a user requesting support for the computing system, issues one or more authentication challenges to the user to authenticate the identity of the user, receives one or more corresponding authentication challenge responses from the user based on the authentication challenge, and verifies a level of authentication based on the authentication challenge response, the level of authentication being selected from multiple levels of authentication. The system also determines a level of support access to the computing system based on the verified level of authentication and the identity of the user and programmatically enforces limits on the support access to the computing system via the support technician console based on the determined level of support access.

Abstract: A device may collect environmental information surrounding the device. Based on the collected environmental information, the device may automatically identify a potentially secured location that has lower security risk. When a potentially secured location is identified, the device may prompt the user to setup a security profile having reduced security requirement for the secured location. The device may store and associate the security profile with the secured location. The device may activate the security profile with reduced security requirement when the device is in the secured area. Further, the security profile may require that certain features of the device be disabled when the device is in the secured location.

Abstract: A method for authenticating a device based on a wireless power transmission signal includes receiving, at an authenticating device, a wireless power transmission signal for authentication of a user device attempting to accessing a resource, where the wireless power transmission signal includes a unique identifier for the user device. The method further includes translating, at the authenticating device, the wireless power transmission signal, wherein the unique identifier for the user device is embedded in the wireless power transmission signal as a bit representation. In response to authenticating the user device based on a translated wireless power transmission signal, the method further includes granting, the user device, access to the resource.

Abstract: Provided are systems, processes, and methods for identity management, such as the verification of an identity of a user of device for securely onboarding a device remotely and other use cases. A user may access a webpage or obtain a native application on their device with which the user engages to prove their identity to an identity verifier delegated to attest to the identity of the user. A communication session is established between the user and the identity verifier via their respective devices. If the identity verifier attests to the asserted identity of the user, the device of the user may be issued a deep link, code, or other for the establishment or exchange of credential information with an identity management system. Embodiments of such systems may also be used for other instances of identity or device verification.

Abstract: Methods and systems described in this disclosure receive a call from a device associated with a caller and determine whether the caller is eligible for biometric authentication via the device by sending, via a communications network, an eligibility determination request to an issuer of the device. In response to the caller being eligible for biometric authentication, a request to initiate a biometric authentication process on the device is sent to an issuer of the device, where biometric credentials are received by the device and an indication of whether the biometric credentials were verified is received from the issuer of the device.

Abstract: Aspects of the disclosure provide techniques for using bio-behavior based information for providing and restricting access to a secure website or computer network and its assets to a user entity. The bio-behavior system and method 100 uses processes to learn models that relate heterogeneous data that connects the analog, physical space with the online/cyber world. The process is a nonparametric, probabilistic mixture model. The system 100 is capable of detecting behavioral patterns in mixed data composed of inputs of varying complexity. This includes the low-level, mainly unprocessed data generated by a user entity device's intrinsic sensors that monitor the internal state of the phone as well as extrinsic sensors that capture the state of the surrounding environment.

Abstract: Before or after a first-type authentication has been completed, disclosed devices, systems, and methods may conduct a second-type authentication to authenticate a user such that the user can log into a secure device and/or access secure content. An example system may cause a wearable device to activate a biosensor, which extends along a full internal circumference of the wearable device when worn, to detect at least a first sEMG signal on the user's skin responsive to the user performing a first gesture. The system may also generate or receive a first user signature based on the first sEMG signal and determine whether the first user signature matches stored authentication training data. In response to determining that there is a match, the system may complete the second-type authentication to authenticate the user.

Abstract: According to an embodiment of the present application, there is provided an image verification method and apparatus, an electronic device and a computer-readable storage medium, which can be applied to the technical field of network security and the field of image processing and recognition. The image verification method includes: displaying a first image portion and a second image portion, the first image portion being rotatable with respect to the second image portion, the first image portion and the second image portion being obtained by cropping an original image and rotating the cropped first image portion with respect to the second image portion; receiving an operation for rotating the first image portion; rotating the first image portion based on the operation; and determining whether an angle of the first image portion relative to the second image portion matches with the original image, in response to determining that the operation is ended.

Abstract: Provided herein are smart cloud service systems to enhance information technology system access security and computer-implemented and user-implemented methods of use. The smart cloud service is in electronic communication with a system access point on a system access management (SAM) server which is configured to establish a distributed system access point on a system access management (SAM) client. The smart cloud service distributes, deploys, updates and synchronizes modules or components on the SAM server and the SAM client to enable authentication questions and answers to be generated by a multi-factor authentication engine from data acquired from a user's personal online use and behavior history when access to a protected IT system is requested.

Abstract: Users of an identity provider system may be authorized to use a variety of different types of factors from a variety of different factor providers. The identity provider system monitors and analyzes the “health” of the different possible factors available to a user, e.g., their availability relative to error rate. Using the results of the analysis, the identity provider can assess which factors are the most appropriate for a given user seeking authentication and can improve the user experience for the user by emphasizing those most appropriate factors to the user.

Abstract: A multi-party session key agreement method includes: a test session for exchanging a short-term key between parties of 3 to n peers; and an original session for exchanging a long-term key between the parties who have exchanged the short-term key. Peer (n) that has conducted the test session and the original session has cluster (n) that manages the keys as a result of conducting the sessions, and cluster (n) agrees with a result of the session conducted in peer (n) by communicating with cluster (n+1) of another peer (n+1).

Abstract: There has been such an issue that, when an operation for stopping a Virtual Network Computing (VNC) connection is received from a user on a mobile terminal in a state where the VNC connection is established between the mobile terminal and a multifunction peripheral (MFP) and the user is logged in to the MFP, a screen in a state where the user is logged in is continued to be displayed on the MFP. One aspect of the present disclosure allows processing for logging the user out of the MFP to be automatically performed when processing for disconnecting the VNC connection is received.

Abstract: A vehicle may include an electronic control apparatus of the vehicle that encrypts data, generates an encrypted message including the encrypted data and a message authentication code (MAC) of the encrypted data, and transmits the encrypted message and identification information corresponding to the encrypted message to another apparatus. The vehicle also includes a gateway apparatus that receives the encrypted message and the identification information, determines whether the identification information is identical to pre-stored identification information, generates a MAC of the encrypted data, determines whether the generated MAC is identical to the MAC obtained from the encrypted message, and routes the encrypted message based on the determination result.

Abstract: A method for quickly entering an application includes detecting a first operation, where the first operation is used to change the electronic device from the folded form to an unfolded form, wherein when the electronic device is in the unfolded form, the included angle between the first region and the second region is greater than a second preset angle, and wherein the second preset angle is greater than the first preset angle, and displaying display interfaces of one or more preset applications in the first region, the second region, and/or the third region in response to the first operation. In the method, when the electronic device changes from the folded form to the unfolded form, a preset application may be quickly entered.