Abstract: Provided are procedure approval method and system based on a virtual authentication code. The method is executed by a server, and includes receiving, by the server, a virtual authentication code and a request for procedure approval, searching for, by the server, a storage location of user authentication information of a user in a storage location search algorithm, based on the virtual authorization code, extracting, by the server, user authentication information stored in the storage location and authenticating the user based on the user authentication information, and approving the procedure when the user authentication is finished.

Abstract: A system and method for providing secure access to an organization's internal resources by an application running on an external network. An agent accepts queries from the application which are passed to a relay with a dynamic filter. The relay establishes a secure connection with a connector through the organization's firewall and passes requests from the application to an authentication service running on the internal network to confirm that a user of the application is authorized and issue an authentication ticket which is returned to the application. The application then sends a request to access a specific internal resource based on the authentication ticket, which is passed to a ticket granting service running on the internal network, to verify that said user is authorized to access the specific internal resource, and, if so, issue a service ticket to grant access the application for that resource.

Abstract: In one embodiment, a method includes receiving, by a network node, a packet associated with a session. The method also includes performing, by the network node, a sequence-based anti-replay check and determining, by the network node, that the sequence-based anti-replay check rejected the packet. The method further includes performing, by the network node, a time-based anti-replay check, performing, by the network node, a selective anti-replay check, and determining, by the network node, whether to dynamically adjust a time-based anti-replay window size.

Abstract: A computer-implemented method comprising: generating, from a key-seed associated with a user, a set of homomorphic encryption (HE) keys associated with an HE scheme; receiving, from a key management system (KMS) associated with said HE scheme, an encrypted version of said key-seed; storing said encrypted version of said key-seed, and said set of HE keys, in an untrusted storage location; and at a decryption stage, decrypting an encrypted computation result generated using said HE scheme, by: (i) recalling, from said untrusted storage location, said encrypted version of said key-seed, (ii) providing said encrypted version of said key-seed to said KMS, to obtain a decrypted version of said key-seed s associated with said user, (iii) generating, from said received decrypted version of said key-seed, a secret HE key associated with said HE scheme, and (iv) using said secret HE key to decrypt said encrypted computation result.

Abstract: The present invention reduces the risk of user biometric information being leaked to a third party. A biometric authentication device (820) receives an echo signal (response signal) from a client device. The echo signal is formed as a result of an inspection signal being applied to an authentication subject by a client device, and the inspection signal being transmitted into the body or to the surface of the body of the authentication subject and changing into the echo signal. The biometric authentication device (820) comprises: an inspection signal generation unit (821) that generates the same inspection signal as the client device; a transmission characteristic calculation unit (823) that calculates, from the inspection signal and the echo signal, a transmission characteristic of the authentication subject; and an authentication unit (824) that authenticates the authentication subject by comparing a preregistered first transmission characteristic and a calculated second transmission characteristic.

Abstract: A method for providing information includes receiving a reference notification message that a target account number is referenced, the reference notification message being sent by a first information system after receiving a request initiated by a first user for first information content by way of referencing the target account number, wherein first information content includes information content generated in the first information system, and the target account number is associated with a second information system; acquiring the first information content; acquiring, from an information library associated with the second information system, second information content related to the first information content; and providing the second information content to the first user.

Abstract: A system includes a memory and a processor configured to detect that a first alarm associated with a first software application has been triggered and perform a plurality of operations to resolve the first alarm. The processor accesses a plurality of rules from the memory and applies the plurality of rules to performing the plurality of operations to implement one or more of data security, data privacy and responsiveness associated with the resolution of the first alarm.

Abstract: Systems, methods, and computer-readable media are described for activating an IoT device using a single tap between a user device and the IoT device. Activation of the IoT device proceeds by adding the IoT device onto a wireless service provider account associated with a user and the user device. Billing may also be automatically set-up using this system by adding a billing charge to the wireless provider account.

Abstract: The subject disclosure provides systems and methods for companion device authentication. A user of a first device may not have access to a service that can be provided by the first device. The service may be a streaming service, a cloud-based service, or the like. Companion device authentication can allow the user, or another user, to authorize access to the service at the first device, using a companion device to the first device. The first device and the companion device may exchange communications to nominate the companion device prior to notifying a user of the companion device of a companion device authentication request for the first device.

Abstract: A processor-implemented method is disclosed. The method includes: receiving, via a terminal device, input of a first password during a card session that begins when a value transfer card is inserted into the terminal device, the value transfer card being associated with a plurality of passwords; verifying that the first password is a valid password associated with the value transfer card; identifying at least one card control setting associated with the first password, the at least one card control setting being a setting that is not associated with another one of the plurality of passwords; and processing a transaction initiated at the terminal device based on the identified at least one card control setting.

Abstract: A card reader of a terminal is cryptographically verified upon initialization, power up, connection, or start of day processing of the terminal. A cryptographic and signed token is provided from and verified by an Encrypted Personal Identification Number (PIN) pad (EPP) of the terminal. Each time the reader initializes, the token is verified by the EPP and a new token is generated and provided to the reader for use during a next initialization cycle of the reader. If the reader lacks a token when the EPP has record that is should have the token, the reader is not authorized to perform card transactions for the terminal. If a token provided by the reader during an initialization cycle is not verified, the reader is not authorized to perform card transactions for the terminal.

Abstract: A method for slice authentication in a mobile telephone network. A WTRU performs, during a registration procedure with an Access and Mobility management Function, AMF, of a network, primary authentication of the WTRU, during which registration procedure the WTRU receives from the AMF a message indicating successful registration and including at least one of an indication of at least one network slice-specific authentication and authorization for slice access, SSSA, procedure to be executed following the registration procedure, a list of slices for which the WTRU is allowed access, and a list of slices for which SSSA is needed for access by the WTRU, and performs, after successful registration, at least one SSSA of the WTRU for accessing a first slice in the network.

Abstract: Disclosed is an electronic device that operates based on a cloud server including a biometric sensor, a database that stores identification information on at least one of the biometric sensor, a user, and the electronic device and biometric information registered by the biometric sensor, and at least one processor, wherein the processor receives an authentication request of an authentication server through the cloud server, acquires biometric information of a user through the biometric sensor in response to the authentication request being received, determines whether the acquired biometric information corresponds to biometric information stored in the database, generates a response value including information on a result of the determining, and transmits the response value and the identification information to the cloud server, and the response value is transmitted to the authentication server when the transmitted identification information matches at least one of identification information stored in the clo

Abstract: Embodiments of the present disclosure are directed to systems and methods for remote deauthentication of electronic devices. A virtual authentication session manager or an electronic device maintains authentication across multiple electronic devices. The virtual authentication session manager receives authentication requests from electronic devices and generates a unique ID and a readable name for each device. A user can remotely deauthenticate any of the electronic devices that have previously been authenticated.

Abstract: Described herein are techniques for preventing a user from continuing to access an online service once access rights have been revoked. In some embodiments, the techniques comprise receiving a request to determine a current status of access rights in association with a user and an online service, determining, based on one or more conditions associated with the online service, the current status of access rights, upon determining that the current status of access rights indicates that the user is not authorized to access the online service, identifying at least one user device associated with the user, generating programmatic instructions to cause a session token associated with the online service to be removed from a memory of the at least one user device, and providing the programmatic instructions to the at least one user device.

Abstract: Systems and methods for identifying a user to a merchant include creating a token for the user, the token identifying the user and user information of the user, where creating the token includes generating a string based on a user biometric and hashing the string to generate a hashed string, sending a notification indicating that a merchant requests the user information of the user, sending the token to a user device associated with the user where the token is configured to be activated via the user device before the token is selectively transmitted by the user device, receiving the token from a merchant computing system associated with a merchant, identifying the user and the user information based on the received token, receiving an indication from the user device, and withholding the user information from the merchant computing system based on the indication.

Abstract: A server receives encrypted data from a protected-resource-requesting device that includes an encrypted combination of the device and user identification. The first server requests a most recent copy of data of a distributed ledger from a randomly selected logged-in workstation. The first server searches for a match of the encrypted data from the first device in the distributed ledger data received from the randomly selected workstation. In response to determining a match, the first server updates a table of a second server with a one-time-password (OTP) and a copy of the encrypted data received from the device. The first server sends the OTP and an instruction to the device to send the OTP and the encrypted data to the second server, which determines whether a match exists. In response to a confirmed match, the first server grants access to the device.

Abstract: A centralized document system integrates online document execution and conferencing to control access to precipitant information. Precipitant information includes access codes, personal identification numbers, sensitive information, or any other secured information for which execution of an online document is a prerequisite for access to the secured information. The centralized document system detects precipitant information that is presented during a conference and controls access to the detected precipitant information (e.g., by generating permission rules that specify a type of online document to be executed to gain access). The centralized document system may determine whether a user has executed one or more online documents and thus, has authorization to access the detected precipitant information. If the user has not executed the online documents, the centralized document system can control access to the precipitant information by modifying the conference (e.g., using censors or breakout rooms).

Abstract: A system, method, and computer-readable medium for performing a security operation.

Abstract: A computer system includes a database, a communication interface, and a processor(s). The processor(s) is programmed to receive a consent message from a cardholder computing device. The consent message includes cardholder consent information indicating consent to one or more data services. The processor(s) is also programmed to receive transaction card details from the cardholder computing device. The transaction card details correspond to a transaction card of a cardholder and are associated with a financial account of the cardholder. Based on the transaction card details, the processor(s) generates a digital access token. The digital access token is associated with the financial account and the cardholder consent information. The processor(s) stores the digital access token in the database, transmits a cardholder authentication request message to an issuer, and receives an authentication ID from the cardholder computing device.

Abstract: A method of generating a virtual reality payment authentication entry interface includes receiving, over a computer network, a request for payment authorization; identifying a virtual reality interface; generating a plurality of payment authentication characters in the virtual reality interface; receiving user input associated with at least one character of the plurality of payment authentication characters in the virtual reality interface; and generating a payment authorization response to the request for payment authorization based on the received user input.

Abstract: A system or method of secure data entry can include one or more processors and memory having computer instructions which when executed by the one or more processors causes the one or more processors to perform the operations at a client edge device of executing a user interface data entry application on the client edge device, receiving data by the user interface data entry application, wherein the data entered is a graphic input pattern corresponding to characters, communicating the data entered to a server, and receiving access to the server if a data processing application at the server interprets the data entered as a credential based on rules negotiated between the data entry application and the data processing application and a template for the graphic input pattern.

Abstract: In an example, techniques of this disclosure include establishing, by a computing device, authentication data for authenticating a user of a service provided by a service provider, where the authentication data comprises one or more first data entries and one or more second data entries that correspond to the one or more first data entries. The techniques also include retrieving, from at least one third-party service provider, one or more second data entries maintained by the at least one third-party service provider that correspond to the one or more first data entries, and authenticating the user based on the authentication data, where authenticating the user comprises comparing the one or more first data entries to the one or more second data entries retrieved from the at least one third-party service provider.

Abstract: System and methods utilize Information Handling Systems (IHSs) in updating shared-use peripheral devices, such as peripherals available at a public or shared-use workstation. The coupling of a first shared-use peripheral device to the IHS is detected. The coupling of the first shared-use peripheral device is reported to a remote orchestrator that may support the operation of workspaces on the IHS. Files are received from the remote orchestrator for updating the first shared-use peripheral device. The IHS updates the first shared-use peripheral device using the received files. A coupling is detected of a coupling of a second shared-use peripheral device to the IHS, such as resulting form movement to a different shared-use workstation. If compatible, the second shared-use peripheral device is also updated using the received files. An IHS that is regularly coupled to different peripherals at different shared-use workstations may be selected to effectively distribute updates to these peripherals.

Abstract: There is provided mechanisms for cyberattack identification in a network environment. A method is performed by a security analytics module. The method comprises obtaining logged events. The events having occurred and are logged in the network environment. Each logged event is associated with a cyber security deviation score and cyber security deviation statistics. The method comprises matching each logged event to a cyber-attack lifecycle phase by comparing characteristics of each logged event, as given by the cyber security deviation statistics, to known cyberattack lifecycle phases. The method comprises linking together the logged events by forming at least one chain of the logged events. Each chain corresponds to one type of cyberattack as given by combinations of the known cyberattack lifecycle phases. The cyber security deviation scores and cyber security deviation statistics are updated based on how the logged events are linked together.

Abstract: The present disclosure discloses an interactive method, an electronic device and a storage medium. In an embodiment, the method is applied to an electronic device including an interactive apparatus, and the method includes: receiving login request information and performing identity authentication; displaying information and/or at least one control corresponding to an authentication result; and displaying information corresponding to a control or executing a function corresponding to the control in response to an operation on the control.

Abstract: Provided are a method for providing an electronic document using a chatbot and a method and apparatus for writing an electronic document using a chatbot. The electronic document providing method using a chatbot includes receiving a chatting input associated with an electronic document from a user terminal, generating an electronic document based on the chatting input, and providing the generated electronic document to the user terminal.

Abstract: A method is provided for authenticating a user. A request to access a resource is received from a user agent. A cookie associated with the request is identified. The cookie includes a first subset of data that was previously used to authenticate the user. The cookie is validated based on the first subset of the data. Responsive to validating the cookie, a second subset of the data is retrieved from server-side storage. A risk decision is generated based on the first subset and the second subset. When the risk decision meets a threshold, the user is authenticated without presenting an authentication challenge, and access to the resources permitted.

Abstract: Methods and systems for multi-point token-based access control to online resources using a single wallet verification. A system, such as an e-commerce platform, receives a wallet address and digital signature from a user device during a user session, and obtains ownership data from a blockchain network with regard to the wallet address. Based on token ownership, the system determines whether the wallet address satisfies a token-based access condition. The system then detects a second access control event at a subsequent phase of the user session and, in response, obtains current ownership data from the blockchain network to determine whether a second token-based condition is satisfied before permitting a requested transaction in the subsequent phase.

Abstract: Disclosed herein are system, method and/or computer program product embodiments, and/or combinations thereof, for training a conversational recommendation system. An embodiment generates a probabilistic pseudo-user neural network model based on at least one interest probability distribution corresponding to a pseudo-user profile. The embodiment trains, using the pseudo-user neural network model, the conversational recommendation system to learn a recommendation policy, where the conversational recommendation system includes an interest-exploration engine and a prompt-decision engine. The training includes performing an iterative learning process that includes selecting an interest-exploration strategy based on one or more of the following: an interest-exploration policy, an earlier pseudo-user response generated by the pseudo-user neural network model, content data, and pseudo-user interaction history.

Abstract: A system and method that assigns a portable personal rating based on data verification. The decentralized system and methods operate with algorithms, software, devices, and databases allowing a decentralized distribution of token rewards based on the trust rating of the user. The system uses blockchain technology and is directed to a decentralized trust rating assignment wherein the verified information is saved in a blockchain ecosystem.

Abstract: A method includes initiating, by a device manager associated with a cluster manager proxy, a connection with a cluster of computing devices, wherein initiating the connection includes providing first credentials to the cluster of computing devices to access the cluster manager proxy. The method further includes receiving, at the cluster manager proxy, a first request to register the cluster of computing devices with a cluster manager, the first request including the first credentials to access the cluster manager proxy and sending, from the cluster manager proxy to the cluster manager, a second request to register the cluster of computing devices with the cluster manager, the second request including second credentials to access the cluster manager.

Abstract: Various implementations disclosed herein include devices, systems, and methods that authenticate user identities based on input/sensor data received from remote workstations and/or during remote communication sessions. The input/sensor data may correspond to timing and patterns from which user identities may be authenticated. Some implementations disclosed herein communicate input/sensor data in a way that preserves the timing and pattern information of the data and/or in a way that allows such information to be used for authentication in real-time. Some implementations enable continuous provision of input/sensor data and/or enable continuous authentication of user identities during remote communication sessions.

Abstract: Provided is a first acoustic information acquisition unit configured to acquire a first acoustic information obtained by receiving a sound wave emitted from a first sound source by a wearable device worn by a user, a second acoustic information acquisition unit configured to acquire a second acoustic information obtained by receiving a sound wave emitted from a second sound source that is different from the first sound source by the wearable device, and a third acoustic information acquisition unit configured to acquire a third acoustic information used for biometric matching of the user based on the first acoustic information and the second acoustic information.

Abstract: A method, apparatus, and computer-readable medium are described that enable agent instances to be instantiated in secure, containerized environments. When a new container is detected, a list of agent instances expected to be running in a compute instance or in a container may be obtained and compared with status information regarding which agent instances are active. For a non-active agent instance, an agent object and configuration information for the agent instance may be obtained from a storage. Based on the available name, the agent object, and the configuration information, the agent instance may be instantiated and connected to an agent status server. An application related to the new agent instance may be deployed in the secure containerized environment.

Abstract: Provided are an information processing apparatus, an information processing method, and a storage medium that can efficiently perform an immigration examination. The information processing apparatus includes: an examination unit that, based on user information acquired from a user who completed a departure examination of a first country but has not started boarding for a second country and related to the user, performs an immigration examination of the second country; and a transmission unit that transmits a notification related to the immigration examination.

Abstract: Techniques are described for using a decentralized group of authentication server nodes to prevent singular dependence upon any given online platform for authenticating avatars. For each epoch duration of time, a consensus protocol operating on a blockchain is used to elect an authentication server node. The elected node can then act as an authentication server on behalf of the online platform for that fixed epoch duration of time. Within this epoch of time, a client device (e.g., used by a user to access an online platform) performs a periodic heartbeat authentication with the elected authentication server node using an efficient authentication protocol that relies on a keyed-hashing mechanism. A client device can use the described system and authentication methods concurrently with multiple different online platforms (e.g., separate metaverses or other virtual worlds).

Abstract: The present disclosure provides a communication network node for providing data to a distributed ledger, wherein the node has circuitry configured to perform at least one of provide verification of input data which is used as input to a smart contract, provide verification whether output data, which is based on an output from a smart contract, is correctly received at a predetermined dev.

Abstract: An information processing apparatus includes: a storage storing restriction information indicating a restriction that a first communication address of a user registered in an external authentication apparatus is to satisfy in order to be permitted to use the information processing apparatus based on an authentication linkage with the external authentication apparatus; and a processor configured to acquire first information indicating authentication success, the first information being issued by the external authentication apparatus and including a second communication address generated by the external authentication apparatus in association with the first communication address, transmit, to the second communication address included in the first information, second information requesting execution of communication with a predetermined verification device, acquire, from the predetermined verification device, a verification result as to whether the first communication address satisfies the restriction, the first

Abstract: Systems, methods, and non-transitory computer readable medium disclosed herein relate to identity verification and authorization method. In one embodiment, the system can generate and send a message to a device associated with a user based on an initiated request from the user and a determination the user should be authenticated, wherein the message requests a content-based response from the user to authenticate the user. In another embodiment, the system can receive the content-based response from the user in reply to the message, wherein the content-based response comprises SMS (short message service) metadata, emoji, photo, video, audio, or a combination thereof. In another embodiment, the system can authenticate the user based on a determination of a confirmed match between the content-based response from the user and a response key preselected by the user.

Abstract: Systems and methods for centralized client application management are provided. In an example embodiment, a client state is received from a mobile device at a management device. The client state comprises information about a particular application. A first instruction for the mobile device is generated by one or more hardware processors. The first instruction comprises an instruction to the mobile device to prevent user interaction with a user interface of a particular application. The first instruction is communicated to the mobile device, and the mobile device performs the first instruction to prevent user interaction with the user interface of the particular application.

Abstract: Apparatuses, methods, and systems for data source reporting are disclosed. A method includes receiving, by a network provider, data types a customer user is to have reported from one or more data sources of the customer user, wherein the reporting is from data sources, and wherein the wireless reporting is through a wireless uplink between the data sources to a base station, providing, by the network provider, options of data packages to the customer, wherein the options of data packages are selected from the set of data packages based on the data types provided by the customer user, and receiving, by the network provider, from the customer user, a selection of a data package from the provided options of data packages, wherein the selected data package includes one or more data types, and when data within the selected data package are to be reported.

Abstract: Techniques are disclosed relating to verifying that an alias value is unique across multiple different network regions. In various embodiments a server system located in a first network region may maintain an alias map that specifies encoded versions of alias values that are in use across multiple different network regions. For example, for a given alias value, the alias map may specify a corresponding encoded version of the alias value and an identifier for a given one of the network regions with which the given alias value is associated. In various embodiments, the server system may receive a user-provided alias value from a user during an account registration process and, using the alias map, determine whether the user-provided alias value is already in use in any of the network regions.

Abstract: Systems and methods for authenticating a user in an authentication system using a computing device configured to capture authentication biometric identity information. The authentication biometric identify information captured during an authentication session. The authentication biometric identify information may comprise or be derived from one or more images of the user being authenticated. The authentication biometric identify information is compared to root identify biometric information. The root identify biometric information is captured from a trusted source, such as trusted devices located at trusted locations, such as a government entity, financial institution, or business. Identity verification may occur by comparing the trusted root identify biometric information to the biometric identify information captured during an authentication session. Liveness determination may also occur to verify the user is a live person.

Abstract: Apparatuses, systems, methods, and computer program products are disclosed for data supplementation and verification. A method includes determining that an identifier within aggregated data is not a previously classified known identifier. A method includes transmitting an identifier to a search interface of a server of a third party service provider. A method includes receiving results associated with an identifier from a third party service provider. A method includes parsing results to determine whether a plurality of results have a common pattern associated with a classification. A method includes, in response to determining that a plurality of results have a common pattern associated with a classification, associating the classification with an identifier based on the common pattern.

Abstract: Disclosed herein are systems and methods for using machine learning for geographic analysis of access attempts. In an embodiment, a trained machine-learning model classifies source IP addresses of login attempts to a system as either blacklisted or allowed based on a set of aggregated features that correspond to login attempts to the system from the source IP addresses. The set of aggregated features includes, in association with each respective source IP address, a geographical login-attempt failure rate of login attempts to the system from each of one or more geographical areas that each correspond to the respective source IP address. Source IP addresses that are classified by the machine-learning model as blacklisted are added to a system blacklist, such that the system will disallow login attempts from such source IP addresses.

Abstract: A system for wearable authentication and management is disclosed. In particular, the system may include identifying and authenticating a user through biometric data or movement signatures specific to the wearer of a wearable device. Once the user and wearable device are authenticated, the system may activate and provision connectivity services for the wearable device, associate the device with a device ecosystem of the user, and push predefined settings to the wearable device. Additionally, the system may deliver communications that are transmitted to other devices in the device ecosystem to the wearable device while the wearable device is worn by the user. If the user no longer wears the wearable device or the wearable device is not utilized for a period of time, the system may deactivate the connectivity services for the wearable device and remove any settings pushed to the wearable device.

Abstract: A heightened level of security is provided in a computing platform by monitoring usage of applications and/or services residing on or accessible to a computing platform to determine abnormal usage patterns. In response to determining an abnormal pattern of usage, the user is required to provide biometric data, such as voice data, facial feature data, fingerprint data or the like, as a means of authenticating the user. The abnormal pattern of usage may be determined dynamically by comparing current usage patterns to known user baseline usage patterns. Alternatively, the abnormal pattern of usage is predefined, such as the resetting of passwords in a predefined number of applications and/or services over a predefined period of time.

Abstract: There is provided a method to detect phishing websites so as to protect users from sending their sensitive information to criminal servers. When browsing a web site having an input form asking sensitive information, the input fields are recorded (i.e. username field and password field). Then false credentials are generated and submitted in background. The new control layer then checks the response page content whether it includes an input form and if there is an input, it checks whether the form has the same fields as the first form. If the responded page does not have a form, or it has a form but includes different fields than the initial page's form, then the original site is identified as phishing.

Abstract: Disclosed herein are methods and apparatus for automatically switching virtual private networks.