Abstract: A system, method, and computer-readable medium for performing a security operation.

Abstract: System and methods utilize Information Handling Systems (IHSs) in updating shared-use peripheral devices, such as peripherals available at a public or shared-use workstation. The coupling of a first shared-use peripheral device to the IHS is detected. The coupling of the first shared-use peripheral device is reported to a remote orchestrator that may support the operation of workspaces on the IHS. Files are received from the remote orchestrator for updating the first shared-use peripheral device. The IHS updates the first shared-use peripheral device using the received files. A coupling is detected of a coupling of a second shared-use peripheral device to the IHS, such as resulting form movement to a different shared-use workstation. If compatible, the second shared-use peripheral device is also updated using the received files. An IHS that is regularly coupled to different peripherals at different shared-use workstations may be selected to effectively distribute updates to these peripherals.

Abstract: There is provided mechanisms for cyberattack identification in a network environment. A method is performed by a security analytics module. The method comprises obtaining logged events. The events having occurred and are logged in the network environment. Each logged event is associated with a cyber security deviation score and cyber security deviation statistics. The method comprises matching each logged event to a cyber-attack lifecycle phase by comparing characteristics of each logged event, as given by the cyber security deviation statistics, to known cyberattack lifecycle phases. The method comprises linking together the logged events by forming at least one chain of the logged events. Each chain corresponds to one type of cyberattack as given by combinations of the known cyberattack lifecycle phases. The cyber security deviation scores and cyber security deviation statistics are updated based on how the logged events are linked together.

Abstract: A system or method of secure data entry can include one or more processors and memory having computer instructions which when executed by the one or more processors causes the one or more processors to perform the operations at a client edge device of executing a user interface data entry application on the client edge device, receiving data by the user interface data entry application, wherein the data entered is a graphic input pattern corresponding to characters, communicating the data entered to a server, and receiving access to the server if a data processing application at the server interprets the data entered as a credential based on rules negotiated between the data entry application and the data processing application and a template for the graphic input pattern.

Abstract: In an example, techniques of this disclosure include establishing, by a computing device, authentication data for authenticating a user of a service provided by a service provider, where the authentication data comprises one or more first data entries and one or more second data entries that correspond to the one or more first data entries. The techniques also include retrieving, from at least one third-party service provider, one or more second data entries maintained by the at least one third-party service provider that correspond to the one or more first data entries, and authenticating the user based on the authentication data, where authenticating the user comprises comparing the one or more first data entries to the one or more second data entries retrieved from the at least one third-party service provider.

Abstract: A computer system includes a database, a communication interface, and a processor(s). The processor(s) is programmed to receive a consent message from a cardholder computing device. The consent message includes cardholder consent information indicating consent to one or more data services. The processor(s) is also programmed to receive transaction card details from the cardholder computing device. The transaction card details correspond to a transaction card of a cardholder and are associated with a financial account of the cardholder. Based on the transaction card details, the processor(s) generates a digital access token. The digital access token is associated with the financial account and the cardholder consent information. The processor(s) stores the digital access token in the database, transmits a cardholder authentication request message to an issuer, and receives an authentication ID from the cardholder computing device.

Abstract: A method of generating a virtual reality payment authentication entry interface includes receiving, over a computer network, a request for payment authorization; identifying a virtual reality interface; generating a plurality of payment authentication characters in the virtual reality interface; receiving user input associated with at least one character of the plurality of payment authentication characters in the virtual reality interface; and generating a payment authorization response to the request for payment authorization based on the received user input.

Abstract: Provided are a method for providing an electronic document using a chatbot and a method and apparatus for writing an electronic document using a chatbot. The electronic document providing method using a chatbot includes receiving a chatting input associated with an electronic document from a user terminal, generating an electronic document based on the chatting input, and providing the generated electronic document to the user terminal.

Abstract: A method is provided for authenticating a user. A request to access a resource is received from a user agent. A cookie associated with the request is identified. The cookie includes a first subset of data that was previously used to authenticate the user. The cookie is validated based on the first subset of the data. Responsive to validating the cookie, a second subset of the data is retrieved from server-side storage. A risk decision is generated based on the first subset and the second subset. When the risk decision meets a threshold, the user is authenticated without presenting an authentication challenge, and access to the resources permitted.

Abstract: The present disclosure discloses an interactive method, an electronic device and a storage medium. In an embodiment, the method is applied to an electronic device including an interactive apparatus, and the method includes: receiving login request information and performing identity authentication; displaying information and/or at least one control corresponding to an authentication result; and displaying information corresponding to a control or executing a function corresponding to the control in response to an operation on the control.

Abstract: Methods and systems for multi-point token-based access control to online resources using a single wallet verification. A system, such as an e-commerce platform, receives a wallet address and digital signature from a user device during a user session, and obtains ownership data from a blockchain network with regard to the wallet address. Based on token ownership, the system determines whether the wallet address satisfies a token-based access condition. The system then detects a second access control event at a subsequent phase of the user session and, in response, obtains current ownership data from the blockchain network to determine whether a second token-based condition is satisfied before permitting a requested transaction in the subsequent phase.

Abstract: Disclosed herein are system, method and/or computer program product embodiments, and/or combinations thereof, for training a conversational recommendation system. An embodiment generates a probabilistic pseudo-user neural network model based on at least one interest probability distribution corresponding to a pseudo-user profile. The embodiment trains, using the pseudo-user neural network model, the conversational recommendation system to learn a recommendation policy, where the conversational recommendation system includes an interest-exploration engine and a prompt-decision engine. The training includes performing an iterative learning process that includes selecting an interest-exploration strategy based on one or more of the following: an interest-exploration policy, an earlier pseudo-user response generated by the pseudo-user neural network model, content data, and pseudo-user interaction history.

Abstract: A system and method that assigns a portable personal rating based on data verification. The decentralized system and methods operate with algorithms, software, devices, and databases allowing a decentralized distribution of token rewards based on the trust rating of the user. The system uses blockchain technology and is directed to a decentralized trust rating assignment wherein the verified information is saved in a blockchain ecosystem.

Abstract: A method includes initiating, by a device manager associated with a cluster manager proxy, a connection with a cluster of computing devices, wherein initiating the connection includes providing first credentials to the cluster of computing devices to access the cluster manager proxy. The method further includes receiving, at the cluster manager proxy, a first request to register the cluster of computing devices with a cluster manager, the first request including the first credentials to access the cluster manager proxy and sending, from the cluster manager proxy to the cluster manager, a second request to register the cluster of computing devices with the cluster manager, the second request including second credentials to access the cluster manager.

Abstract: Various implementations disclosed herein include devices, systems, and methods that authenticate user identities based on input/sensor data received from remote workstations and/or during remote communication sessions. The input/sensor data may correspond to timing and patterns from which user identities may be authenticated. Some implementations disclosed herein communicate input/sensor data in a way that preserves the timing and pattern information of the data and/or in a way that allows such information to be used for authentication in real-time. Some implementations enable continuous provision of input/sensor data and/or enable continuous authentication of user identities during remote communication sessions.

Abstract: Provided is a first acoustic information acquisition unit configured to acquire a first acoustic information obtained by receiving a sound wave emitted from a first sound source by a wearable device worn by a user, a second acoustic information acquisition unit configured to acquire a second acoustic information obtained by receiving a sound wave emitted from a second sound source that is different from the first sound source by the wearable device, and a third acoustic information acquisition unit configured to acquire a third acoustic information used for biometric matching of the user based on the first acoustic information and the second acoustic information.

Abstract: A method, apparatus, and computer-readable medium are described that enable agent instances to be instantiated in secure, containerized environments. When a new container is detected, a list of agent instances expected to be running in a compute instance or in a container may be obtained and compared with status information regarding which agent instances are active. For a non-active agent instance, an agent object and configuration information for the agent instance may be obtained from a storage. Based on the available name, the agent object, and the configuration information, the agent instance may be instantiated and connected to an agent status server. An application related to the new agent instance may be deployed in the secure containerized environment.

Abstract: Provided are an information processing apparatus, an information processing method, and a storage medium that can efficiently perform an immigration examination. The information processing apparatus includes: an examination unit that, based on user information acquired from a user who completed a departure examination of a first country but has not started boarding for a second country and related to the user, performs an immigration examination of the second country; and a transmission unit that transmits a notification related to the immigration examination.

Abstract: Techniques are described for using a decentralized group of authentication server nodes to prevent singular dependence upon any given online platform for authenticating avatars. For each epoch duration of time, a consensus protocol operating on a blockchain is used to elect an authentication server node. The elected node can then act as an authentication server on behalf of the online platform for that fixed epoch duration of time. Within this epoch of time, a client device (e.g., used by a user to access an online platform) performs a periodic heartbeat authentication with the elected authentication server node using an efficient authentication protocol that relies on a keyed-hashing mechanism. A client device can use the described system and authentication methods concurrently with multiple different online platforms (e.g., separate metaverses or other virtual worlds).

Abstract: The present disclosure provides a communication network node for providing data to a distributed ledger, wherein the node has circuitry configured to perform at least one of provide verification of input data which is used as input to a smart contract, provide verification whether output data, which is based on an output from a smart contract, is correctly received at a predetermined dev.

Abstract: An information processing apparatus includes: a storage storing restriction information indicating a restriction that a first communication address of a user registered in an external authentication apparatus is to satisfy in order to be permitted to use the information processing apparatus based on an authentication linkage with the external authentication apparatus; and a processor configured to acquire first information indicating authentication success, the first information being issued by the external authentication apparatus and including a second communication address generated by the external authentication apparatus in association with the first communication address, transmit, to the second communication address included in the first information, second information requesting execution of communication with a predetermined verification device, acquire, from the predetermined verification device, a verification result as to whether the first communication address satisfies the restriction, the first

Abstract: Systems and methods for centralized client application management are provided. In an example embodiment, a client state is received from a mobile device at a management device. The client state comprises information about a particular application. A first instruction for the mobile device is generated by one or more hardware processors. The first instruction comprises an instruction to the mobile device to prevent user interaction with a user interface of a particular application. The first instruction is communicated to the mobile device, and the mobile device performs the first instruction to prevent user interaction with the user interface of the particular application.

Abstract: Systems, methods, and non-transitory computer readable medium disclosed herein relate to identity verification and authorization method. In one embodiment, the system can generate and send a message to a device associated with a user based on an initiated request from the user and a determination the user should be authenticated, wherein the message requests a content-based response from the user to authenticate the user. In another embodiment, the system can receive the content-based response from the user in reply to the message, wherein the content-based response comprises SMS (short message service) metadata, emoji, photo, video, audio, or a combination thereof. In another embodiment, the system can authenticate the user based on a determination of a confirmed match between the content-based response from the user and a response key preselected by the user.

Abstract: Techniques are disclosed relating to verifying that an alias value is unique across multiple different network regions. In various embodiments a server system located in a first network region may maintain an alias map that specifies encoded versions of alias values that are in use across multiple different network regions. For example, for a given alias value, the alias map may specify a corresponding encoded version of the alias value and an identifier for a given one of the network regions with which the given alias value is associated. In various embodiments, the server system may receive a user-provided alias value from a user during an account registration process and, using the alias map, determine whether the user-provided alias value is already in use in any of the network regions.

Abstract: Apparatuses, methods, and systems for data source reporting are disclosed. A method includes receiving, by a network provider, data types a customer user is to have reported from one or more data sources of the customer user, wherein the reporting is from data sources, and wherein the wireless reporting is through a wireless uplink between the data sources to a base station, providing, by the network provider, options of data packages to the customer, wherein the options of data packages are selected from the set of data packages based on the data types provided by the customer user, and receiving, by the network provider, from the customer user, a selection of a data package from the provided options of data packages, wherein the selected data package includes one or more data types, and when data within the selected data package are to be reported.

Abstract: Systems and methods for authenticating a user in an authentication system using a computing device configured to capture authentication biometric identity information. The authentication biometric identify information captured during an authentication session. The authentication biometric identify information may comprise or be derived from one or more images of the user being authenticated. The authentication biometric identify information is compared to root identify biometric information. The root identify biometric information is captured from a trusted source, such as trusted devices located at trusted locations, such as a government entity, financial institution, or business. Identity verification may occur by comparing the trusted root identify biometric information to the biometric identify information captured during an authentication session. Liveness determination may also occur to verify the user is a live person.

Abstract: Apparatuses, systems, methods, and computer program products are disclosed for data supplementation and verification. A method includes determining that an identifier within aggregated data is not a previously classified known identifier. A method includes transmitting an identifier to a search interface of a server of a third party service provider. A method includes receiving results associated with an identifier from a third party service provider. A method includes parsing results to determine whether a plurality of results have a common pattern associated with a classification. A method includes, in response to determining that a plurality of results have a common pattern associated with a classification, associating the classification with an identifier based on the common pattern.

Abstract: Disclosed herein are systems and methods for using machine learning for geographic analysis of access attempts. In an embodiment, a trained machine-learning model classifies source IP addresses of login attempts to a system as either blacklisted or allowed based on a set of aggregated features that correspond to login attempts to the system from the source IP addresses. The set of aggregated features includes, in association with each respective source IP address, a geographical login-attempt failure rate of login attempts to the system from each of one or more geographical areas that each correspond to the respective source IP address. Source IP addresses that are classified by the machine-learning model as blacklisted are added to a system blacklist, such that the system will disallow login attempts from such source IP addresses.

Abstract: A system for wearable authentication and management is disclosed. In particular, the system may include identifying and authenticating a user through biometric data or movement signatures specific to the wearer of a wearable device. Once the user and wearable device are authenticated, the system may activate and provision connectivity services for the wearable device, associate the device with a device ecosystem of the user, and push predefined settings to the wearable device. Additionally, the system may deliver communications that are transmitted to other devices in the device ecosystem to the wearable device while the wearable device is worn by the user. If the user no longer wears the wearable device or the wearable device is not utilized for a period of time, the system may deactivate the connectivity services for the wearable device and remove any settings pushed to the wearable device.

Abstract: There is provided a method to detect phishing websites so as to protect users from sending their sensitive information to criminal servers. When browsing a web site having an input form asking sensitive information, the input fields are recorded (i.e. username field and password field). Then false credentials are generated and submitted in background. The new control layer then checks the response page content whether it includes an input form and if there is an input, it checks whether the form has the same fields as the first form. If the responded page does not have a form, or it has a form but includes different fields than the initial page's form, then the original site is identified as phishing.

Abstract: A heightened level of security is provided in a computing platform by monitoring usage of applications and/or services residing on or accessible to a computing platform to determine abnormal usage patterns. In response to determining an abnormal pattern of usage, the user is required to provide biometric data, such as voice data, facial feature data, fingerprint data or the like, as a means of authenticating the user. The abnormal pattern of usage may be determined dynamically by comparing current usage patterns to known user baseline usage patterns. Alternatively, the abnormal pattern of usage is predefined, such as the resetting of passwords in a predefined number of applications and/or services over a predefined period of time.

Abstract: Disclosed herein are methods and apparatus for automatically switching virtual private networks.

Abstract: Hardware and/or software systems, devices, networks, and methods for managing for access authentication, and verification to devices, networks, and systems based on a wireless signal identity developed for wireless-enabled devices based on wireless signal information associated with wireless signals previously detected by the wireless-enabled devices. The system may be used to authenticate access requests, transactions, etc. based on comparison between wireless signal information associated with wireless signals presently detected by the WED and its wireless signal identity via a management platform and/or the WED itself.

Abstract: Systems and methods are described for determining whether to activate a voice activated device based on a speaking cadence of the user. When the user speaks with a first cadence the system may determine that the user does not intend to activate the device and may accordingly not to trigger a voice activated device. When the user speaks with a second cadence the system may determine that the user does wish to trigger the device and may accordingly trigger the voice activated device.

Abstract: Apparatus and methods are provided for providing and simulating authentication within a metaverse. A user may request to be authenticated by a computer program. The program may authenticate the user. The program may create a time-limited avatar overlay for the user to utilize within the metaverse. The time-limited avatar overlay may be transmitted to the user. The user may use the avatar overlay within the metaverse to authenticate the user. The user may authenticate through any appropriate method, including by providing a copy of a real identification card to the program. In an embodiment, the avatar overlay may be a digital representation of the identification card or a digital token.

Abstract: A system can include a processor in communication with a data store. The processor can obtain personal identifiable information (PII) data and segregate the PII data into two or more secondary representations. The processor can generate a plurality of co-occurrence matrices based on the two or more secondary representations. The processor can perform a convolution between each of the plurality of co-occurrence matrices and one of a plurality of Gaussian kernels, wherein each of the plurality of Gaussian kernels comprises a different width. The processor can generate a tertiary representation of the PII data by performing a linear combination of the plurality of co-occurrence matrices. The processor can generate a vector based on the tertiary representation and perform a lossy tokenization process on the vector to generate a token. The processor can store the token at the data store.

Abstract: The present invention is generally related to systems and methods for providing an improved authentication and verification system through the use of compiled user data and user location or traffic data from multiple channels of input. Multiple devices may be utilized by the system in order to receive and process data to authenticate user identities and verify the validity of account activity.

Abstract: Disclosed are example methods, systems, and devices that allow for generation and maintenance of a central identity databank for a user's digital life. The identity databank may include identity elements with payload values and metadata values corresponding immutable attributes of the user. A multifactor identity authentication protocol allows service provider devices to more reliably validate transactions with user devices via an identity system. The identity databank may include passwords, which may be generated by the identity system linked to user accounts and/or service providers. The passwords may be provided to service provider devices, eliminating the need for users to conceive of a multitude of varying passwords for the user's accounts.

Abstract: Disclosed are example methods, systems, and devices that allow for generation and maintenance of a central identity databank for a user's digital life. The identity databank may include identity elements with payload values and metadata values corresponding immutable attributes of the user. A multifactor identity authentication protocol allows service provider devices to more reliably validate transactions with user devices via an identity system. The identity databank may include passwords, which may be generated by the identity system linked to user accounts and/or service providers. The passwords may be provided to service provider devices, eliminating the need for users to conceive of a multitude of varying passwords for the user's accounts.

Abstract: Training an adversarial perturbation detector comprises accessing a training set comprising an enrolled biometric sample xi and a public biometric sample x of an enrolled user, and submitted biometric samples x? of a second user, the submitted biometric samples x? comprising perturbed adversarial samples x?+?x?. A transformation function k(?) is provided having learnable a parameter ? and a classifier having a learnable parameter ?. The training set is used to learn the parameters ? and ? by inputting the training set to the transformation function k(?). The transformation function k(?) generates transformed enrolled samples k(xi), a transformed public biometric sample k(x), and a transformed adversarial sample k(x?+?x?). The classifier classifies the transformed adversarial sample k(x?+?x?) as a success or as a fail based on the transformed enrolled samples k(xi). Based on a result of the classification, the learnable parameters ? and ? are updated.

Abstract: An information processing system acquires biological information of a target and generates output information determined in correspondence with identification information using the identification information associated with the biological information. Then, the output information is output.

Abstract: A system and method for agentless detection of sensitive data in a cloud computing environment. The method includes detecting a first data object including a data schema and a content in a cloud computing environment; detecting a second data object, having the data schema of the first data object; generating in a security graph: a first data object node representing the first data object, a second data object node representing the second data object, and a data schema node representing the data schema; storing a classification based on the content in the security graph, wherein the content is classified as sensitive data or non-sensitive data; and rendering an output based on the classification and the data schema node, in lieu of the first data object node and the second data object node, in response to receiving a query to detect a node representing a data object classified as sensitive data.

Abstract: Methods and systems for creating a multi-applicant account profile are described. During a first remote session, a first applicant provides at least two pieces of contact data for second applicant. A unique link and a one-time password are transmitted to the second applicant using respective first and second pieces of contact data. A second remote session is initiated, in response to receipt of the one-time password, provided via the unique link. During the second remote session, identification information of the second applicant is provided. A new multi-applicant account profile is then created, after verifying the identification information of the first applicant and the second applicant.

Abstract: This application discloses a remote attestation mode negotiation method and apparatus. Before remote attestation is performed, automatic negotiation is performed between a to-be-verified network device and a server, so that the to-be-verified network device and the server can determine, through negotiation from remote attestation modes supported by both the to-be-verified network device and the server, a remote attestation mode used to subsequently perform remote attestation between the network device and the server, and there is no need to manually statically configure a remote attestation mode for the network device and the server, thereby greatly reducing labor costs of determining the remote attestation mode. In addition, when there are a large quantity of devices, the automatic remote attestation mode negotiation method also helps configure a remote attestation mode more flexibly.

Abstract: A system and method for the prevention, mitigation, and detection of cyberattack attacks on computer networks using logon session tracking and logging. The system uses local session monitors to monitor logon sessions within a network, track session details, and generate an event log for any suspicious sessions or details. Cyber-physical graphs and histograms using persisted time-series data provides critical information, patterns, and alerts about configurations, attack vectors, and vulnerabilities which enable information technology and cybersecurity professionals greater leverage and control over their infrastructure.

Abstract: In one example of the technology, a first third-party service is registered with the IoT support service. A first IoT device of a plurality of IoT devices is caused to be provisioned with the IoT support service. An authentication is received token for the first IoT device. The authentication token is based on an authentication of the first IoT device with the first third-party service. The authentication token is verified. The first IoT device is authenticated with the IoT support service based on the verification.

Abstract: A method of updating a first device (e.g., one or more locking devices) to reflect information located on a second device (e.g., a server) is provided, where the first device and the second device cannot communicate directly with one another. The method may include employing a third untrusted device (e.g., a mobile device) temporarily as an intermediary between the first device and second device. The method may include receiving, at the first device and from a third device, a request for the first device to communicate with the third device. In response to determining that the third device is authorized to communicate with the first device, the first device may receive information from the third device that was provided by the second device. The first device may transmit at least one message to the third device that is to be provided to second device.

Abstract: An inspection system acquires an inspection target person image including an inspection target person, irradiates an electromagnetic wave having a wavelength of equal to or more than 30 micrometers and equal to or less than one meter toward the inspection target person and receives a reflection wave, performs detection processing of detecting an anomalous state based on a signal of the reflection wave, causes a storage unit to store tracking target person information indicating an external appearance of a tracking target person being the inspection target person in which the anomalous state is detected, acquires a worker peripheral image including scenery in the periphery of a worker; detects the tracking target person from the worker peripheral image based on the tracking target person information, and notifies the worker of a position of the tracking target person detected from the worker peripheral image.

Abstract: In some implementations, a physical medium may include a radio frequency (RF) component and an integrated circuit (IC) chip component. The physical medium may be configured to detect, via the RF component, that the physical medium is within a communicative proximity of a first user device or a first medium associated with a first account. The physical medium may communicate, via the RF component, with the first user device or the first medium based on detecting that the physical medium is within the communicative proximity of the first user device or the first medium. The physical medium may configure the IC chip component to indicate that the physical medium is paired with the first account. The physical medium may transmit, via the RF component or the IC chip component and to a terminal, an indication that the physical medium is paired with the first account.

Abstract: Embodiments disclosed herein are related to a method that can include displaying first content on a media display, receiving first data generated from or determined by an Internet of Things (IoT) device, and displaying second content in response to receiving the first data from the IoT device.