Abstract: Examples of multi-user configuration are disclosed. An example method includes, at an electronic device: receiving a request; and in response to the request: if the voice input does not match a voice profile associated with an account associated with the electronic device: causing output of first information based on the request using a first account associated with the electronic device; if a setting of the electronic device has a first state, causing update of account data of the first account based on the request; and if the setting has a second state, forgoing causing update of the account data; and if the voice input matches a voice profile associated with an account associated with the electronic device: causing output of the first information using the account associated with the matching voice profile; and causing update of account data of the account based on the request.

Abstract: Systems and methods for authentication via camera are provided. In example embodiments, an authentication server transmits, to a mobile device, an identity verification image. The authentication server receives, from a computing device, a scanned image, wherein the computing device is different from the mobile device. The authentication server determines whether the scanned image includes data from the identity verification image. The authentication server transits, to a web server accessed by the computing device, an indication that a user's identity has been verified upon determining that the scanned image includes the data from the identity verification image.

Abstract: A control device receives information, e.g., network status information and network loading information, from a plurality of service provider networks and device capability information and status information, from a plurality of user equipment (UE) devices. UEs subscribe to multiple service provider networks. In some geographical regions, coverage is provided by more than one network. The control device generates and sends device profile to network mapping information to UEs on an individual UE basis, e.g., for geographic regions, e.g., 3D regions, where multiple networks are available. Device profile to network mapping information sometimes includes criteria, e.g. rules, parameter, limits, etc. An application on the UE uses the received device profile to network mapping information, along with position information, to select a network/profile to use at a given time. Altering the information provided to one or more UEs allows the control device to perform load balancing between networks.

Abstract: Representative embodiments disclose mechanisms for data and identity migration, such as from an on-premises environment to a cloud environment. The system comprises multiple data collectors, each tailored to collect data from a data source. In a representative example, data collectors for a source application, a source identity repository and a target identity repository are utilized. Once the data is collected, it is stored in a database and methods are used to identify correlations (i.e., matches) between the source application data, the source identity repository data and the target identity repository data. The correlations are memorialized and presented to a user for rationalization. The process is stateful so that prior decisions are remembered. Once the user is satisfied with the rationalization, the system exports files that are consumed by a migration process to perform the actual data migration.

Abstract: Disclosed are example methods, systems, and devices that allow for generation and maintenance of a central identity databank for a user's digital life. The identity databank may include identity elements with payload values and metadata values corresponding immutable attributes of the user. A multifactor identity authentication protocol allows service provider devices to more reliably validate transactions with user devices via an identity system. The identity databank may include passwords, which may be generated by the identity system linked to user accounts and/or service providers. The passwords may be provided to service provider devices, eliminating the need for users to conceive of a multitude of varying passwords for the user's accounts.

Abstract: A security platform architecture is described herein. The security platform architecture includes multiple layers and utilizes a combination of encryption and other security features to generate a secure environment.

Abstract: Techniques are described for user account matching based on natural language utterances. In an example, a computer system receives a set of words, a voice print, and offer data about an offer based at least in part on a natural language utterance at a user device. The computer system determines a set of user accounts based at least in part on the set of words and determines, from this set, a first user account based at least in part on the voice print. The first user account is associated with a first user identifier. The computer system determines that the offer is associated with a second user account that is further associated with a second user identifier. The computer system generates associations of the user accounts with user identifiers and with the offer.

Abstract: Even in a case where an external camera image-captures a door of a car, with high precision, it can be set to be determined whether or not a foreign substance inserted into the door is present. A monitoring apparatus acquires a camera image that results from a camera image-capturing the vicinity of a door of a car using an external camera, from a camera. A processor of the monitoring apparatus detects the door from the camera image, sets a determination area based on a position of the detected door, acquires an image of the determination area from the camera image, determines whether or not a foreign substance inserted into the door is present, based on the image of the determination area, and performs report outputting to a monitor and a reporting apparatus according to a result of the determination.

Abstract: An apparatus, method and computer program product is provided in accordance with embodiments of the disclosure, for identifying a message of interest exchanged between nodes in a network.

Abstract: Methods, systems, and apparatus for a monitoring system are disclosed. The monitoring system includes a memory configured to store image data and a first camera configured to capture first image data including the activity of a passenger within the vehicle. The electronic control unit is configured to obtain, from the first camera, the first image data including the passenger, determine an activity of the passenger based on the first image data, and determine that the activity of the passenger will be different than a baseline activity of the passenger. The electronic control unit is configured to record and capture, in the memory and using the camera, the first image data for a time period before and after the determination that the activity of the passenger will be different than the baseline activity.

Abstract: A method for online authentication includes receiving membership authenticating information specific to members of a particular affiliation from the members and from one or more remote databases. The information is aggregated and stored in an aggregate database. An individual is authenticated, via a widget at least one of integrated into, and accessible by, at least one of a mobile application and a website of a provider of at least one of a particular program and a particular service, as a member of the particular affiliation based on a comparison of authenticating indicia provided online by the individual and the information stored in at least one of the aggregate database and the remote databases. Digital credentials are provided to the individual for access to the at least one of the particular program and the particular service when the individual is authenticated. The credentials include a unique identifier, a login and password.

Abstract: The invention relates to a method for authenticating (400) a current user of a mobile, portable communication system (100) with respect to a server (150) by means of a behavior-based authentication. The server (150) comprising a first interface and a second interface. The first interface is configured to communicate with at least one activatable device (152), and the second interface is configured to communicate with a mobile, portable communication system (100). The method for authentication comprises: receiving at least one classification result (600) by the server (150) from the mobile, portable communication system (100); evaluating the at least one classification result (600) by the server according to a predefined examination criterion (800); and activating the device (152) by the server (150) by means of a control signal.

Abstract: Systems and methods are provided for authenticating image files when network connections should not or cannot be used to transfer image files. A user device application may capture an image at a user device, generate an image file, and generate a hash file based on the image file. Instead of sending the image file to an authentication server for authentication, the application may send the hash file. If desired, the application may transfer the image file when a desirable network connection is available. Any alteration to the image file in the meantime will result in a different hash file for the altered image file, thus allowing detection of altered image files. This approach offers decreases the amount of data that is required to be transmitted in low or undesirable signal conditions, while maintaining an ability to detect alterations to image files that may have been made in the meantime.

Abstract: Systems and methods for securing network communications between a first device and a second device over a service-based architecture, include receiving, at the first device, an access request including: a request to use a service of the service-based architecture, an authentication public key certificate associated with the second device or a proxy device therefore, a unique identifier of the second device, and a digital signature using the private key associated with the authentication public key certificate. The first device may verify the authentication public key certificate and generate an encrypted access response including an access token that allows access to the service, which is then transmitted back to the second device for further use in accessing the service-based architecture.

Abstract: A member of a group in a blockchain network may generate a public key and a private key, request a blockchain network group certificate, associated with the private key, from a blockchain network certificate authority, and distribute a private key to members of the group.

Abstract: A method may include receiving, from a user device, a registration request that includes a subscription concealed identifier (SUCI), identifying a network element to decode the SUCI and forwarding the SUCI to the identified network element. The method may also include decoding the SUCI to identify a subscription permanent identifier (SUPI), identifying a unified data management (UDM) device associated with the SUPI and transmitting an authentication request to the identified UDM device to obtain authentication information associated with the user device. The method may further include receiving the authentication information and authenticating the user device based on the received authentication information.

Abstract: An online system accesses a model trained based on a topic associated with a set of content items and the content of the set of content items. The online system applies the model to predict a probability that each of multiple content items is associated with the topic based on its content and identifies (a) content item(s) associated with at least a threshold probability. The online system retrieves information describing user engagement with the identified content item(s) and determines a value of a performance metric for the topic based on this information. If the value is at least a threshold value and the online system receives content from an entity describing an item associated with the topic, the online system communicates a recommendation to the entity to create a content item describing the item and to add a tag associated with the item upon determining an opportunity to do so.

Abstract: A method for network node encryption is provided. A node encryption request is received for a network node. Subsequently, node data information of the network node according to the node encryption request is acquired by the apparatus. The node data information includes a preset link. Next, an application to a third party for an encryption certificate is transmitted via the apparatus and the application includes the node data information. The third party sends a verification file once the application is received to verify an authority to the preset link. The verification file is stored subsequently. The third party verifies the storing of the verification file and sends an encryption certificate. The encryption certificate is received and deployed on the network node via the apparatus.

Abstract: An apparatus, related devices and methods, having a memory element operable to store instructions; and a processor operable to execute the instructions, such that the apparatus is configured to identify sensitive user data stored in the memory by a first application, determine a risk exposure score for the sensitive user data, apply, based on a determination that the risk exposure score is above a threshold, a security policy to restrict access to the sensitive user data, receive a request from a second application to access the sensitive user data, determine whether the first application and the second application are similar applications, and allow access based on a determination that the first application and the second application are similar applications.

Abstract: A sensitive content display control system determines whether to display sensitive content on a computing device display, such as on a lock screen. The system attempts to authenticate a user of the computing device, and does not display the sensitive content if the user is not authenticated. If the user is authenticated, then the system determines whether anyone in addition to the user is looking at the computing device display. If the user is authenticated and no one else is looking at the computing device display, then the sensitive content is displayed. However, if the user is authenticated and at least one additional person is looking at the computing device display, then the sensitive content is not displayed.

Abstract: A server may perform server side authentication of a user device. The user device may generate a first authentication string by performing a hash function on a username, a password, and a first salt. The first authentication string may be registered with the server for subsequent login attempts. At login, the user device generates the first authentication string and transmits the first authentication string to the server. When the authentication strings match, the user device is authenticated. The user device may also update the first authentication string. The server may provide the first salt and a second salt to the user device. The user device may generate a first authentication string and a second authentication string from the first salt and the second salt, respectively. When the first authentication strings match, the server may update the user device's authentication string by replacing it with the second authentication string.

Abstract: A estate planning and beneficiary management system according to an embodiment includes a system controller which may prompt and receive from a user information which may be necessary to create and estate planning model. The system may provide for traditional assets and digital assets, such as cryptocurrency and NFTs. The system may provide for distribution of the digital assets using smart contracts and blockchain wallets. The system may provide access by beneficiaries and trusted contacts to the user selected documents at different user defined permission levels. Upon the user's death, the system may automatically notify the beneficiaries and trusted contacts, execute block transactions between the user's wallets and beneficiaries' wallets according to the smart contracts, and notify outside world platforms of the user's death and the user's directives for the particular platforms as laid out in the user's will.

Abstract: A method for synchronizing time may include receiving initial time information including an initial timestamp from a first device, adjusting a clock of the device with the initial time information, storing the initial time information as an earliest possible time, receiving additional time information, including a second timestamp, from a second device, and evaluating the additional time information. When the evaluated additional time information includes information that is unacceptable, the method may further include adjusting the clock with the second timestamp, and replacing the earliest possible time with the second timestamp. When the evaluated additional time information includes information that is acceptable, the method may further include adjusting the clock with the additional time information, and replacing the earliest possible time with the additional time information.

Abstract: Certain embodiments of this disclosure describe techniques for detecting a spoofed network device and preventing the serving of content, such as advertisements, to the spoofed network device. In certain embodiments, a network security system is provided. The network security system can include hardware and/or software programmed to prevent the provision of content to a spoofed client device. The network security system can provide a mechanism for certifying to content providers, such as advertisers, whether or not a client is a legitimate mobile device or a spoofed device. Accordingly, content providers can prevent the delivery of content to fraudulent devices instead of relying on imprecise solutions that detect fraudulent activity after it has occurred.

Abstract: A computerized method produces an identity code to identify each subject stored in the computer systems connected to a computer network while protecting the privacy and confidentiality of the subject. A central computer system receives an identity code of a suspect of a financial crime and sends the identity code to all computer systems connected to the computer network. The computer systems that have the matched identity code send the requested information to the central computer system. As a result, law enforcement organizations can eliminate crimes and financial institutions can recover the money stolen from them. In addition, law enforcement organizations and financial institutions can identify money launderers that are missed by their anti-money laundering transactional monitoring systems.

Abstract: Syncing data warehouse permissions using single sign-on authentication including establishing a link between a first cloud-based data warehouse and a second cloud-based data warehouse, wherein the link facilitates access to data stored in the second cloud-based data warehouse via the first cloud-based data warehouse; receiving, by the first cloud-based data warehouse, a first query referencing first data stored in the second cloud-based data warehouse; accessing, by the first cloud-based data warehouse, from the second cloud-based data warehouse, the first data; and sending a response to the first query based on the accessed first data.

Abstract: A network controller configured to provide network access to client devices, receives a network access request from a client device. The network access request includes a media access control (MAC) address of the client device and information about a first private key. The network controller sends to a server an authentication request, which includes the MAC address of the client device. The network controller receives an authentication response from the server, which includes a second private key. The network controller determines whether the first private key is the same as the second private key. In response to determining that the first private key is different from the second private key, network access is denied to the client device, and in response to determining that the first private key is the same as the second private key, network access is granted to the client device.

Abstract: Systems, methods, and apparatuses are described for authenticating a user device and/or user application. A user device may receive, based on a first authentication request, a plurality of messages sent over a plurality of channels of communication (e.g., a message to a URL address associated with the user device and a binary Short Message Service (SMS) message). Based on information from the messages, the user device may transmit a second authentication request.

Abstract: A system includes a service provider device and a point of sale (POS) device. A session between a user device and the POS device is established. An authentication request associated with the user device is provided via a user interface of the POS device. Subsequent to an authentication of information, responsive to the authentication request, the POS device receives funding instrument (FI) proxy information corresponding to FIs, which is unusable to identify the FIs by a merchant. A selectable representation corresponding to the FI proxy information is provided via the user interface. Responsive to receiving an indication of a selected member from the selectable representation, information for the selected member is sent. The service provider device determines that the session corresponds to an account associated with the user device and the merchant, and performs a transaction for the session using a first FI that corresponds to the selected member.

Abstract: Aspects of the disclosure relate to computing platforms that utilize improved mitigation analysis and policy management techniques to improve onboarding security. A computing platform may determine that a predetermined period of time has elapsed since finalizing an onboarding process. The computing platform may receive spot check verification inputs indicative of a user identity and may direct a mitigation analysis and output generation platform to analyze the spot check verification inputs. The computing platform may receive an indication of a correlation between the spot check verification inputs and expected spot check verification inputs. In response to determining that the correlation exceeds a predetermined threshold, the computing platform may determine that an additional verification test should be conducted, and may direct the mobile device to display an interface that prompts for additional onboarding verification inputs.

Abstract: A security platform architecture is described herein. The security platform architecture includes multiple layers and utilizes a combination of encryption and other security features to generate a secure environment.

Abstract: A computer-implemented method to identify unauthorized use of a device based on a usage pattern. The method includes tracking usage of a device, wherein the usage includes activity by a user interacting with the device. The method includes identifying a usage pattern, wherein the usage pattern is based on usage data. The method further includes generating, based on the usage pattern, a heatmap. The method includes predicting future usage of the device by the user, wherein the predicting includes generating a Markov chain of the predicted future usage. The method also includes determining actual usage is different than the predicted usage. The method further includes calculating, in response to determining the actual usage is different than the predicted future usage, a difference score. The method includes determining the difference score is above a difference threshold, and activating, in response to the difference score being above the difference threshold, an alert.

Abstract: The invention provides an authentication technique that involves provision of a new authentication credential for each authentication attempt. The requestor of the new authentication credential is required to provide a previous authentication credential in order to successfully receive the new authentication credential. The previous authentication credential has however been de-authorised so it cannot be used to authenticate the requestor, only to successfully obtain a new authentication credential. The requestor then authenticates using the new authentication credential. The cycle is repeated for as many repeat authentication attempts as are made by the requestor.

Abstract: Methods, systems, and apparatus for risk mitigation for a cryptoasset custodial system include transmitting an endorsement request for a cryptoasset transaction to a user device configured to cause the user device to prompt a user to endorse the cryptoasset transaction. Multiple data points are collected from mobile devices associated with the user. The data points indicate an identity of the user. A cryptographic endorsement of the cryptoasset transaction is received from the user device. A graphical visualization including a risk metric is generated based on the data points. The risk metric indicates a risk of accepting the cryptographic endorsement from the user device. Generating the graphical visualization includes determining whether the plurality of data points matches expected values.

Abstract: The disclosed methods and apparatus provide venues such as merchandising, service, or cultural venues with the opportunity to widen the circle of patrons by annotating images captured at or nearby the venues with information about the venues. Venues may build patron loyalty by rewarding patrons who transmit or post the images, as well as those who view the annotated images. The annotations may serve as advertisements and marketing tools.

Abstract: Techniques for connecting known entities to a protected network are described. A user device with a certified application installed is authenticated with an identification repository. The authentication is accomplished using credentials associated with the certified application. The user device is also enrolled with an authentication server and the authenticated user device is connected to the protected network.

Abstract: A computer-implemented method for team-sourced anomaly vetting via automatically-delegated role definition. The method may include automatically determining that an event of the computing system corresponding to activity of an end user is anomalous. Based on the anomalous event, a permission store of the computing system may automatically be edited to include an access restriction on the end user, and a notification may be automatically generated and transmitted to one or both of the end user and another end user. The notification may provide access to an executable statement including code configured to be executed to remove the access restriction. A call to the executable statement by the other end user may be automatically received. Further, the permission store may be automatically edited to remove the access restriction on the end user.

Abstract: Techniques are described for passive three-dimensional (3D) face imaging based on macro-structure and micro-structure image sizing, such as for biometric facial recognition. A set of images of a user's face is processed to extract authentication deterministic macro-structure (DMAS) measurements. A database includes profile DMAS measurements, profile location definitions for deterministic micro-structure (DMIS) feature regions, and profile DMIS signatures computed for the DMIS feature regions. A first-level authentication determination can be based on comparing the authentication DMAS measurements with the profile DMAS measurements. Authentication DMIS signatures can be computed from sub-images obtained for the DMIS feature regions at the profile location definitions. A second-level authentication determination can be based on comparing the authentication DMIS signatures with the profile DMIS signatures.

Abstract: The present invention relates to a detection method for a multi-access edge computing architecture. The multi-access edge computing architecture uses the technology of bump-in-the-wire (BITW) to be deployed between the user device and the core network. The multi-access edge computing architecture includes a baseboard management controller, an edge computing service module, a central processing unit module, and a switching module. When any function in the multi-access edge computing architecture fails, the detection method of the present invention is used to actively detect and directly connect the base station to the core network. When the function is restored, the detection method of the present invention can actively restore the original path of the base station and the core network connected to the multi-access edge computing architecture to achieve seamless debugging and other purposes.

Abstract: A method for controlling the IoT devices and an IoT system using the same are provided. The IoT devices includes a trigger device and a functional device. A managing software is executable on a client device. First, a credential is sent to the client from the functional device. Second, a script is received at the trigger device. The script includes the credential, at least one supported command, and at least one supported event. The script is generated at the managing software. The supported command is recognizable to the functional device. When the supported event is triggered at the trigger device, the supported command from the trigger device is received at the functional device. Then, a function of the functional device is performed based on the command, which increases the convenience of operating the system. The trigger device need not recognize the command, which increases the flexibility of the system.

Abstract: Embodiments disclosed herein are related to a method that can include displaying first content on a media display, receiving first data generated from or determined by an Internet of Things (IoT) device, and displaying second content in response to receiving the first data from the IoT device.

Abstract: The claimed group of technical solutions relates to the field of controlling electronic devices with the aid of a graphical user interface, in particular to a method and a system for activating an interface with the aid of a specified type of user input. The technical result of the claimed solution consists in providing the option of activating a graphical user interface with the aid of a user input path from two different corner areas of a display. The claimed method is implemented by creating a pattern of gesture activation of an application, comprising an input path using corner regions of a screen.

Abstract: Described embodiments provide systems, methods, computer readable media for determining risk metrics. A device may provide a risk model for a network environment. The risk model may include an input level and an output level. The input level may process first datasets each corresponding to a feature and a time window. The first datasets may include factors on access requests. The output level may generate a first aggregate risk metric of a first access request according to the datasets processed by the input level. The device may identify a second dataset corresponding to a second access request over the features and time windows. The device may determine a second aggregate risk metric by applying the second dataset to the risk model. The device may generate a response to the second access request according to an access control policy and the second aggregate risk metric.

Abstract: Systems, methods, and apparatuses for authenticating requests to access one or more accounts over a network using authenticity evaluations of two or more automated decision engines are discussed. A login request for access to a user account may be submitted to multiple decision engines that each apply different rulesets for authenticating the login request, and output an evaluation of the authenticity of the login request. Based on evaluations from multiple automated decision engines, the login request may be allowed to proceed to validation of user identity and, if user identity is validated, access to the user account may be authorized. Based on the evaluations, the login attempt may also be rejected. One or more additional challenge question may be returned to the computing device used to request account access, and the login request allowed to proceed to validation of identity if the response to the challenge question is deemed acceptable.

Abstract: When a system tries to access a network (e.g., another system, an application, data, or the like) at least two-factor authentication may be used to validate the system. At least one authentication factor may include utilizing authentication credentials of the entity or system accessing the network. At least a second authentication factor may include using an environment hash of the system, which is a representation of the configuration (e.g., hardware, software, or the like) on the system trying to access the network. The environment hash may be compared to hash requirements (e.g., authorized environment hashes, unauthorized environment hashes, or the like) to aid in the validation. The system may only access the network when both the authentication credentials and the environment hashes meet requirements.

Abstract: Systems for item validation and image evaluation are provided. In some examples, a system may receive an instrument and associated data. The instrument may be received and at least one of a bill pay profile and a user profile may be retrieved. The bill pay profile and user profile may each include a plurality of previously processed instruments that have been determined to be valid and/or authentic. The instrument may be compared to the plurality of previously processed instruments to determine whether one or more elements of the instrument being evaluated match one or more corresponding elements of the plurality of previously processed instruments. Matching or non-matching elements may be identified. In some examples, one or more user interfaces may be generated displaying the instruments and including any highlighting or enhancements identifying matching or non-matching elements.

Abstract: A semiconductor device includes a memory, a random number generation circuit, and a control circuit. The memory stores key information, and the random number generation circuit generates first and second random number signals. The control circuit generates sixth and seventh random number signals from the first random number signal and the key information, generates encrypted update data from update data using the seventh random number signal, transmits the first and second random number signals as request signals to an external terminal device, receives, from the external device, first and second response signals as response signals in response to the request signals, generates an eighth random number signal using the first response signal, the second and the sixth random number signals as input signals, and provides the encrypted update data for the external terminal device when the second response signal coincides with the eighth random number signal.

Abstract: Disclosed are example methods, systems, and devices that allow for generation and maintenance of a central identity databank for a user's digital life. The identity databank may include identity elements with payload values and metadata values corresponding immutable attributes of the user. A multifactor identity authentication protocol allows service provider devices to more reliably validate transactions with user devices via an identity system. The identity databank may include passwords, which may be generated by the identity system linked to user accounts and/or service providers. The passwords may be provided to service provider devices, eliminating the need for users to conceive of a multitude of varying passwords for the user's accounts.

Abstract: A method for authorizing automatic login of a user to a reserved area of an information resource includes, at a first user device, connecting to a web server for retrieving the information resource, and sending to an authentication server an identifier of the information resource and an identifier of the user. At the authentication server, based on the identifiers of the information resource and of the user, an authorization request is sent to a second user device associated with the user, and which stores access credentials for logging in the reserved area. At the second user device, the user is notified of the authorization request, and upon confirmation of the authorization request by the user on the second user device, access credentials are made available to the web server. At the web server, automatic login to the reserved area is performed based on the access credentials.

Abstract: Systems and methods enable secure service-based communications in networks that use a Services Communications Proxy (SCP). A Network Function (NF) producer receives a service request including an authorization token and a signed service request object, wherein the service request originates from an NF consumer of the wireless core network and is forwarded to the NF producer via the SCP. The NF producer verifies the signed service request object and generates, after the verifying, a service response. The service response includes a signed service response object. The NF producer sends, to the NF consumer and via the SCP, the service response with the signed service response object.