Abstract: An example system for device-independent point to multipoint communication is configured to receive a message addressed to one or more destination users, the message type being, for example, Short Message Service (SMS), Instant Messaging (IM), E-mail, web form input, or Application Program Interface (API) function call. The system also is configured to determine information about the destination users, the information comprising preferred devices and interfaces for receiving messages, the information further including message receiving preferences. The system applies rules to the message based on destination user information to determine the message endpoints, the message endpoints being, for example, Short Message Service (SMS), Instant Messaging (IM), E-mail, web page output, or Application Program Interface (API) function call. The system translates the message based on the destination user information and message endpoints and transmits the message to each endpoint of the message.

Abstract: An information processing apparatus includes a processor configured to: store document data, a first character string, and a second character string that are associated with each other, the second character string being to be inputted by an operation that has a procedure quantity smaller than a procedure quantity of an operation by which a user inputs the first character string; output the document data that is associated with the second character string to a requester of the document data when the second character string is acquired if a predetermined condition is satisfied; avoid outputting the document data that is associated with the second character string to the requester of the document data when the second character string is acquired if the condition is not satisfied; and output the document data that is associated with the first character string to the requester of the document data when the first character string is acquired if the condition is not satisfied.

Abstract: The disclosure relates to an enhanced data security system and method thereof. In some embodiments, the method includes receiving the transactional credential dataset from a user application. The transactional credential dataset is provided by a user to the user application. The method further includes storing the transactional credential dataset in nodes of a graphical embedding storage model. The nodes further store historical credential datasets of the user. Further, the method includes determining a correlation among the historical credential datasets using an artificial neural network (ANN) model and detecting a pattern of the transactional credential dataset based on the correlation. The ANN model is trained based on credential datasets provided by users stored in the nodes of the graphical embedding storage model.

Abstract: A computer-implemented method for improving security of a biometrics-based authentication system comprises receiving, by one or more servers, enrolled biometric samples of an enrolled user during an enrollment stage of the biometrics-based authentication system. Augmented biometric samples are created by adding learned perturbations to the enrolled biometric samples of the enrolled user. During a request for authentication, submitted biometric samples are received from a second user. The submitted biometric samples of the second user are compared to the enrolled biometric samples and to the augmented biometric samples of the enrolled user based on predefined metrics. Based on the comparison it is determined whether the submitted biometric samples of the second user have been modified to impersonate the enrolled user.

Abstract: A computer readable medium, a system, and a method for providing data security through identity access management using a transaction classifier to classify transactions according to a set of transaction data associated with the transaction and mitigate abnormal transactions. The transaction classifier is trained using a set of training data and updated after each transaction. The identity access management may also include a mitigation policy that is used to determine a mitigation technique for each transaction.

Abstract: Knowledge-aware detection of attacks on a client device conducted with dual-use tools. A method may include obtaining dual-use tool data related to a plurality of dual-use tools; collecting from a client device, by the computing device, user input related to the use of a dual-use tool of the plurality of dual-use tools; determining that the user input contains a feature of the dual-use tool data; creating a behavioral index of the user input, the behavioral index stored on the client device; detecting new input on the client device; determining a similarity level between the user input and the new input; flagging a malicious attack on the client device based on determining that the similarity level does not satisfy a pre-determined threshold; and implementing a security action on the client device based on flagging the malicious attack.

Abstract: A system for generating a nearest neighboring vertices index. The system includes a memory and one or more processors. The one or more processors receive a base figure asset and an item asset, determine nearest neighbor vertices between the base figure asset and the item asset using at least one of a k-dimensional tree algorithm and a geodesic algorithm, and generate the nearest neighboring vertices index based on the determined nearest neighbor vertices between the base figure asset and the item asset.

Abstract: A method for providing connection between applications and a data repository is described. The method includes receiving a communication from an application for the data repository. The application is authenticated. In response to the application being authenticated, the credentials for the data repository are obtained from a data vault. The credentials are used to access the data repository while the application is free of the credentials.

Abstract: Embodiments of the present disclosure relate to verifying a third-party resource by automatically validating multi-factor message codes associated with the third-party resource to enable access to functionality associated with the third-party resource via a multi-app communication system. An example embodiment includes a multi-app communication system including at least one processor and at least one memory. The embodiment multi-app communication system is configured to receive a sign-in request from a multi-app communication system application executed on a client device, and cause transmission of a multi-factor confirmation message to a verified third-party multi-factor authentication resource. The embodiment multi-app communication system is further configured query the verified third-party multi-factor authentication resource to identify the multi-factor confirmation message, and enable access to the third-party resource.

Abstract: The present invention relates to a method and system for quality compliance, system and operator verification, and process management for point of care biological sample testing systems used in hospitals and other medical delivery environments. Specifically, the present invention may be directed to a computing device configured to generate a plurality of attributes configured to assess a competency level of an operator to operate at least one sample testing instrument, obtain operator derived data pertaining to the operator's ability to operate the at least one sample testing instrument, and determine a competency level of the operator for the at least one sample testing instrument based the plurality of attributes and the operator derived data.

Abstract: An information handling system may include a host system and a management controller configured to provide out-of-band management of the information handling system. The management controller may be configured to: receive, via a management bus of the management controller, a user login request for access to a first user account associated with the management controller; determine a second user account corresponding to the first user account, wherein the second user account is associated with a security policy; and provide the user access to the management controller via the first user account, wherein a privilege level of the provided access is based on a set of privileges associated with the second account.

Abstract: A system for collecting information regarding a flight restriction region includes one or more processors and a non-transitory computer readable storage medium storing instructions that, when executed by the one or more processors, cause the one or more processors to individually or collectively receive an input specifying a location of the flight restriction region from a user via a user input device, obtain information associated with the flight restriction region from one or more external data sources based on the location, and determine a space of the flight restriction region based on the information associated with the flight restriction region.

Abstract: An authentication server associated with a network authenticates a primary user credential responsive to a request from a client device to access the network. The authentication server queries a database server for contact information for obtaining a secondary user credential. The contact information is provided to a third-party authentication server to obtain and authenticate the secondary user credential. In response to both the third-party authentication server obtaining and authenticating the secondary user credential successfully and the authentication server authenticating the primary user credential successfully, the client device is granted access to the network.

Abstract: An apparatus comprises at least one processing device comprising a processor coupled to a memory. The processing device is configured to receive from a requester a request to modify a parameter of an access-controlled account associated with a set of sensor devices. Responsive to receipt of the request, the processing device initiates at least one instance of a proof of physical presence protocol, the proof of physical presence protocol requiring performance by the requester of at least one action involving at least one sensor device of the set of sensor devices associated with the access-controlled account. Responsive to successful completion of at least one instance of the proof of physical presence protocol, the processing device sends at least one notification to each of one or more registered users of the access-controlled account. The processing device approves or rejects the request based at least in part on at least one of a number and a type of responses to the one or more notifications.

Abstract: Examples described herein provide network enabled control of a security device. Examples include determining that a client device is connected to a network, receiving a request from the client device to instruct a security device to perform an action, wherein the request comprises a key, authenticating the key received from the request, and based on the determination that the client device is authorized to connect to the network, and based on the authentication of the key, sending, by a network device, a signal to instruct the security device to perform the action.

Abstract: An access control system is described in which a primary credential device has a master key and a secondary credential device has a key derived from the master key. Both the master key and the derivative key are required to gain access to the resource protected by the access control system. If the secondary credential device is lost, misplaced, or stolen, it cannot be used to gain illicit access to the protected resource, and it can be easily replaced by providing a different secondary credential device with another key derived from the master key.

Abstract: A system, method, and computer program are provided for distributed application execution using a cluster of mobile devices. In use, a wireless computing device included in a wireless mesh network of wireless computing devices identifies a wireless distributed application deployed to the wireless computing devices. Further, the wireless computing device manages execution of the wireless distributed application across the wireless computing devices.

Abstract: Techniques are described for analyzing data regarding activity in an IT environment to determine information regarding the entities associated with the activity and using the information to detect anomalous activity that may be indicative of malicious activity. In an embodiment, a plurality of events reflecting activity by a plurality of entities in an IT environment are processed to resolve the identities of the entities, discover how the entities fit within a topology of the IT environment, and determine what the entities are. This information is then used to generate an entity relationship graph that includes nodes representing the entities in the IT environment and edges connecting the nodes representing interaction relationships between the entities. In some embodiments, baselines are established by monitoring the activity between entities. This baseline information can be represented in the entity relationship graph in the form of directionality applied to the edges.

Abstract: The invention relates to a method for configuring a user equipment, comprising the steps of a) accessing user related information, preferably account information, on the user equipment, b) transmitting the user related information to a dedicated configuration server, c) matching the user related information to a specific configuration information, d) upon matching, transmitting the configuration information to the user equipment, e) configuring the user equipment with the configuration information, and wherein initiation of the steps a)-e) is performed by a one-touch-client and wherein the configuration server is provided as a one-touch-server. The invention also relates to a system for configuring a user equipment.

Abstract: Methods, systems, and products authenticate users for access to devices, applications, and services. Skills of a user are learned over time, such that an electronic model of random subject matter may be generated. The user is prompted to interpret the random subject matter, such as with an electronic drawing. The user's interpretation is then compared to the electronic model of the random subject matter. If the user's interpretation matches the electronic model, the user may be authenticated.

Abstract: A system for historizing process control data. A configurator module registers a data source device with a historian server and indicates to the historian server to generate data source registration information for identifying the registered data source device. The historian server generates and stores the data source registration information. The historian server also generates a connection token comprising the data source registration information. The configurator module forwards the connection token to the data source device, which stores the token and sends it to the historian server with data. The historian server compares the connection token received from the data source device to the connection token stored by the historian server, wherein if they match, the historian server stores the data from data source device.

Abstract: Systems and methods provide for secure and efficient token generation, management, transfer, and authentication services in a biometric data environment. Various embodiments relate to a method performed by a processor of an authentication computing system. An example method includes receiving an update biometric reference sample and a user identifier, retrieving a previous biometric reference template record in a storage location based on the user identifier. The previous biometric reference template record includes a template record identifier uniquely identifying the previous biometric reference template record and a previous biometric reference template generated using a previous biometric reference sample.

Abstract: This invention describes a method to encode a private term, phrase or sentence whereby the term, phrase, or sentence is never recorded (or required) by the encoding method and said term, phrase, or sentence is only decodable by the encoder or confidants in which the encoding scheme for the private term, phrase, or sentence is shared. A preferred embodiment is a security system for user authentication and credentialing based on personalized memories of the user, allowing for robust recall of an unrecorded private term, phrase, or sentence using sequenced recognizable objects, recall triggers including contextual hints and trusted confidants. The invention is very extensible, providing a flexible method to the user to protect valuable digital assets and/or remote computing devices with complex credentialing values which are virtually impossible to discern by third parties.

Abstract: Systems and methods for location-based online content sharing using unique identifiers are provided. A server and a plurality of clients may be connected to one or more networks. A first client may send a shared content to the server. The first client may also send a first location of the first client as well as a unique identifier for the shared content. The server may store the shared content. A second client may request the shared content, and the request may include the unique identifier and a second location of the second client. The server may determine that the second location is within a predefined distance from the first location. Upon such determination, the server may send the shared content to the second client.

Abstract: A dynamic application testing and scoring system that tests applications under various tenets and categorizes the applications to be published, to be further reviewed or rejected. The results from administering a plurality of tests to an application are analyzed by applying rulesets that pertain to criteria under each of the tenets. An application score is determined from the analysis using weights associated with the tenets, priority levels of the criteria and the severity levels of the rulesets. The application score identifies a position for the application on a scoring scale relative to two trust threshold values. The application is categorized based on the position. Feedback regarding the categorization is received and the trust threshold values on the scoring scale can be adjusted if the categorization in the feedback is different from the categorization produced by the scoring system.

Abstract: An Ethernet switch and a switch microcontroller or CPU are integrated onto a system-on-a-chip (SoC). The Ethernet switch remains independently operating at full speed even though the remainder of the SoC is being reset or is otherwise nonoperational. The Ethernet switch is on a separated power and clock domain from the remainder of the integrated SoC. A warm reset signal is trapped by control microcontroller (MCU) to allow the switch CPU to isolate the Ethernet switch and save state. When the Ethernet switch is isolated and operating independently, the warm reset request is provided to the other entities on the integrated SoC. When warm reset is completed, the state is restored and the various DMA and flow settings redeveloped in the integrated SoC to allow return to normal operating condition.

Abstract: One or more implementations of the present specification provide information processing methods, apparatuses, and devices, and computer readable storage mediums. In an implementation, an information processing method includes: when a user is in a non-login state, receiving an account operation request and identity identification information sent by a terminal device of the user; querying account information corresponding to the identity identification information in response to the account operation request; sending a first display instruction to the terminal device when the account information is found, so that the terminal device displays an account operation interface for the account operation request, where the account operation interface is used to receive account operation interaction data of the user and an identity credential corresponding to the identity identification information.

Abstract: In one aspect, a first device includes at least one processor and storage accessible to the at least one processor. The storage includes instructions executable by the at least one processor to access a first network connection history for a second device different from the first device. The instructions are also executable to determine in a first instance whether to authenticate the second device based on the first network connection history and to authenticate the second device based on a determination to authenticate the second device.

Abstract: According to certain implementations, a permissions gateway receives an access request indicating multiple sets of secured data that include high-granularity data stored on multiple secured data repositories. The access request is compared to a permission set with multiple consent parameters, which indicate access types for the secured data. Based on a comparison of the access request to a permission set, the permissions gateway queries, the permission gateway queries a first data repository for a high-granularity dataset that includes a portion of the high-granularity data, and queries a second data repository for a low-granularity dataset that includes a summary of part of the high-granularity data. The permissions gateway generates a multi-granularity response to the access request, based on a combination of the high-granularity dataset and the low-granularity dataset.

Abstract: A method (and structure) to connect a mobile device to a local Wi-Fi network includes providing an input capability for a user of the mobile device to request to make a connection to a local Wi-Fi network. A processor on the mobile device retrieves, from a memory device of the mobile device, a listing of registered local Wi-Fi networks available at the user's current location. A request to connect to a selected one of the registered local Wi-Fi networks listed on the retrieved listing of registered local Wi-Fi networks is transmitted from the mobile device. The mobile device is connected to the selected registered local Wi-Fi network upon receipt of an indication by the selected registered local Wi-Fi network that the user has been validated and verified as trustable.

Abstract: An on-demand database system may receive a request to create a user account associated with a subdomain of the database system. The system may identify a pre-existing user account associated with a different subdomain of the database system where the pre-existing user account is associated with a personal communications address identified in the request. The system may create the requested account using personal information retrieved from the pre-existing user account.

Abstract: Provided herein are devices, systems, and methods for detecting spoofing of a 3D object, using a 2D representation, in a mobile object authentication process, comprising capturing image data of the 3D object by a front-facing camera, to record a current spatial characteristic of the 3D object, while a front-facing screen displays an authentication pattern comprising a plurality of regions, wherein at least one of the regions varies in at least one of: brightness, position, size, shape, and color over time causing a variance of lighting effects which create highlights and shadows on the 3D object over time. The devices, systems, and methods thereby provide an efficient and secure process for determining if spoofing of the 3D object, using a 2D representation, is attempted in a mobile authentication process, by comparing the current spatial characteristic of the 3D object with a stored reference spatial characteristic of the 3D object.

Abstract: Methods, systems, and devices for security descriptor generation are described. An end device may be authenticated based on a certificate and a device key based on a security descriptor. The security descriptor may be generated based on publicly-available information such as time of day information, geographical information, or a default set of information. The security descriptor may be used for generation of a certificate accessible by a server used for authenticating the device and also may be used by an end device to generate a device key for verification by the server authenticating the device.

Abstract: A mobile terminal includes an output unit configured to output whether authentication successes, a controller configured to perform explicit authentication based on authentication information, to collect data for implicit authentication if the explicit authentication successes, and to enroll a user behavior pattern for the implicit authentication based on the collected data, and a memory configured to store the user behavior pattern.

Abstract: Virtual site inspections to support clinical trials is disclosed. A frame and glasses subsystem has at least a global positioning system (GPS) and is associated with a first computing device at a physical site where an inspection is conducted. A session is opened in a web-based application on a second communication device that is in communication with, but that is physically remote from, the first computing device. Location tracking using GPS allows for a location of the frame and glasses subsystem to be continuously tracked. A script from the web-based application to the first computing device enables association with a video stream and locations within the physical site. The script enables responses to be provided from the first computing device at the locations. The locations, time stamps, video stream, the responses from the script, and a device identifier is provided immutably to the web-based application.

Abstract: The invention provides one or more consortia of networks that identify and share information about users and/or user devices interacting with the consortia. User devices may be identified, at least in part, by a delta of time parameter between a user device used and a reference time. Other parameters may be analyzed to identify a computer user and/or device and noteworthy transactions. The invention may be used for identity-based applications such as network security, the detection of fraudulent transactions, identity theft, ratings-based communities and law enforcement. User may be permitted to register user devices in order to control access for performing transactions.

Abstract: Provided is passwordless user registration process in which a user initially registers a device or a network of trusted devices rather than submitting a password. Thus, example embodiments are directed to a truly passwordless user account across all devices. In one example, a method may include receiving a registration request of an unregistered user from an authentication device, the registration request comprising a user identifier and a device credential obtained by the authentication device, performing a passwordless registration of the unregistered user with an application, wherein the performing comprises registering the unregistered user as a passwordless user with passwordless access to the application and registering the authentication device as a first trusted device of the passwordless user, and transmitting a notification to the authentication device indicating successful passwordless registration.

Abstract: The present invention reduces the risk of user biometric information being leaked to a third party. A biometric authentication device (820) receives an echo signal (response signal) from a client device. The echo signal is formed as a result of an inspection signal being applied to an authentication subject by a client device, and the inspection signal being transmitted into the body or to the surface of the body of the authentication subject and changing into the echo signal. The biometric authentication device (820) comprises: an inspection signal generation unit (821) that generates the same inspection signal as the client device; a transmission characteristic calculation unit (823) that calculates, from the inspection signal and the echo signal, a transmission characteristic of the authentication subject; and an authentication unit (824) that authenticates the authentication subject by comparing a preregistered first transmission characteristic and a calculated second transmission characteristic.

Abstract: An image forming apparatus including a processor and a memory storing instructions executable by the processor is provided. The processor is to execute the instructions to perform processing for a login operation using a common account of a group of users to login a user of the group, obtain mapping information indicating a mapping of information related to the group in correspondence with the logged-in common account, and support a function of the image forming apparatus requested by the user of the group logged-in using the common account, based on the mapping information.

Abstract: Systems and methods for accountless device control are disclosed. For example, a smart device may be acquired and plugged in for use. The smart device may gain network connectivity and a system associated with the smart device may request enablement of an application for use with the smart device from another system, such as a system associated with a voice-enabled device. The other system may generate and send user identifier data, and the system associated with the smart device may generate a shadow account in association with the user identifier data. The application may be enabled in association with the shadow account, and access credentials may be exchanged to securely send and receive information associated with operation of the access device.

Abstract: Provided is a process, including: obtaining a first password to a private computer network; determining, with a credential-monitoring application within the private computer network, whether the first password satisfies one or more criteria by: comparing the first password to a set of compromised credentials within a database within the private computer network; and determining whether the first password matches one or more passwords within the database; and in response to the determination that the first password satisfies the one or more criteria from among the plurality of criteria, causing a use of the first password to access the private computer network to be rejected and causing a first user associated with the first password to be notified to change the first password.

Abstract: An authentication system includes a shared terminal; and at least one information processing apparatus coupled to the shared terminal via a communication network. The shared terminal includes an authentication controller configured to, upon detecting that the shared terminal is activated, acquire authentication screen data, from the at least one information processing apparatus, for authentication performed for using an internal function of the shared terminal, display an authentication screen based on the acquired authentication screen data, and transmit, to the at least one information processing apparatus, input information that is input to the displayed authentication screen by a user; and an internal function operator configured to display a screen for using the internal function of the shared terminal, upon acquiring information indicating that an authentication process, which is performed based on the input information at the at least one information processing apparatus, is successful.

Abstract: A method for synchronizing time may include receiving initial time information including an initial timestamp from a first device, adjusting a clock of the device with the initial time information, storing the initial time information as an earliest possible time, receiving additional time information, including a second timestamp, from a second device, and evaluating the additional time information. When the evaluated additional time information includes information that is unacceptable, the method may further include adjusting the clock with the second timestamp, and replacing the earliest possible time with the second timestamp. When the evaluated additional time information includes information that is acceptable, the method may further include adjusting the clock with the additional time information, and replacing the earliest possible time with the additional time information.

Abstract: A computer implemented method includes receiving instructions from a user for identifying data on one or more social networks, wherein the instructions received from the user comprise one or more conditions and one or more actions, identifying, on the one or more social networks, data that is associated with one or more social entities, determining one or more characteristics of the identified data, determining, based on the one or more characteristics of the identified data, that the identified data meets one or more conditions for identifying data specified in the instructions received from the user, in response to determining that the identified data meets one or more conditions specified in the instructions received from the user, performing one or more actions specified in the instructions received from the user.

Abstract: A computer-implemented method, system and computer program product for utilizing multi-factor authentication to authenticate an Internet of Things (IoT) device. The identity credentials of neighboring IoT device(s) are obtained by the IoT device to be authenticated. Upon providing a request to the authentication system to prove its identity, the IoT device provides the authentication system a first factor credential, such as a username and password. The authentication system, upon confirming the accuracy of the first factor credential, challenges the IoT device to provide the second factor credential. After receiving the challenge from the authentication system to provide the second factor credential, the IoT device returns the second factor credential that was generated based on the obtained identity credentials from the neighboring IoT device(s).

Abstract: Disclosed are embodiments for electronic commerce user interfaces. In some embodiments, a device is used to create an account on an electronic commerce system or create a listing for an item for sale on the ecommerce system. A first identifier of the device is stored by the ecommerce system. When a listing is generated by the account, an image representing an item for sale is included as part of the listing. The disclosed embodiments compare a second device identifier of a device used to capture the image with the first device identifier. If the two identifiers identify the same device, this provides an indication of confidence that the seller is in possession of the item represented by the image. This indication of confidence is then displayed when the listing is displayed to prospective buyers.

Abstract: Generally discussed herein are devices, systems, and methods for secure cloud application provisioning. A method can include, while providing access to the cloud application, receiving data indicating a first universal resource locator (URL) entered in a search bar of a web browser associated with the cloud application has changed to a second URL, determining whether the second URL has a valid certificate, and in response to determining the second URL is associated with the cloud application and a valid certificate for the second URL exists, providing resources for the second URL and the valid certificate to the web browser or in response to determining the second URL is not associated with the application, re-directing the web browser away from the proxy server.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for creating secure browser cookies.

Abstract: A cellular terminal detects any capability reporting trigger and responsively to such determination produces a cellular network authentication capabilities message indicative of cellular network authentication capabilities available for the terminal; and transmits the cellular network authentication capabilities message to the cellular network. The cellular network receives the network authentication capabilities message from a cellular terminal, selects a cellular authentication algorithm based on capabilities indicated by the network authentication capabilities message; and performs cellular authentication with the cellular terminal using the selected cellular authentication algorithm.

Abstract: Systems, apparatuses, and methods are described for protecting the integrity of a playlist, and/or for determining whether a playlist has been altered. The playlist may comprise references to segments of multiple content types. The references may be obfuscated, and/or confirmation data may be used to detect playlist alteration.