Abstract: Provided are a method and device for determining Subscriber Identity Module (SIM) card information. The method includes that: negotiation with a terminal is performed to establish a session Identifier (ID) channel; SIM card information allocated for the terminal by a network-side server is acquired; and the SIM card information is sent to the terminal through the session ID channel. With adoption of the technical solutions, the problem in the related art that a large storage space is wasted and a SIM card information acquisition flow is complex because the SIM card information may be acquired only through a physical SIM card is solved, a physical SIM card form is not required, cost is greatly reduced and, meanwhile, a SIM card information acquisition process is simplified.

Abstract: Techniques for enabling a user computing device to manage a controlled device only when the user computer device is physically proximate to the controlled device are disclosed. The controlled device repeatedly provides codes that change at select times and the user computing device sends the last received or captured code back to the controlled device. The user computing device is enabled to manage the controlled device when the most recent code sent by the user computing device matches one or more codes most recently provided by the controlled device. Additionally or alternatively, the user computing device is enabled to manage the controlled device when the user and controlled devices connect to the same access point. A technique for enabling the user computing device to share, mirror, or cast a screen on the user computing device onto a display of the controlled device is also disclosed.

Abstract: A device and a method for authenticating a user. The method includes selecting the phrase key from a plurality of phrase keys. The method also includes receiving, from a target service a file that includes parsed data based on speech recognition processing of a phrase spoken by a user. Additionally, the method includes sending a notification the target service, upon a determination that the parsed data matches a phrase key. The method further includes receiving a set of user credentials from the target service and sending the set of user credentials to the virtual assistant device.

Abstract: A method for conveying a one-time password using blockchain includes: receiving proposed transaction data from a merchant system including payment credentials, receiving account details, and a transaction amount; identifying user account data associated with the payment credentials including an account identifier; identifying a one-time password; transmitting the one-time password and account identifier to a third party system; receiving a data identification value from an external computing device; identifying a blockchain data value included in a blockchain including a password value based on the received data identification value; validating, the identified one-time password based on the password value; and initiating payment of the transaction amount from a first transaction account associated with the payment credentials to a second transaction account associated with the receiving account details upon validation of the identified one-time password.

Abstract: Embodiments perform write operations in a multi-tenant cloud system that includes a first data center adapted to authenticate a first plurality of registered clients and located in a first geographic area, and a second data center adapted to authenticate a second plurality of registered clients and located in a second geographic area that is different from the first geographic area. Embodiments receive a request from a first client to perform a first write for a resource at the second data center. Embodiments generate a call to the first data center including a second write for the resource at the first data center. Embodiments retrieve data corresponding to the first write and send the retrieved data to the first data center. Embodiments write on the data based on the first write, the writing on the data including changing the data to generate changed data.

Abstract: Disclosed is a method of providing, by a server, mutual authentication of mutual authentication participants for contents of a social media service, the method including: receiving requestor authentication information generated in a terminal of a requestor requesting mutual authentication for specific contents; receiving acceptor authentication information generated in a terminal of an acceptor accepting the mutual authentication for the specific contents; and verifying the requestor authentication information and the acceptor authentication information, and storing the specific contents included in the requestor authentication information and the acceptor authentication information as mutually authenticated contents of the requestor and the acceptor.

Abstract: According to an embodiment, an information processing apparatus includes one or more processors. The one or more processors are configured to acquire a program identifier of a computer program disposed on a memory and serving as an execution target; read a calculation result corresponding to the acquired program identifier from a storage; and verify whether the computer program serving as the execution target is permitted to be executed, on the basis of the read calculation result and a white list.

Abstract: A registration system includes a management apparatus configured to acquire first information of an authentication key for registration from a communication processing apparatus to communicate with the management apparatus, put a signature for the first information with a first registration key, and transmit the first information completed with the signature to the communication processing apparatus, and a registration server configured to acquire a registration request including the first information completed with the signature by the management apparatus from the communication processing apparatus to communicate with the registration server, verify the signature put for the first information included in the registration request, by using a second registration key paired with the first registration key, and register the first information included in the registration request, based on a result of verifying the signature put for the first information.

Abstract: A first network access node for a wireless communication system obtains a set of first radio service information (RSI) for a set of first position information in a service area. Each first RSI of the set of first RSI comprises a first RSI estimate, a first estimate type indicating how the first RSI estimate was estimated, and a first radio service type defining the first RSI estimate. The first network access node further receives a first control message from a second network access node. Corresponding methods and computer program products are also described.

Abstract: Computerized apparatus and methods useful for causing provision of location-based services to users via a user portable wireless computerized device or other device. In one embodiment, the user device establishes a secure communication session with a network server (e.g., proxy process for a service coordinator or provider) to provide user-specific location-based services such as a time-limited rental of a tangible object or space. In one variant, dynamic generation of a response to the user included providing image data relating to provision of the user-specific location-based service, the image data enabling the user to authenticate at least one aspect of the provision of the user-specific location-based service by the third party service provider.

Abstract: Embodiments of the present systems and methods may provide techniques for verifying the correct application purpose for applications that serve multiple purposes and to determine the correct purpose for each requested data access. For example, in an embodiment, a method for controlling application access to data implemented in a computer comprising a processor, memory accessible by the processor, and computer program instructions stored in the memory and executable by the processor may comprise: receiving an application comprising a plurality of application parts, each application part associated with a declared data access purpose and generating a cryptographic certificate for each application part to be certified by determining whether a declared data access purpose for each application part to be certified is correct and the only data access purpose for that part, wherein the declared purpose is included in purpose information associated with each application part to be certified.

Abstract: Systems and methods are described herein for providing single sign-on capabilities. In some embodiments, an intermediate endpoint of a service provider receives, from a user device, an http_post message including security data provided by an identity provider. In some embodiments, the intermediate endpoint retrieves relay state data specific to the identity provider and transmits the security data and the relay state data to the user device. The user device then transmits the security data and relay state data to an authentication endpoint of the service provider. The authentication endpoint verifies that the SAML response indicated the user was authenticated by an identity provider. A URL may be retrieved from the relay state data and the user device's web browser is redirected to the URL to provide access to one or more services of the service provider.

Abstract: A method for authenticating a user of a handheld field maintenance tool is provided. The method includes moving the handheld field maintenance tool into a proximity of a field device. The field device receives a primary key. The field device generates a secondary key and transmits the secondary key to a remote system. The remote system transmits the secondary key to the user of the handheld field maintenance tool. The field device receives the secondary key. The field device authenticates the user of the handheld field maintenance tool.

Abstract: A an exchange of rewardable consumer engagement opportunities includes generating a rewardable consumer engagement opportunity (RCEO) having one or more characteristics based on received entity information in response to an entity request, generating a bank of one or more rewards based on the one or more characteristics of the rewardable consumer engagement opportunity, receiving a user-initiated request for a reward based on a reported performance of a user from a communications device, determining a location of the user performance, identifying a reward in the bank of one or more rewards compatible with the reported user performance and a determined location of the user performance, transmitting the identified reward to the communications device, receiving a response from the communications device confirming acceptance or rejection of the reward and adjusting the reward bank to reflect acceptance or rejection of the reward.

Abstract: Provided in the present application are a one-time dynamic positioning authentication method, system and password changing method. The method comprises: an authentication server receives an authentication request from a client, generates a positioning factor string, and transmits generated information containing the positioning factor string and a structure of an all-element dynamic factor table to the client; the client receives the generated information, generates the all-element dynamic factor table, and maps the positioning factor string into the all-element dynamic factor table to acquire a dynamic graphical password inputted in accordance with a first positioning rule by a user and transmit to the authentication server; the authentication server receives the dynamic graphical password from the client, and if the first positioning rule corresponding to the parsed dynamic graphical password is consistent with a preset positioning rule, then the authentication is successful.

Abstract: The present embodiments relate to entry and management of identifiers and credentials. The present embodiments display a credential affordance that, upon selection, provides a credential-assistance user interface for enabling swift access to various credential and management options. The credential affordance can be displayed based on a determination by electronic device that a webpage includes a text entry field associated with a set of one or more restricted resources (e.g., document and/or webpage).

Abstract: A terminal apparatus (1) includes a data acquisition unit (113) that acquires data from a business server (2) by transmitting a request to access a one-time URL indicated by URL information received from the business server (2). The business server (2) includes a URL generation unit (212) that generates a one-time URL, an expiration date setting unit (213) that sets an expiration date of the one-time URL, an authentication processing unit (216) that authenticates the terminal apparatus (1), and a state setting unit (215) that sets either an authentication function active state or an authentication function inactive state within the expiration date of the one-time URL. In a case where the authentication processing unit (216) receives the access request, the authentication processing unit (216) starts an authentication process when the authentication function active state is set, and avoids executing the authentication process when the authentication function inactive state is set.

Abstract: When detecting a first touch operation performed by a user on a touchscreen of the terminal device, the terminal device determines an object in an area corresponding to the first touch operation as a touch object, and the touchscreen has a fingerprint recognition function. The terminal device determines whether the touch object is included in a preset whitelist, and the whitelist includes at least one touch object that supports fingerprint authentication. If the touch object is included in the whitelist, the terminal device collects fingerprint information of the user by using the touchscreen. The terminal device performs fingerprint authentication by using the collected fingerprint information.

Abstract: A method for managing a user includes: sending, to a second network device, first equipment identification information of a first user equipment corresponding to a first user account; receiving connection record information corresponding to the first user equipment returned by the second network device; and determining, based on the connection record information, one or more second user accounts corresponding to the first user account, where there is at least one same visited wireless access point between a second user equipment corresponding to each of the second user accounts and the first user equipment. According to the present application, a social account is recommended in a social server based on the same wireless access point according to a connection record in a hotspot server.

Abstract: The present disclosure provides methods and systems for secure logon. One or more method includes: determining, via authentication information provided by a user of an electronic device, that the user is authorized to access an online account provided by the online account provider; providing the user with a selectable option to enable an expedited logon process by which the user can access the online account by solely providing a particular authentication item of the user; receiving a verification credential in response to a next logon attempt using the expedited logon process; and verifying that the received verification credential matches an assigned verification credential provided to the user for use in conjunction with the next logon attempt using the expedited logon process.

Abstract: Methods, systems, apparatuses, and computer program products are provided for evaluating security detections. A detection instance obtainer obtains detection instances from a pool, such as a security detections pool. The detection instances may be obtained for detections that meet a predetermined criterion, such as detections that have not been onboarded or rejected, or detections that have generated detection instances for a threshold time period. The detection may be onboarded or rejected automatically based on a volume thresholder and/or a detection performance evaluator. For instance, the volume thresholder may be configured to automatically onboard the detection if the volume of the detection instances is below a first threshold, and reject the detection if the volume is above a second threshold. The detection performance evaluator may be configured to onboard or reject the detection based on an efficacy of the detection (e.g., based on a true positive rate of the detection instances).

Abstract: A user is assigned an initial risk score during a session with a messaging platform. During the session, the user attempts an operation with an external service. One or more additional authentication factors are requested from the user to dynamically lower the initial risk score. The lowered risk score is processed with the external service to perform the operation on behalf of the user during the session.

Abstract: A server has a pool data store that stores ambient sound recordings for matching. A match engine finds matches between ambient sound recordings from devices in the pool data store. The matching ambient sound recordings and their respective devices are then analyzed to determine which device is a source device that provides credentials and which device is a target device that receives credentials. The server then obtains or generates credentials associated with the source device and provides the credentials to the target device. The target device accesses content or services of an account using the credentials.

Abstract: An improved information processing apparatus, an authentication method and non-transitory recording medium are provided. The information processing apparatus authenticates a user based on first authentication information input by a user to generate an authentication result based on the first authentication information, receives an authentication request generated by first application software, authenticates the first application software based on second authentication information to generate an authentication result based on the second authentication information when the authentication request includes the second authentication information, acquires the authentication result of the user based on the first authentication information when the authentication request does not include the second authentication information, and executes processing based on one of the authentication result based on the first authentication information and the authentication result based on the second authentication information.

Abstract: It is provided a method for providing a credential set to a credential carrier for gaining access to a physical space. The method is performed in a credential provider and comprises the steps of: preloading a plurality of credential sets from a server into a local memory, each credential set being usable to gain access to a physical space and each credential set comprising a first validity time; wherein, when a network connection between the credential provider and the server is unavailable, performing the following steps: obtaining a request to provide a credential set for a physical space; retrieving a credential set from the local memory, the credential set being usable to gain access to the physical space indicated in the request; and providing, as long as the first validity time of the credential set has not expired, the retrieved credential set to a credential carrier.

Abstract: A peripheral apparatus is provided and includes a function of generating electronic data from an information medium. Upon detection of the information medium, the peripheral apparatus starts processing including generating the electronic data using information acquired from the detected information medium and transmitting the generated electronic data to a destination registered in association with a user of an authenticated wearable terminal within a predetermined range, based on communication with the authenticated wearable terminal.

Abstract: Methods and systems for providing vendor agnostic captive portal authentication in a network that includes a plurality of network access devices are provided. For instance, one method includes receiving a redirect request for a communication between a first user-terminal and a first network access device, the redirect request including at least one of a vendor-specific item of information of the first network access device and an Internet Protocol (IP) address of the first network access device. The method further includes comparing the at least one of the vendor-specific item of information of the first network access device and the IP address of the first network access device against each of a plurality of entries of a network access device database, and providing the first user-terminal access to a captive portal page in response to an appropriate match.

Abstract: An identity provider receives a request to configure authentication for enabling single sign-on to a service provider. The identity provider identifies the authentication protocols supported by the service provider and determines whether it is compatible with these authentication protocols. As a result of the identity provider being compatible with at least some of the authentication protocols, the identity provider generates configuration information that is usable by the service provider to configure the authentication. The identity provider transmits, to a computer system, a response that causes the computer system to be redirected to the service provider in order to provide information usable by the service provider to obtain the configuration information.

Abstract: A mobile cloud system includes a plurality of mobile terminals having at least one functional module and a communicator; a cloud server to receive the information acquired from the at least one functional modules, the cloud server including a read-only file system to provide services applied to all of the plurality of connected mobile terminals, a read/write file system to provide independent services applies to each of the plurality of connected mobile terminals, and a controller to control operations of the both file systems; and a wireless communication network to provide a network between the plurality of mobile terminals and the cloud server.

Abstract: A communication apparatus includes a communication unit, an operation unit, a generation unit including a first function for generating a connection setting used for connecting with the external apparatus based on information received from the external apparatus, and a second function for generating the connection setting based on information input by the user operating the operation unit, a recording control unit configured to perform control such that the connection setting generated by the first function is recorded on a recording medium in a state where a priority level of the connection setting generated by the first function is higher than a priority level of the connection setting generated by the second function, and a control unit configured to perform control such that the connection setting of a higher priority level is preferentially used during a connection with the external apparatus through the communication unit.

Abstract: Methods, systems, and computer program products for generating a data partitioning strategy for secure and efficient query processing are provided herein. A computer-implemented method includes obtaining at least (i) a database schema associated with a database and (ii) a query workload associated with the database; and generating, based at least in part on the database schema and the query workload, a distributed database structure for the database that (i) stores a first set of columns of the database within a private cloud environment in a plaintext format and (ii) stores a second set of columns of the database in a public cloud environment, wherein the second set of columns is stored in either a plaintext format or an encrypted format based on whether the second set of columns comprises sensitive data.

Abstract: The invention provides a computer-implemented authentication method comprising the step of enabling a user to input an identifier (e.g. a PIN) into an electronic device having a screen and a keypad operable within a keypad zone of the screen; by operating at least one key of the keypad via an image of at least part of a scrambled keypad which is displayed at least partially within the keypad zone. The user's operation of the keypad key via the image generates an encoded version of the user's intended input. In one sense the invention can be perceived as superimposing a non-functional image of a scrambled keyboard over an underlying, functional keypad. The image may be any type of electronic image, and may include a video image. The invention is particularly suited for use with, but not limited to, mobile phones, tablet computer, PCs etc. It can be implemented in any system wherein a user's identity must be verified before access is granted to a controlled resource.

Abstract: Disclosed is a computer implemented method to validate a physical person matches a digital persona. The method includes receiving a first location of a first user based on a global positioning system (GPS) location of a first device, and a second location of a second user based on a GPS location of a second device. The method also includes generating one or more ephemeral keys. The method further includes, determining, based on the GPS location of the first device and the GPS location of the second device, the first user and the second user are in close proximity. The method includes, establishing a short-range communication channel between the first device and the second device. The method includes, validating, based on the one or more ephemeral keys provided over the short-range communication channel, a first person is the first user and a second person is the second user.

Abstract: An information processing method and an electronic device are provided. The method includes: acquiring first biometric information and second biometric information of a predetermined object located in a target area by an image acquisition using a synchronous acquisition process; and performing a biometric authentication on the predetermined object by combining the first biometric information and the second biometric information.

Abstract: One embodiment provides for an electronic device, comprising a network interface, a memory coupled with the network interface, at least one application processor coupled with the memory, the at least one processor to execute instructions stored in the memory, and a secure processor including a cryptographic engine, wherein the cryptographic engine is to generate a sealed encrypted message to be transmitted via the network interface, the sealed encrypted message encrypted on behalf of the at least one application processor and includes a signature to enable integrity verification of the sealed encrypted message, the signature generated based on an identity key of the electronic device and data including ciphertext of the encrypted message and a public key of a recipient of the sealed encrypted message.

Abstract: Systems and methods may be used for providing more secure authentication attempts by implementing authentication systems with credentials that include interspersed noise symbols in positions selected, for example by a user. These systems and methods secure against eavesdroppers such as shoulder-surfers or man-in-the middle attacks as it is difficult for an eavesdropper to separate the noise symbols from legitimate credential symbols. Some systems and methods may use a subset of a credential with the interspersed noise symbols.

Abstract: In response to a transition from a previous operational state to a current operational state of a given network partition of a plurality of network partitions of a core of a cellular network, a respective entry of a registry of the plurality of network partitions is updated. Network partition selection for a terminal is effected by participating in a communication of at least one selection control message corresponding to at least one entry of the registry.

Abstract: A computing system may, in an example, include a first computing device that includes at least one biometric data sensor and a biometric synchronization module on the first computing device to, when executed by a processor, synchronize biometric data from the first computing device to a second computing device in response to a biometric registration request.

Abstract: In one embodiment, a method includes receiving, by an authentication server, first credentials from a mobile application installed on a device. The first credentials include information associated with the device and information associated with a user of the device. The method also includes automatically receiving, by the authentication server and from the device, a request to connect the device to a network of a third party. The request is automatically generated by the device without interaction from the user of the device and the request comprises second credentials. The method further includes determining, by the authentication server, whether to authenticate the device using the first credentials and the second credentials and communicating, by the authentication server, a packet to the device that allows the device to connect to the network of the third party if the authentication server determines to authenticate the device.

Abstract: A method for data processing, an electronic device, and a non-transitory computer-readable storage medium are provided. The method may include: receiving target information associated with a face; and determining an execution environment corresponding to the target information according to a security level of the target information, and performing a processing related to the face based on the target information under the execution environment.

Abstract: In one aspect, a computer-implemented method useful for migrating hundreds of Terabyte to Petabyte of data to a cloud-computing environment with a data transfer appliance includes the step of providing a data transfer appliance, wherein the data transfer appliance comprises an operating system, one or more computing processing units (CPU's), a memory, and a data storage systems. The computer-implemented method includes the step of implementing data capture from a data storage system to the data transfer appliance. The computer-implemented method includes the step of storing the dedupe form of the data in the data transfer appliance. The computer-implemented method includes the step of shipping the data transfer appliance to a specified cloud-computing platform access point. The computer-implemented method includes the step of implementing data rehydration on the dedupe form of the data in the data transfer appliance.

Abstract: Devices and methods to track contact between persons using acoustic voiceprint identification from stored audio signals are presented herein.

Abstract: In various example embodiments, a machine is configured to redirect completion of a transaction to a trusted device. For example, the machine determines that a page involving the transaction is being displayed in a user interface of a first device. The page may be associated with the product or service. The machine identifies an interruption of the displaying of the page in the user interface of the first device. The machine identifies a second device that is trusted by the user. The machine transmits a communication including a notification to the second device. The notification indicates the transaction.

Abstract: A system provides for authorization of data access and processing functions within a distributed server network using a delegated proof-of-stake consensus mechanism. In particular, the system may use assign authorization levels to each node within the network environment. Certain actions or processes performed within the network (e.g., potentially damaging actions) may require that the node proposing the action meets a threshold authorization level before authorizing the action. The system may further increase or decrease authorization levels for each node depending on the outcomes of the proposed actions. In this way, the system may provide a secure way to authorize certain actions or processes taken within a computing environment.

Abstract: An edge gateway system securely delivers and exposes data generated by and/or related to a process plant for consumption by external systems, and includes a field-facing component that sends, to an edge-facing component of the system, a collection of data types defined based on configurations of the process plant and represented using a syntax that is native to the one or more external systems. The field-facing component streams process plant-related content data indicated by one or more interest lists to the edge-facing component, where the streamed data is expressed using the collection of data types. Each interest list may include multiple types of data (e.g., control, I/O, diagnostic, device, historical, etc.) that collectively represent a particular named entity of the plant. Accordingly, the streamed data is securely delivered and exposed, via the edge-facing component, to the external systems.

Abstract: A technique for connecting a user device to a service. The device sends a request to connect to the service, a user identifier of the device from a trusted entity being associated with the request. The trusted entity sends a reply to the request back to the device. This reply includes data about a uniform resource locator associated with the service and a single-use code and is sent to a contact address associated with the user identifier from the trusted entity. The device then sends a request to access a page of the service, the address of which corresponds to the data, the received single-use code being associated with the access request. Connection to the service is authorized for the service identifier associated with the user identifier from the trusted entity, when a single-use code received from a server implementing the service, in combination with a service identifier request, is valid.

Abstract: A method for authentication between a server process and a client process by means of multiple communication including a primary authentication communication and a secondary authentication communication. The method includes steps for: the server process receiving from the client process an initiating communication of the primary authentication communication, the server process initiating the secondary authentication communication between the server process and a client authentication process, the server process receiving primary authentication information comprising an authentication code or an authentication result, the server process receiving secondary authentication information comprising an authentication code or an authentication result of the secondary authentication communication, and the server process establishing the authentication on the basis of the primary and secondary authentication information.

Abstract: Systems and methods are provided for using an identity provider (IDP) to implement enrollment of a user to a relying party. One exemplary method includes receiving a login credential for a user from a relying party in connection with enrolling the user to the relying party, where the user is associated with a digital identity and the digital identity includes personal identifying information (PII) of the user. The method also includes generating a one-time-passcode (OTP) and transmitting the OTP to a communication device bound to the digital identity associated with the user, receiving an OTP from the relying party, and when the OTP generated by the computing device matches the OTP received from the relying party, compiling an enrollment file for the user including at least a portion of the PII of the user. The method then includes transmitting the enrollment file to the relying party.

Abstract: Disclosed are systems and methods for registering and localizing a building server. A system comprises a building server communicatively coupled with a computing cloud, and configured to initiate a registration process that comprises transmitting data identifying the building server. The computing cloud comprises at least a device registration module that receives the data transmitted from the building server, authenticates the building server, and generates and transmits data such as a building server password and a digital certificate. The computing cloud also comprises an identity management module that receives a request to create a unique ID associated with the building server, and updates a memory to indicate an association between the building server and the computing cloud.

Abstract: A secure investigation platform in a sovereign cloud includes a request processing system that is a user-facing system and receives requests to prepare for an incident investigation. A control message processing system creates a workspace, within the sovereign cloud, so that an investigation can be conducted within that workspace. The request processing system does not access the workspace and the control message processing system is not available for external access by a user. Data and functionality are ingested into the workspace. The control message processing system performs investigation preparation tasks within the workspace. The results of the investigation tasks are surfaced for user access.