Abstract: Aspects of this application describe a user identification utility that may monitor shared account activity on one or more computing devices. The computing devices may enable user accounts to access shared accounts, which may have different permissions than the user accounts. Based on detecting access to a shared account, the user identification utility may determine an indication of the user account, an indication of the shared account, and, if available, additional data corresponding to the user account. The user identification utility may store an association between the determined information. If the determined information satisfies a rule, the user identification utility may trigger an alert.

Abstract: Techniques for providing a digital certificate management for blockchain technologies are described. One example method includes a transaction request including a digital certificate is received from a certificate authority at a node in a blockchain network, and the transaction request is a request to write the digital certificate into a blockchain associated with the blockchain network, and the digital certificate is issued to a node in the blockchain network. A consensus verification result is determined for the transaction request, and the consensus verification result is produced by nodes in the blockchain network. The consensus verification result is compared to a predetermined threshold value. In response to determining the consensus verification result is greater than or equal to the predetermined threshold value, the digital certificate is stored in the blockchain associated with the blockchain network.

Abstract: An electronic device and method for changing a path of an audio signal by the electronic device are provided. The method includes obtaining an electromagnetic signal (EM) signal of an external electronic device through EM sensing circuitry, identifying the external electronic device based on the obtained EM signal, changing the path of the audio signal that is output by the electronic device to be output through the external electronic device, when the identified external electronic device is capable of inputting or outputting the audio signal and is connected with the electronic device, and displaying, on a touchscreen display of the electronic device, a screen for establishing a communication connection with the external electronic device, when the identified external electronic device is capable of inputting or outputting the audio signal and is not connected with the electronic device.

Abstract: A method and system for blockchain-based access to a protected entity are provided. The method includes granting access tokens of a first-type to a client; identifying, in a blockchain network, a conversion transaction identifying a request to convert the first-type of access tokens with access tokens of a second-type, wherein the transaction designates at least the protected entity; determining a conversion value for converting the first-type of access tokens into the second-type of access tokens, wherein the conversion value is determined based on at least one access parameter; converting, based on the determined conversion value, a first sum of the first-type of access tokens into a second sum of the second-type of access-tokens; and granting the client access to the protected entity when the sum of the second-type of access tokens is received as a payment from the protected entity.

Abstract: A messaging system may include a notification module that generates a cryptic notification of one or more messages available to a first user account from one or more second user accounts. The system may receive user notification preference settings for the first user account via a user interface of an electronic user communication device that predefines the cryptic notification to be generated by the notification module for display by the user communication device when a message is available. The cryptic notification may be cloaked as an event or operation unrelated to notification of an available message.

Abstract: A method and a system for modifying network connection access rules using multi factor authentication (MFA) are provided herein. The method may include the following steps: receiving, at a computer network, an access request from a client device; retrieving a user identification data associated with said client device; presenting a message over said client device, wherein the message contains details associated with said access request; responsive to the user confirmation of said details, initiating an MFA process, wherein the MFA process comprises presenting an authentication message over the client device; and only in a case that the user has been authenticated by the MFA process, establishing the requested connection access.

Abstract: An application platform may receive an input from a user associated with a user account. The input may relate to a request for access to the user account, and include a selection of emojis or images. The application platform may identify text strings associated with the emojis or images, where each text string may correspond to a respective emoji or image. The application platform may perform an action to generate a combined text string based on the text strings, and process the combined text string to derive an output value after performing the action. The application platform may determine whether the output value corresponds to a particular value after processing the combined text string, and authenticate the user to permit the user to access the user account based on determining whether the output value corresponds to the particular value.

Abstract: In one embodiment, a network policy engine obtains a substation configuration description for a substation, indicative of intelligent electronic devices (IEDs), associated network communication devices, and related communication configuration information. The network policy engine then creates a mapping of the IEDs and the associated network communication devices based on the substation configuration description, associating each of the IEDs to a corresponding network port of the associated network communication devices. The network policy engine may then further create network control parameters based on the substation configuration description, which comprise defined communication flows for the IEDs and associated security group tags (SGTs) for the defined communication flows.

Abstract: A risk analysis apparatus and method are provided. According to one embodiment of the present disclosure, the risk analysis apparatus includes: at least one processor configured to: a risk factor collector configured to collect risk factors related to one or more authentication processes for authentication of a user of a client device in an authentication system; a risk analyzer configured to calculate a current risk score for the user based on the collected risk factors and calculate a total risk score based on a risk score history of the user and the current risk score based on the one or more authentication processes being successful; and an additional authentication requester configured to determine whether additional authentication of the user is required based on the current risk score and the total risk score and, request the client device for the additional authentication of the user based on the additional authentication being required.

Abstract: Systems, methods, and non-transitory computer-readable media can receive at least one request for performing one or more operations, the request originating from a media application running on a media device, the request being broadcasted by the media device over a network to which the computing device is also connected. Information describing the request can be provided through a software application running on the computing device. A determination is made when user operating the computing device has approved the request. The operations are performed by at least the software application running on the computing device.

Abstract: The present disclosure discloses a network access method performed at a computer server in connection with a social networking platform, comprising: receiving a network access request from a first social networking account at a first mobile terminal for accessing a wireless network bound to a second social networking account when the first mobile terminal is within a predefined distance from the wireless network; forwarding the network access request to the second social networking account, the network access request including the first social networking account and an identifier of the wireless network; receiving authorization information of accessing the wireless network from the second social networking account; and sending the authorization information to the first social networking account, the authorization information including verification information used for accessing the wireless network.

Abstract: A file sharing method is provided. A shared directory generation request is received from a terminal associated with a first account, and a shared directory corresponding to the first account is generated. A second account identifier is received from the terminal associated with the first account a second account is obtained based on the second account. An access address of the shared directory is transmitted to a terminal associated with the second account. Access permission to access the shared directory is assigned to the second account. A file access request with respect to the access address is received from the terminal associated with the second account. The shared directory corresponding to the access address and the access permission of the second account are obtained, and the file access request is responded based on the access permission.

Abstract: Examples described herein include systems and methods for dynamically determining enrollment requirements and enrolling a user device into a management system. The systems and methods can differ based on the type and version of operating system executing on the user device. With some operating systems, enrollment can be completed through a single application that performs other functionality, such providing single-sign-on access to enterprise resources. With other operating systems, enrollment can be completed by pausing the first application and requiring installation of an agent application to complete enrollment. The determination of how and when to enroll a user device can be done automatically and can be based on an organizational group to which the user belongs.

Abstract: Components are dynamically associated in a multi-tier application to different layers of a corresponding multi-tier application infrastructure. This includes defining, in a memory of a host computing system, a pattern that has an inventory of components of a multi-tier application. Each of the components are associated with a corresponding tier label for an n-tier architecture and the pattern is loaded into a pattern engine. The pattern engine deploys each component of the pattern to a layer of the n-tier architecture corresponding to a tier label associated with the component.

Abstract: A method for online authentication includes receiving membership authenticating information specific to members of a particular affiliation from the members and from one or more remote databases. The information is aggregated and stored in an aggregate database. An individual is authenticated, via a widget at least one of integrated into, and accessible by, at least one of a mobile application and a website of a provider of at least one of a particular program and a particular service, as a member of the particular affiliation based on a comparison of authenticating indicia provided online by the individual and the information stored in at least one of the aggregate database and the remote databases. Digital credentials are provided to the individual for access to the at least one of the particular program and the particular service when the individual is authenticated. The credentials include a unique identifier, a login and password.

Abstract: The disclosed implementations include a method performed by a system on a telecommunications network. The system can store an indication of an association between a user device and a service plan, communicate a message to the user device, and receive an indication that a single-action input was received at the user device on the telecommunications network. The single-action input is in response to the message presented on the user device. In response to receiving the indication, the system can obtain an identifier of the user device to identify the service plan of the user device and determine whether the user device can redeem the third-party service. If the user or user device is eligible, the third-party service is automatically provisioned for the user device.

Abstract: An image processing device includes a display unit and a processor configured to determine whether or not functions of the image processing device are executable by the image processing device, and cause the display unit to display a screen including a first item corresponding to a first function that is determined to be executable and a second item corresponding to a second function that is determined to be not executable. The first item is displayed on the screen in a first display format, and the second item is displayed on the screen in a second display format that is less conspicuous than the first display format.

Abstract: Managing network communications is provided. An indication that a network device has been added to a local network is received. In response to receiving the indication that the network device been added to the local network, metrics corresponding to the network device added to the local network are detected. A device fingerprint corresponding to the network device added to the local network is generated based on the detected metrics.

Abstract: A method for accessing a virtual personal assistant has been developed. First, a trust relationship is established between a primary smart speaker device that allows a user to access the virtual personal assistant with voice commands and a separate secondary smart speaker device. A trust relationship is established by generating a request at the secondary smart speaker device to allow access the virtual personal assistant with voice print authentication from the user and then validating the request at the primary smart speaker device to confirm the authenticity of the request. Next, a voice input is received from the user at the secondary smart speaker device requesting access to the virtual personal assistant. The identity of the user is verified using voice print identification with the secondary smart speaker device. Access for the user is then granted to the virtual personal assistant using the secondary smart speaker device.

Abstract: A service layer entity may register to another service layer entity and proactively request to gain access to the local services hosted by the registrar entity. A registrar entity may accept a registree entity's registration request but only grant access of its partial services to the registree entity. If a registree entity does not need to proactively request the services within its registration request message, the registrar entity decides what services may be needed by the registree entity and grants access of those services to the registree entity.

Abstract: Examples described herein include systems and methods for dynamically determining enrollment requirements and enrolling a user device into a management system. The systems and methods can differ based on the type and version of operating system executing on the user device. With some operating systems, enrollment can be completed through a single application that performs other functionality, such providing single-sign-on access to enterprise resources. With other operating systems, enrollment can be completed by pausing the first application and requiring installation of an agent application to complete enrollment. The determination of how and when to enroll a user device can be done automatically and can be based on an organizational group to which the user belongs.

Abstract: An image processing apparatus communicates with a user's portable terminal, where the portable terminal includes an authentication module for biometric authentication. When the image processing apparatus receives verification data issued by a service providing system, the image processing apparatus uses the portable terminal's authentication module for the biometric authentication and requests a device authentication system cooperating with the service providing system to issue an authentication token.

Abstract: Methods and systems for sharing digital media include locating faces within a digital image. Individuals portrayed in the digital image are identified based on the located faces. The identified individuals are added to an access control list for the digital image to enable the identified individuals to access the digital image.

Abstract: Described herein are various technologies pertaining to authenticating, via a two-factor authentication method, the identity of a user requesting access to a medical application such as an electronic health record (EHR). The medical application, executing on a server computing device, authenticates the user based upon log in credentials provided to a client computing device, and indicates to the client computing device that the user has been authenticated. The client computing device transmits a message to a helper application (executing on a second server computing device), where the message indicates that the user has logged into the medical application. The helper application can then request confirmation from the user (by transmitting a request to a mobile computing device of the user) that the user has logged into the medical application.

Abstract: A computer-implemented method for authentication using a hashed fried password may include receiving a password value of a user, a salt key, a pepper key, and/or a temporary and randomly generated fry key, or otherwise modifying/appending the password with the salt key, pepper key, and/or fry key. The method may include hashing the modified password, such as performing a hash operation similar to Hash (Password, Salt Key, Pepper Key, Temporary Fry Key). The randomly generated fry key is not saved or otherwise stored, either locally or remotely. A remote server attempting to authenticate the user's password may check for each possible fry key, such as checking against a set of preapproved fry keys, that the hashed fried password may have been modified with in parallel. As a result, an online customer experience requiring a password is not impacted or impeded, while an attacker's attempts to learn the password are frustrated.

Abstract: The embodiment herein provides a method and system for providing an integrated information about a product or a feature and generating generalized reviews. The system and method is applicable to products or features including but not limited to hotels, food, restaurants, travel itineraries and transport. The system provides a hotel discovery platform to enable a plurality of users to discover a plurality of hotels and reviews related to the plurality of hotels. The system also provides a generalized review of each of the hotel, based on a plurality of third-party user reviews. The system provides a generalized review of each of the component of the hotel along with a plurality of related pictures. The system comprises a computing device and an application server. The application server comprises a registration module, a query receiver, a knowledge tree, an analysis module and the display module.

Abstract: Systems, methods, and apparatuses are described for authenticating a user device and/or user application. A user device may receive, based on a first authentication request, a plurality of messages sent over a plurality of channels of communication (e.g., a message to a URL address associated with the user device and a binary Short Message Service (SMS) message). Based on information from the messages, the user device may transmit a second authentication request.

Abstract: A system for and methods of securing vehicle electronic data is disclosed. For example, a vehicle data protection system for and methods of securing access to a vehicle's event data recorder (EDR) data are provided. In one embodiment, the method comprises scanning a label having a near field communication (NFC) tag using an NFC reader device, and then displaying on the NFC reader one or more vehicle data items associated with a vehicle profile. The vehicle data items may be stored and accessed from a cloud database, and may include any useful vehicle and/or vehicle owner information. The method may further include installing or granting permission for a service provider to install a vehicle connector lockout apparatus onto a diagnostic link connector of a vehicle, and establishing a chain of custody link for EDR data via an NFC tag on the vehicle connector lockout apparatus.

Abstract: Systems and methods to securely retrieve, process, and archive (e.g., via cloud systems) vehicle events, vehicle status, vehicle owner data, and historical data. The system provides real-time, or event-based, vehicle data acquisition to facilitate verifiable and accurate information. True and accurate vehicle data can be accessed by various companies, entities, and government agencies under a subscription service, or on a per-event basis.

Abstract: A system, method, and computer program product are provided for selecting a communication network to utilize based on knowledge and at least one artificial intelligence (AI) algorithm. In operation, a user device identifies a plurality of communication networks to which to potentially connect. The user device accesses knowledge associated with the plurality of communication networks to determine a communication network to utilize. The knowledge includes information associated with historical data, present data, and future data. The user device selects the communication network to utilize based on the knowledge and at least one algorithm (e.g. an artificial intelligence algorithm, etc.). Moreover, the user device connects to the communication network for performing at least one activity.

Abstract: Systems, methods and computer program products for handling communications in a wireless network are described. A message requesting forwarding of communications for a first user device is received. A location of the first user device is determined. One or more second user devices associated with the first user device is identified. A second user device is selected to receive forwarded communications for the first user device. The selected second user device is located within a predefined distance of the location of the first user device. In example implementations, the one or more second user devices are trusted user devices.

Abstract: A computing system includes a virtualization server to provide a virtual session, and a client device communicating with the virtualization server and displaying the virtual session. The client device includes a camera for generating user images of a user of the client device. A user validator includes a policy database for security enforcement, and analyzes the user images and selects at least one policy from the policy database based on the analyzed images. The at least one policy provides at least one action to be taken by the computing system to protect the virtual session.

Abstract: A computer-implemented method may hide sensitive information including when no one is looking at a display screen of a client computing device, such as sensitive information relating to auto, home, life, or renters insurance, banking, and/or vehicle loans. In one aspect, the method may determine that confidential or sensitive information is being displayed on a display screen of a computing device of a user. The method may also collect image data from a front facing camera in communication with the computing device, and determine that zero or two or more people are viewing the display screen for more than a threshold duration of at least one second. The method may further blur or obscure the confidential or sensitive information being displayed on the display screen when it is determined that the zero or two or more people are viewing the display screen for more than the threshold duration.

Abstract: In an approach for authenticating a request for an electronic transaction, a computer receives a request for an electronic transaction on a user account. The computer determines whether the request from the user for the electronic transaction is suspicious. The computer then determines, based on at least a response from at least one contact of the user, whether the request for the electronic transaction is suspicious to the at least one contact.

Abstract: A computer-implemented method may hide sensitive information, such as sensitive information relating to auto, home, life, or renters insurance, banking, and/or vehicle loans. In one aspect, the method may commence or execute an eavesdropper detection functionality or application. The method may also detect an unauthorized viewer or eavesdropper is viewing, or potentially viewing, a display screen associated with the mobile device for more than a threshold duration of at least one second, determine that sensitive or confidential information is being displayed or about to be displayed, on the display screen, and prevent the unauthorized viewer or eavesdropper from viewing the sensitive or confidential information via the display screen to facilitate hiding sensitive or confidential information.

Abstract: This disclosure describes systems, methods, and apparatuses related to secure ad hoc network access. A device may identify a cryptographic key received from a second device. The device may cause to send a probe request for service information to the second device. The device may identify a probe response including an information element received in the service information from the second device. The device may cause to send a first discovery request seeking to provision the second device. The device may identify a first discovery response from the second device including a configuration method. The device may cause to form an ad hoc wireless network group based on the first discovery response. The device may cause to exchange one or more messages to provide an access for the second device to the ad hoc wireless network group based on the cryptographic key and one or more in-band attributes.

Abstract: Many customers have difficulty setting up a new extender device in the customer premises environment to improve their multimedia service. Some embodiments include configuring an extender device based on existing WiFi network credentials to minimize errors. Some embodiments include an application for mobile devices that may enable the transfer of network credentials from existing multimedia devices on the WiFi network to configure a new extender device in real time. For example, the configuration may be based on a customer account, a corresponding environment, and corresponding multimedia devices associated with the customer account. The extender device may be configured with the network credentials (e.g., a WiFi service set identifier (SSID) and password) that is common to the corresponding multimedia devices associated with the customer account.

Abstract: Credentials and other sensitive strings can undergo automatic rotation before each transmission or storage of those credentials. String modification, which can utilize a key stretching algorithm, can be used to modify the credential before transmission. This can be for an initial sign up, a subsequent login, or another such action. A random number can be generated to determine the number of iterations for the key stretching algorithm to be applied. For subsequent actions, a new random number can be added to the prior iteration number in order to create a new string that can be generated using the previously utilized iteration number and the new random number, with only the new random number being transmitted with the modified credential string. This increases security, as the transmission itself cannot be used to recover the original plaintext credential if recovered.

Abstract: A computing device including a processor, memory, and instructions, interfaces with a key management system (KMS) that provides encryption keys using an Oblivious Pseudorandom Function (OPRF). The device obtains, based on a type of encryption key being requested, a public key of a public-private key pair. The device creates an Oblivious Key Access Request (OKAR), including a blinded value associated with a requested encryption key. The OKAR is transmitted to the KMS, and a response is received. The response includes a blinded OPRF output, which yields an OPRF output as a result of being subjected to an unblinding operation. The OPRF output is validated using the public key, either directly or via a challenge, and in response to a positive validation, the OPRF output is used as a final key, or an intermediary key used to derive the final key.

Abstract: A method and system for determining a cost to allow a blockchain-based admission to a protected entity. The method includes identifying, in a blockchain network, a conversion transaction identifying a conversion of a first-type of access tokens with access tokens of a second-type, wherein the transaction designates at least the protected entity; determining a conversion value for converting the first-type of access tokens into the second-type access tokens, wherein the conversion value is determined based on at least one access parameter; and converting, based on the determined conversion value, a first sum of the first-type access tokens into a second sum of the second-type access-tokens, wherein a client spends the second sum of the second-type access tokens to access the protected entity, the determined conversion value is the access cost to the protected entity.

Abstract: A system, method, and computer-readable medium are disclosed for performing an adaptive trust profile generation operation. The adaptive trust profile generation operation includes: monitoring an electronically-observable action of an entity, the electronically-observable action of the entity corresponding to an event enacted by the entity; converting the electronically-observable action of the entity to electronic information representing the action of the entity; and generating the adaptive trust profile based upon the action of the entity, the adaptive trust profile comprising a plurality of adaptive trust profile components.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for blockchain-based cross-entity authentication are provided. One of the methods includes: obtaining, from a blockchain, a blockchain transaction comprising an authentication request by a first entity for authenticating a user, wherein the authentication request comprises a decentralized identifier (DID) of the user; in response to determining that the first entity is permitted to access authentication information of the user endorsed by a second entity, obtaining an authentication result of the user by the second entity in response to the obtained blockchain transaction, wherein the authentication result is associated with the DID; generating a different blockchain transaction comprising the authentication result; and transmitting the different blockchain transaction to a blockchain node for adding to the blockchain.

Abstract: An account login method and apparatus and a storage medium are provided. The method includes receiving, from a first terminal, a login request including an identifier of a target network to which the first terminal is connected. One or more instant messaging accounts logged into by using the target network are obtained, and a target instant messaging account is selected from the one or more instant messaging accounts. A login authorization request is pushed to a second terminal on the target network, the second terminal corresponding to the target instant messaging account that is selected. In response to receiving a login authorization instruction from the second terminal, login information including the target instant messaging account is transmitted to the first terminal.

Abstract: A cloud service account management method identifies unauthorized or unmanaged accounts making administration console access or API access at a cloud computing service and triggers a work flow to place the accounts under management. In one embodiment, the user device is directed to a registration portal to provide access credentials of the unauthorized account. The loud service account management method uses the access credentials to retrieve a list of account users associated with the account. Once the accounts are made managed, the cloud service account management method can monitor the activities of the account, including all of the account users, and can apply compliance or security policies to the managed accounts.

Abstract: System and techniques for a virtual private network are described herein. A plurality of host beacons may be obtained. Here, each beacon corresponds to a backhaul and includes an endpoint performance data structure. A set of endpoint performance data structures may be extracted from the plurality of host beacons. The set of endpoint performance data structures may be sorted based on a set of fields of members of the set of endpoint performance data structures. Entrance to a backhaul for a host corresponding to an endpoint performance data structure at an end of the sorted set of endpoint performance data structures may be negotiated.

Abstract: Apparatus, system and method for promoting media apps to an end user of a smart device. The smart device gathers information of apps that have been installed into the smart device and provides this information to a remote server. The remote server compares the information sent by the smart device to an identification of promoted apps received from a remote source to identify apps that are not installed in the smart device that are included in the identification of promoted apps. The remote server then notifies the smart device of which apps in the identification of promoted apps are not installed into the smart device, so that a user of the smart device may choose to have the missing app installed.

Abstract: Systems and methods include a method for configuring, without intervention by a Control System Engineer, a remote terminal unit (RTU) in a “raw” condition from a centralized system in a supervisory control and data acquisition system (SCADA) network augmented by authentication controls from existing Network Access Control or site occupancy sensors. An RTU configuration request is received to configure an RTU in a remote location and pre-configured with an embedded remote configuration assignment capability. A low-level communication channel with the RTU is established through an initial data communication relay apparatus for using a low-level communication protocol. A SCADA Communication Protocol address for the RTU to support a high-level communication channel is assigned. The RTU is connected to the SCADA network and configured for use in the SCADA network. Configuration is done using high-level communication after authenticating the identity of the RTU and the integrity of the configuration request.

Abstract: A system that incorporates the subject disclosure may perform, for example, operations including obtaining a request from a mobile device to allow user access to restricted content of a separate device. The process further includes forwarding a token to the separate device by way of a second wireless network, to obtain a separate device token, and forwarding the token to the first device by way of the first network to obtain a mobile device token, wherein the mobile device token is forwarded to the separate device by way of a third network. A confirmation that the token was obtained at the separate device is based on the result of the comparison indicating a match between the mobile device token and the separate device token. Access to the restricted content of the separate device is authorized based on to the confirmation. Other embodiments are disclosed.

Abstract: An idea recognition tool utilizes natural language processing techniques to capture, understand, and identify ideas that are mentioned by speakers during a conversation involving multiple speakers, and tag ideas attributed to their speaker accordingly. The idea recognition tool also autonomously triggers search operations to obtain supplemental information for enriching the underlying identified ideas. The identified ideas and supplemental information are grouped, classified, and formatted into a dedicated format for further analysis, as well as considered for implementing relevant actions.

Abstract: Enterprise messaging using a blockchain system. A method of the disclosure includes receiving, by a first node of a blockchain system of an enterprise service bus, a message transmitted by a second node of the blockchain system. The blockchain system may be configured to store a plurality of messages communicated via the enterprise service bus in a distributed ledger. The method also includes determining, by the first node, whether the first node should process the message. The method further includes processing, by the first node, the message in response to determining that the message should be processed by the first node. The method further includes updating the distributed ledger to indicate that the message has been processed by the first node.