Abstract: According to one embodiment, a service management system includes a relay device to relay communications between a client and a server providing a service that comprises one or more microservices. The relay device generates an authentication token, authenticates the authentication token when included in a service request from the client, and issues a command to the server to execute a service requested by the client after the authentication token is successfully authenticated. A token issuing server is provided to communicate with the relay device and the client and includes a storage unit and a processor. The processor is configured to store an access key issued by the relay device in the storage unit, acquire the authentication token from the relay device by using the access key, and send the acquired authentication token to the client in response to a token request from the client.

Abstract: There is provided an access system for controlling access to an inspection area and a product inspection apparatus. The access system comprises an area access controller configured to control an inspection area access means for controlling access to an inspection area; a product inspection apparatus controller configured to control access to one or more functions of a product inspection apparatus within the inspection area; a first RFID reader configured to read an external RFID tag of a user; and one or more memory devices configured to store authorised RFID data corresponding to one or more RFID tags each associated with an authorised user.

Abstract: An authentication system facilitates efficient generation of authentication integrations with third-party identity providers for client systems. The authentication system provides one or more interfaces configured to receive requests to make authentication integrations available for a third-party identity provider. The requests to make authentication integrations available include integration information for the relevant identity provider. Based on the request to make authentication integrations available, the authentication system generates an identity provider profile for the identity provider that can be used to generate authentication integrations with the identity provider for one or more client systems. Once the identity provider profile is generated, the authentication system uses the identity provider profile to generate authentication integrations for one or more client systems that request authentication through the third-party identity provider.

Abstract: A communication apparatus, when it perform data communication using a master base station and a secondary base station, stops communication with the secondary base station, confirms with a user whether or not the data communication is to continue in a case where communication with the secondary base station is stopped, and in a case where it was confirmed that the data communication is not continue, stops communication with the master base station.

Abstract: A system and method for PIN authentication issuance from a MFP QR Code includes a QR code presented on an authentication screen of multifunction peripheral display. A user requiring a personal information number to access a multifunction peripheral printing system managed by a print server scans the QR code with their secure smartphone or tablet. The scanned QR code opens a web portal to the sever on the user's device where they can select a new PIN. The new PIN is stored on the server for the user' account and access to the MFP is then granted when the user enters their new PIN.

Abstract: A system and method for a hybrid development platform for project development that integrates local and continuous integration (CI)-based building and testing. The system and method can make use of a build cluster, that executes individual commands within build targets; a build cache that stores partial results of previous executions; an artifact and image storage system, that stores and updates artifacts and container images; and a secrets repository that manages local and global project secrets. The system and method function as an automated build platform that enables an execution environment agnostic build platform for development over local development and extended network computing environments.

Abstract: Aspects of the subject disclosure may include, for example, initializing a secure timer in a wireless device, determining whether a subscriber identification module (SIM) card installed in the wireless device comprises a carrier identity that matches a carrier identity stored in the machine-readable medium, establishing a network connection with a trusted server, starting the secure timer if the SIM card and network connection are satisfactory, periodically checking the network connection and SIM card until expiry of the secure timer, penalizing the secure timer responsive to a failure of the network connection or SIM card check, and responsive to expiry of the secure timer, unlocking a SIM lock. Other embodiments are disclosed.

Abstract: An authentication method, a content delivery network CDN, and a content server are provided. The method includes: receiving, by a CDN, a content access request that is sent by a client and that carries a first authentication credential and a second authentication credential, where the first authentication credential is generated by a content server based on a first key allocated by the CDN, and the second authentication credential is generated by the content server based on a second key allocated by a cloud server; performing, by the CDN, authentication on the first authentication credential by using the first key; and performing, by the cloud server, authentication on the second authentication credential by using the second key. In this manner, the CDN and the cloud storage server separately allocate different keys to the content server.

Abstract: A virtual session manager of an electronic device maintains a web session for a user across multiple electronic devices. The virtual session manager receives an authentication request from a first electronic device that is in a communication range of the device. The virtual session manager transmits the authentication request to an endpoint device with a grant token without providing the first electronic device with any access to the grant token. The virtual session manager will receive, from the endpoint device, a first access token in response to the first authentication request. The virtual session manager will transmit the first access token to the first electronic device so that the first electronic device can establish a virtual session with the first web resource.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer-storage media, for web application generation. In some implementations, a method includes receiving an identifier for code written for execution on a local device; determining, by analyzing the code, contextual information for executing the code; generating, using the contextual information, a web services layer for the code that enables execution of the code in a cloud computing environment; creating configuration settings i) for the code and ii) that include first data defining the web services layer and second data defining one or more access tokens, each access token enabling calling of a respective function in the code; and storing, in memory, the configuration settings for use during deployment of the code in response to receipt of a request to execute at least one function in the code.

Abstract: Systems and techniques for automatic escalation of trust credentials are described herein. Requestor data may be received that describes workloads of a requestor. A set of trust credentials may be determined by using an escalation prediction model to evaluate the requestor data. The multi-access token may be assembled from the set of trust credentials. The multi-access token may be transmitted to an information provider to fulfill a request of a requestor.

Abstract: Systems and methods for secure user authentication are described. In certain embodiments, a client device such as a smartphone may be provisioned with a secure key and/or other secret information. The client device may be used to generate unique secure tokens and/or other credentials used in connection with an authentication process. A user may provide the generated tokens and/or other credentials to a service provider in connection with a request to access a managed service. The validity of the generated tokens and/or other credentials may be verified by an authentication service in communication with the service provider.

Abstract: Disclosed are various approaches for performing biometric authentication of users using an application running on a client device. A biometric model can be trained using biometric data from a population of users. The biometric model can be used by the client application to authenticate users and can be separate from system-level biometric authentication capabilities of the client device.

Abstract: Systems and methods for passing account authentication information via parameters. A server can provide, to a client device, an account parameter derived from an account credential used to authenticate a first application to insert into a link. The link can include an address referencing a second application. The account parameter can be passed from the first application to the second application responsive to an interaction on the link. The server can receive from the second application of the client device, subsequent to passing the account parameter from the first application to the second application, a request to authenticate the second application including the account parameter. The server can authenticate the client device for the second application using the account parameter. The server can transmit, responsive to authenticating the client device for the second application, an authentication indication to the second application of the client device.

Abstract: Systems/Methods are disclosed of establishing a capability at a smartphone to be able to conduct a financial transaction and then using the established capability in performing the financial transaction by paying for a product. According to some embodiments, said establishing is performed responsive to sensing a physiological parameter and determining that the physiological parameter sensed satisfies a criterion. Then, an authorization to establish said capability is requested and, responsive to receiving the authorization, the capability to be able to conduct the financial transaction is established at the smartphone. The capability that has been established may then be used in performing the financial transaction responsive to the smartphone sensing proximity to an access point maintained by a vendor and responsive to the physiological parameter being sensed and satisfying the criterion.

Abstract: Methods, systems, and apparatuses are described herein for improving computer authentication processes by generating authentication questions based on the location of a user. Transaction data indicating a plurality of transactions associated with a user account may be received. Location data indicating a plurality of locations of a user device might be received. At least a subset of the plurality of transactions may be tagged, based on the location data, with an indication that a user was present for a respective transaction. For example, a location of a merchant might be compared to a user device location indicated by the location data. A plurality of authentication questions might be generated based on the subset of the plurality of transactions. Access to the user account might be provided based on responses to the plurality of authentication questions.

Abstract: A method is disclosed. The method includes establishing, by a first device, a wireless connection to a second device; transmitting a request, by the first device and to the second device, for location data indicative of a location of the second device; receiving, by the first device and from the second device, the location data indicative of the location of the second device; determining, by the first device, a distance between the first device and the second device based at least in part on the received location data; generating, by the first device, an altered value based on the received location data and the determined distance; and transmitting, by the first device and to the second device, the altered value and an account identifier associated with a user of the first device.

Abstract: Presented are user-friendly battery powered touchless identity card emulator systems and methods that allow existing ID management installations, such as physical card reader systems, to securely operate without requiring a physical key and irrespective of type, model, shape, and size of reader and card format. Various embodiments integrate wireless functionality to existing systems to enable mobile access to provide advanced user/identity management capabilities for access control systems.

Abstract: A method is disclosed and includes receiving, by a record server computer from a first processing network computer, a token, a device identifier associated with a user device, a session identifier associated with a registration request, and metadata about the token, and then receiving a metadata request from a second processing network computer in response to the second processing network computer receiving an authorization request message comprising the token, and the device identifier and/or the session identifier. The metadata request comprises at least the device identifier and/or the session identifier. The method also includes retrieving, by the record server computer, metadata associated with the metadata request, and providing the metadata to the second processing network computer. The second processing network computer processes the authorization request message using the token and the metadata.

Abstract: A smart door lock system and a control method thereof are proposed. More specifically, in the smart door lock system and the control method thereof, door-lock area information is displayed on an outer side of a door, the door-lock area information including: any one or more pieces of door-lock area state information on states of a door lock area entered through a door lock in which a smart door lock is installed; and door-lock area user information of users who use the door lock area.

Abstract: A method and a system for securely controlling a remote measurement device. A connection between at least one remote measurement device and a server, such as a server computer, connected to the Internet is established. By a firewall, the at least one remote measurement device is protected from unauthorized access via the Internet. In case of an event of the at least one remote measurement device, an event notification is sent from the at least one remote measurement device to the server via the firewall. A temporary access token is generated by the server in response to the event notification received from the remote measurement device. Access is temporarily granted to the at least one remote measurement device based on the temporary access token.

Abstract: Improved techniques for secure access to cloud-based services via a gateway proxy. The improved techniques can efficiently manage remote access to cloud-based services by local processing agents in a secure manner using an intermediate authentication token issued by a gateway proxy to authorized local processing agents. The intermediate authentication token can be used to obtain authentication credentials of service providers that are needed to access the cloud-based services that are offered by service providers. In some embodiments, the authentication credentials of service providers need only be distributed to the gateway proxy and need not be distributed beyond the gateway proxy. The improved techniques are well suited for used with robotic process automation systems in which local processing agents, such as software agents, perform user tasks in an automated fashion.

Abstract: Facilitating the generation of ephemeral credentials and verification thereof within a distributed storage system is provided herein. Based on a request for ephemeral credentials from a first account client to a first node of a first storage instance of a distributed system, generating the ephemeral credential comprising a session token and a secret session key for the first account client by a method that derives the secret session key using a first account private key and a first storage instance public key. This session token along with a signature generated using the secret session key of the ephemeral credential is subsequently used to make further requests to a second node of a second storage instance of the distributed system where the secret session key is independently derived using information in the request and the previously shared first account private key to verify the signature in the request.

Abstract: Described is a multiple-camera system and process for detecting, tracking, and re-verifying agents within a materials handling facility. In one implementation, a plurality of feature vectors may be generated for an agent and maintained as an agent model representative of the agent. When the object being tracked as the agent is to be re-verified, feature vectors representative of the object are generated and stored as a probe agent model. Feature vectors of the probe agent model are compared with corresponding feature vectors of candidate agent models for agents located in the materials handling facility. Based on the similarity scores, the agent may be re-verified, it may be determined that identifiers used for objects tracked as representative of the agents have been flipped, and/or to determine that tracking of the object representing the agent has been dropped.

Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.

Abstract: An apparatus and a method for registering a device in a cloud server are provided. The apparatus includes detecting the device by using short-range communication, requesting an authentication code used for registering the device in the cloud server from an account server in response to the device being detected, receiving the authentication code from the account server, and transmitting the received authentication code and connection address information of the cloud server to the device.

Abstract: In particular embodiments, a sensitive data management system is configured to remove sensitive data after a period of non-use. Credentials used to access remote systems and/or third-party systems are stored with metadata that is updated with each use of the credentials. After a period of non-use, determined based on credential metadata, the credentials are deleted. Personal data retrieved to process a consumer request is stored with metadata that is updated with each use of the personal data. After a period of non-use, determined based on personal data metadata, the personal data is deleted. The personal data is also deleted if the system determines that the process or system that caused the personal data to be retrieved is no longer in use. An encrypted version of personal data may be stored for later use in verifying proper consumer request fulfillment.

Abstract: A system and method are disclosed capable of parsing a spoken utterance into a natural language request and a speech audio segment, where the natural language request directs the system to use the speech audio segment as a new wakeword. In response to this wakeword assignment directive, the system and method are further capable of immediately building a new wakeword spotter to activate the device upon matching the new wakeword in the input audio. Different approaches to promptly building a new wakeword spotter are described. Variations of wakeword assignment directives can make the new wakeword public or private. They can also add the new wakeword to earlier wakewords, or replace earlier wakewords.

Abstract: Disclosed herein are display techniques that will allow sensitive data displayed on a computer screen to only be viewed by authorized users and will render computer screen unreadable to unauthorized users. One or more display techniques are capable of automatically scrambling and unscrambling display screen of the computing device in which only an intended viewer is able to view data on the display screen using deciphering glasses.

Abstract: A coupling of two electronic apparatuses for a wireless information exchange. The coupling is authenticated through the evaluation of motion patterns previously executed by the apparatuses.

Abstract: Methods, computer-readable media, software, and apparatuses are provided to assist a user and vendor in completing an online trusted transaction. Trusted vendor websites are verified and user identities are confirmed through a cyber-security safe logon credentialing system. The vendor can be confident that the user identity has been verified to be who they say they are and the user can be confident that they are using a trusted verified vendor website.

Abstract: A service processing method includes receiving, by a mobile phone, a first identifier from a head device of a vehicle after the head device receives a trigger request to perform a vehicle door opening service, determining, by the mobile phone based on the first identifier, to perform authentication, indicating, by the mobile phone, the head device to perform the vehicle door opening service when the authentication succeeds, or determining, by the mobile phone based on the first identifier, not to perform the authentication, and sending, by the mobile phone, location information of the mobile phone, and an indication that indicating a location of the mobile phone and a location of the head device are normal to the head device.

Abstract: The present embodiments relate to systems and methods for automatic sign in upon account signup. Particularly, the present embodiments can utilize a federated login approach for automatic sign in upon account signup for a cloud infrastructure. Specifically, the signup and sign in service (also known as SOUP) and an identity provider portal can be configured such that the nodes are aware of each other as Security Assertion Markup Language (SAML) partners. After new account registration, the signup service can redirect the user browser to a cloud infrastructure console to start with a federated login flow, where a sign in service can issue a SAML authentication request, and redirects it to signup service. Responsive to validating the browser using a SAML authentication process, the browser can be automatically signed into the new account and allowed access the account relating to the cloud infrastructure service.

Abstract: A method for determining a key for securing communication between a user apparatus and an application server. An authentication server of a mobile communication network and the user apparatus generate a secret master key during an authentication procedure. The user apparatus sends the authentication server a request for a key to communicate with the application server and receives a random variable. The authentication server and the user apparatus calculate the requested key by using a key derivation function applied to at least the random variable, a user identifier and an application server identifier using the master key.

Abstract: A method and system that allows authorized individuals access into controlled access locations and the ability to grant temporary and limited access to guests into these locations. The method and system allow for navigational services to be provided to members and guests, and real-time tracking and confirmation to members and administrators that guests have arrived at their destination and did not enter any unauthorized areas. The method preferably can work through a system of wireless radio, sound and/or light-based beacons communicating with member and guest's electronic devices. Members and administrators can send one or more temporary electronic access keys to a guest's smartphone or other electronic device. Wireless radio, sound and/or light-based beacons provide an access control and location tracking system with real-time data about the member and guest whereabouts, allowing for the confirmation and tracking.

Abstract: A system for routing an identity validation request comprises at least one processor in communication with computer-readable storage, the computer-readable storage having stored thereon instructions for causing the at least one processor to: receive, from a requesting device, an identity validation request, the identity validation request comprising identity data and a payment credential; determine, from the payment credential, an issuer of the payment credential; transmit, to the issuer, a verification service request message that comprises the identity data and the payment credential; receive, from the issuer, a verification service response indicating whether or not the identity data has previously been associated with the payment credential; and based on the verification service response, transmit, to the requesting device, an indication as to validity of the identity data.

Abstract: A system for accessing protected data comprising a token retriever system operating on a processor and configured to receive a token from a user and to transmit a request including the token to a detokenization system over a data communications medium. The detokenization system configured to receive the token, to verify that the request has been received from an authorized source, and to transmit a response to the request that includes an account number associated with the token. The token retriever system is configured to receive the account number and to display the account number for a predetermined period of time.

Abstract: A method comprises monitoring a computing environment including a plurality of containers, determining, for one of the containers, a service type and an IP address, assigning the IP address of the container having the determined service type to a first list of IP addresses, assigning an IP address of each of the containers to a second list of IP addresses, applying a first security policy for a first source of network traffic for processing by the container having the determined service type and the IP address assigned to the first list of IP addresses, and applying a second security policy for a second source of network traffic for processing by the containers having the IP addresses assigned to the second list of IP addresses.

Abstract: Systems and methods providing authentication in a microservice system. In some embodiments, the method comprises receiving, from the user interface application, a user interface response corresponding to the user interface request; and sending the user interface response to the client computer. Some embodiments comprise when no cache entry corresponding to the user interface session token is present in the user interface session cache, directing the user interface request to a login service. Some embodiments comprise when the login service receives valid login credentials from the client computer, sending a new user interface session token to the client computer. Some embodiments comprise invalidating the cache entries in the user interface session cache according to a cache expiry policy; and determining whether the cache entry corresponding to the particular user interface session token is valid. In some embodiments, the user interface request session token consists of a single value.

Abstract: A method and system for a one-time authentication interaction to conduct electronic financial transactions using a wearable smart ring device is described. In one embodiment, a method includes detecting, by a mobile device, that a wearable smart ring device is being worn by a user. The method also includes receiving, by the mobile device, authentication information associated with the user, and comparing the received authentication information with stored authentication information associated with the user. Upon determining that the received authentication information matches the stored authentication information, the wearable smart ring device is authorized to conduct electronic financial transactions. Additionally, the wearable smart ring device remains authorized to conduct electronic financial transactions as long as it is worn by the user. Once removed from the user's finger, the wearable smart ring device is de-authorized.

Abstract: At least initially blocking client download of certain content and injecting a user verification step for such downloads is disclosed. In some embodiments, a notification page with an option to accept a response from a server is provided to a client, an indication of user selection of the option to accept in the notification page is received from the client, and requested content received from the server is provided to the client. Injecting a user verification step via the notification page before providing requested content facilitates protecting the client from security threats.

Abstract: A privacy-enhancing system, method, and non-transitory computer-readable medium for securely identifying or verifying an individual over time without retaining sensitive biometric data (e.g., biometric images or biometric templates) for the purpose of securely storing data regarding the individual.

Abstract: Methods and systems are disclosed for providing secure authentication in a virtual or augmented reality environment using an interactive icon. One method comprises: receiving, over a computer network, a request for payment authorization; identifying, based on the request for payment authorization, a virtual reality interface; generating an icon in the virtual reality interface, the icon having a randomized display of authentication characters; receiving user input associated with at least one character of the of payment authentication characters in the virtual reality interface; and generating a payment authorization response to the request for payment authorization based on the received user input.

Abstract: A control system includes a control target device communicable with an information terminal and a server system. The server system includes an issue unit issuing a registration code in accordance with an input format of the information terminal in response to an issue request of a registration code from the control target device and a reply unit replying the registration code to the control target device. The control target device presents the replied registration code. If the presented registration code is inputted to the information terminal, information including the inputted registration code and an ID of the information terminal is transmitted to the server system. If the registration code transmitted from the information terminal and an input format thereof coincide with the registration code issued from the issue unit and an input format thereof, the server system performs registration processing for associating the information terminal with the control target device.

Abstract: This invention relates to systems and methods for authenticating transactions using a mobile device based primarily on the introduction of a layer of middleware and wherein the Payment Networks, Merchants, Issuing Banks, Credit Reporting Bureaus, Insurance Companies, Healthcare Providers may customize the implementation of the services based on individual strategy and consumer preferences.

Abstract: A mechanism for building decentralized computer applications that execute on a distributed computing system. The present technology works within a web browser, client application, or other software and provides access to decentralized computer applications through the browser. The present technology is non-custodial, wherein a public-private key pair, which represents user identity, is created on a client machine and then directly encrypted by a third-party platform without relying on one centralized computing system.

Abstract: A system comprising: a wireless kill switch and a computer; said wireless kill switch comprising: a housing, a radio transmitter, a microcontroller, an operable button, and a battery; said housing encasing the radio transmitter, the microcontroller, and the battery and allowing for operation of the operable button; the radio transmitter transmitting a continuous service signal to be received by a receiver on said computer and a heartbeat signal generated as a data packet on a first predetermined time basis; wherein said system maintains an operational state upon receipt of the continuous service signal and receipt of the heartbeat signal at a second predetermined time basis; and wherein the system modifies the computer to a different state than the operational state upon omission of the continuous service signal or the heartbeat signal.

Abstract: A Secure Access Gateway and Registry is provided for secure access to security related service information, to operate a security feature of a motor vehicle, by a validated Individual. The system is implemented with a general purpose computer, internet, mobile device, and secure data release Registry software application. An Individual is employed as a vehicle service professional. The Individual inputs a Registry Application data. The Registry uses the Registry Application data to generate a background search result data. The Registry uses the search result data to determine eligibility, and assign a Registered Vehicle Service Professional Identification code. The Individual uses the Registered Vehicle Service Professional Identification code to input a Form D1 authorization data, and to access an Automaker website. The Registry uses the D1 authorization data to determine a legal possessory interest in a motor vehicle, to be serviced.

Abstract: Techniques described herein are directed to point-of-sale (POS) authorization and access control. A POS application operating in a first state can send a first instruction to a reader device to prepare to read payment data associated with a payment instrument and, responsive to receiving the payment data from the reader device, can process a transaction using the payment data. In a second state, the POS application can send a second instruction to the reader device to prepare to read non-payment data associated with an identification instrument of a user and, responsive to receiving the non-payment data from the reader device, can verify an identity of the user and/or grant the user permission to perform an operation. The POS application can transition between the first state and the second state based at least in part on a type of instrument to be read by the reader device.

Abstract: A method for transmitting data in a computer network is provided, which comprises, at a first node of the network: receiving a computing puzzle from a puzzle server node of the network distinct from the first node; determining a solution to the puzzle for transmitting a message to a second node of the network distinct from the puzzle server node; and transmitting data to the second node, wherein the transmitted data comprises a message and the determined solution to the puzzle.