Abstract: An unlocking method and an unlocking apparatus are provided. According to an example, the unlocking method comprises: determining whether a mobile terminal to be unlocked exists; and sending a preset instruction to the mobile terminal when the mobile terminal to be unlocked exists, where the preset instruction is configured to control the mobile terminal to unlock a display screen.

Abstract: A method includes detecting, by a computing device, activation of a link to content served by a remote server, and in response to detecting activation of the link, attempting to load a passive mixed content item from the computing device. The method also includes determining whether the passive mixed content item successfully loaded. The method further includes, in response to determining the passive mixed content item successfully loaded, accessing, using an application on the computing device, the content from the remote server. In addition, the method includes, in response to determining the passive mixed content item did not successfully load, accessing, using a web browser, the content from the remote server.

Abstract: Disclosed are methods, systems, and devices for facilitating secure and private communications, via a website or application of a third-party computing system (TPCS), between a user device and a service provider computing system (SPCS). The communications may be conducted via a frame in a website served by the TPCS. The TPCS may serve a website that incorporates a customizable SDK component provided by the SPCS. The communications allow the user to, for example, open a new account. The SDK component may be initialized via a script from the SPCS, and authenticated via a session token obtained from the SPCS via the TPCS. The SDK component may provide user information, input into the frame, to the SPCS via API calls to the SPCS. The user does not navigate away from the website while securely engaging the SPCS. The third-party/partner need not develop its own user interface, security protocols, etc.

Abstract: Embodiments are directed to a method of providing access verification for a system that includes activating a security control device, which is in communications with a host device. The method also includes having the security control device receiving a verification signal coming from outside the system while being locally-based, and comparing the verification signal to a table of stored criteria values. The device then chooses a response based on that comparison and sends an access determination signal based on the response.

Abstract: Disclosed are methods, systems, and devices for facilitating secure and private communications, via a website or application of a third-party computing system (TPCS), between a user device and a service provider computing system (SPCS). The communications may be conducted via a frame in a website served by the TPCS. The TPCS may serve a website that incorporates a customizable SDK component provided by the SPCS. The communications allow the user to, for example, open a new account. The SDK component may be initialized via a script from the SPCS, and authenticated via a session token obtained from the SPCS via the TPCS. The SDK component may provide user information, input into the frame, to the SPCS via API calls to the SPCS. The user does not navigate away from the website while securely engaging the SPCS. The third-party/partner need not develop its own user interface, security protocols, etc.

Abstract: User authentication techniques that use a companion device associated with a mobile computing device are described. The companion device receives a user authentication request from a user authentication service via the mobile computing device, displays information related to the user authentication request, receives an approval of the user authentication request, and transmits the approval of the user authentication request to the service via the mobile computing device. In one embodiment, after transmitting the approval, the companion device receives a token from the mobile computing device that includes a value obtained from the service, signs the token with a private key of a securely-stored signing key pair and provides the signed token to the service via the mobile computing device. In another embodiment, after the companion device transmits the approval to the mobile computing device, the mobile computing device provides a personal identification code from secure storage to the service.

Abstract: A Time-based One-Time Password (TOTP) validator is interposed between a principal and a network service. The validator interacts with a mobile application (app) on the mobile device associated with the principal to dynamically supply a validator secret. The secret and, perhaps, other information are processed by the app to generate a TOTP when the principal attempts to access a protected resource of the network service. The validator independently generates the TOTP and compares the app generated TOTP, and on a successful match, a principal's access device is redirected for access to the protected resource.

Abstract: A disclosed method performed by a network device can include intercepting cryptographic certificates of host servers received in response to requests for encrypted connections between host servers and user devices, and determining that each encrypted connection is a suspicious connection or a normal connection based on a certificate validation policy. The method can further include causing decryption or metadata analysis of any suspicious encrypted connection and bypassing decryption or metadata analysis of any normal encrypted connection.

Abstract: Certain embodiments of the present disclosure relate to systems and methods that control access to system resources, such as interfaces, access rights to events, query systems, and other suitable system resources. Further, certain embodiments of the present disclosure relate to a collision detection technique that is implemented to control which and/or a number of queue positions within a queue that are processed. In some implementations, a collision may be detected when two or more users request the same access right within a defined time period.

Abstract: A method for signing up a user to a service for controlling at least one functionality in a vehicle (10) by means of a user terminal (20) comprises the following steps: —communicating a user identifier and an identifier associated with the vehicle (10) to a server (50); —having the server (50) authenticate an electronics unit (11) of the vehicle (10); —in the event of successful authentication, registering the user identifier and the identifier associated with the vehicle (10) in association with one another in the server (50).

Abstract: A method and apparatus for authenticating a user commerce account associated with a merchant of a commerce platform are described. The method may include initiating authentication of the user commerce account associated with the merchant of the commerce platform from a commerce platform user interface of a user device, the user commerce account established for a user of the merchant. The method may also include sending an electronic message to a mobile device associated with the user account at the commerce platform, wherein the electronic message comprises an authentication code, and receiving the authentication code from the commerce platform user interface. Furthermore, the method may include generating an authentication key for the mobile device in response to matching the received authentication code with the sent authentication code and receiving a cookie provided from the commerce platform to the mobile device.

Abstract: Aspects of the subject disclosure may include, for example, initializing a secure timer in a wireless device, determining whether a subscriber identification module (SIM) card installed in the wireless device comprises a carrier identity that matches a carrier identity stored in the machine-readable medium, establishing a network connection with a trusted server, starting the secure timer if the SIM card and network connection are satisfactory, periodically checking the network connection and SIM card until expiry of the secure timer, penalizing the secure timer responsive to a failure of the network connection or SIM card check, and responsive to expiry of the secure timer, unlocking a SIM lock. Other embodiments are disclosed.

Abstract: Embodiments are provided for receiving media content based on the user media preferences. An example implementation includes a one or more servers receiving data representing a guest list for an upcoming event corresponding to a first user account, the guest list indicating multiple guests corresponding to respective second user accounts of a second cloud service and querying one or more streaming media services for music preferences corresponding to the multiple guests. The one or more servers receive, from the one or more streaming media services, data representing respective music preferences corresponding to the multiple guests and generate a playlist of audio tracks based on the received respective music preferences corresponding to the multiple guests. During the event, the server(s) cause the playlist to be queued in a playback queue for playback by one or more playback devices of a particular media playback system registered with the first user account.

Abstract: A client transmits a user identifier and a password to a server via an application programming interface (API). The client establishes an authenticated session with the server in which the client has a first set of permissions for operations associated with the API. The client receives, responsive to a verification of the user identifier and password by the server, a logon response and a shared secret. The client generates a one time passcode (OTP) based upon the shared secret. The client sends the OTP to the server via the API. Responsive to the server validating the OTP against the shared secret, the server grants a second set of permissions for operations associated with the API.

Abstract: Method and System for performing secure card less transactions using a user device is disclosed. Initially, an authenticated banking application is downloaded on the user device wherein the downloaded application is linked to a user by a unique ID. To perform a transaction, the user logs in to the downloaded application and after login the user device and the ATM are securely paired, wherein the ATM also has a location based unique ID. The secure pairing process uses parameters such as a specific application identifier and a transaction terminal identifier. Once the user initiates the secure pairing process, the ATM displays a unique number generated by the bank server. The unique number is linked to the user and is entered in the portable device. Further, biometric authentication is performed and after validating a token ID is generated where a User specific UI is obtained and rendered onto the user device.

Abstract: Techniques for managing an application token may include providing, by a first service provider application on a communication device to a first service provider computer, a first request for a first application token, receiving, by an account management application on the communication device from a token service computer in communication with the first service provider computer, the first application token, and storing the first application token in a token container in the account management application.

Abstract: Content is selectively provided to users of mobile devices within a venue including an on-site wireless network. User authorization requests and/or user account registration data are transmitted to the on-site wireless network from mobile devices within the venue. Attributes such as user interests and professions, which comprise inferred user profiles, are obtained using the network traffic data. Identities of mobile devices are established based on a combination including two or more of network identifiers, mobile device signatures, and browser signatures. The inferred user profiles are correlated with the mobile device identities. The inferred user profiles are aggregated into user profile groups and then matched with a content provider's intended target profiles. Content is transmitted to the mobile devices corresponding to the intended target profiles and based on correlation of the inferred user profiles with identities of the devices.

Abstract: Aspects described herein relate to methods, devices and systems that allow for a client device, as part of a remote access or cloud-based network environment, to map external user identities to desktops and applications. Local user accounts can be dynamically generated on a virtual delivery agent. A mapping of the local user account to an external identity can be secured using signed tokens and maintained by a broker machine that allocates resources for the deployment of particular applications to the client device from the virtual delivery agent. This allows for the removal of any dependency on an Active Directory for maintaining user identities or federated sign-on services, greatly simplifying the management of user identities within the system and allowing for greater compatibility across client devices.

Abstract: Disclosed herein are various systems, methods, and processes for sharing a storage device with multiple virtual machines. A pseudo-identity is created for a storage device. Information in a hypervisor is configured to modify a response to a command issued to the storage device by a virtual machine. Physical characteristics of the storage device are determined and it is also determined whether the physical characteristics are acceptable. If the physical characteristics are acceptable, a virtual disk associated with the virtual machine is used. If the physical characteristics are unacceptable, a mapping of the virtual machine is migrated to another storage device.

Abstract: A method for establishing a trust association includes receiving, by a server, a request to associate a web source with an account, the request having a link to the web source, and accessing, by the server, the web source in response to the request to associate. The method further includes locating, by the server and within the web source, a tag associated with the account, creating, by the server and in response to locating the tag within the web source, a trust association between the account and the web source, and providing, by the server, an indicating of the trust association for display in a user interface of a client device.

Abstract: Aspects of the present disclosure are directed to electronic computer implemented methods of data communication. At least one method includes, via a data communications network, receiving one or more mobile EDI token datasets associated with each of one or more mobile devices; each of the mobile EDI token datasets including a mobile online ID attribute data element, a beacon attribute data element and biometric ID attribute data element; via a data communications network, receiving a matching score attribute data element associated with at least one of the mobile EDI token datasets; electronically processing and authenticating the least one mobile EDI token dataset based on the received matching score attribute data element; and via a data communications network, transmitting the mobile online ID attribute associated with the authenticated mobile EDI token dataset.

Abstract: Methods, computing systems and computer program products implement embodiments of the present invention that include associating a token with a computing device, defining preferences for the computing device, and conveying, by the computing device, the token and the preferences to an event processing system. Upon the event processing system, an event message from a computing system via a one-way firewall and matching the computing device preferences to the event message, the event processing system can convey the token and the event message to a push notification system. In some embodiments, upon the push notification service receiving the token and the event message, the mobile device can be identified based on the token, and the event message can be conveyed to the computing device. The event messages may include a severity level, and the preferences may include a severity threshold and a message detail level.

Abstract: An example method of implementing server-driven notifications to mobile applications may include: receiving, by a mobile computing device, a message from a notification server, wherein the message comprises a payload identifying a mobile application running on the mobile computing device; translating the payload into a local notification including an identifier of the mobile application; causing the local notification to be displayed on the mobile computing device; and responsive to receiving a user interface event associated with the local notification, processing the user interface event by a handler of the mobile application.

Abstract: Disclosed are various approaches for implementing an application authentication wrapper. An authentication request, such as a Kerberos request, is created for authenticating the computing device. The authentication request is encrypted to generate an encrypted authentication request. The encrypted authentication request is then forwarded to a reverse proxy server. An encrypted authentication response is received from the reverse proxy server. The encrypted authentication response, such as a Kerberos response, is then decrypted to generate a corresponding authentication response, which is then forwarded to the computing device that generated the authentication request.

Abstract: Embodiments of the disclosure provide a method of incorporating multiple authentication systems and protocols. The types of authentication systems and protocols can vary based on desired assurance levels. A Centralized Authentication System together with an authentication policy dictates acceptable authentication systems. Authorization data for each authorization system are captured and packaged into a single Object Data Structure. The authorization data can be compared to data stored in an identity store for authentication. The authorization data can also be used for user and device registration and for transferring an authentication or registration token from a previously authenticated and registered device to a new device.

Abstract: A remotely managing and controlling system and a remotely managing and controlling method are provided to a user for receiving feedback information and control right of the target device through a remote connecting device. To achieve the above goal, a remote control program is proposed and installed in a controlling device, named controlling terminal, and the target device, to determine whether operation modes can be executed through the remote connecting device. The remote connecting device transmits control commands and data to the target device, and receives the feedback information and the control right of the target device. Then, the controlling terminal can control the target device according to the feedback information for increasing the efficiency of data management. Further, the system and the method can receive a location of the target device through a tracing platform, and control the target device for increasing security of data stored in the target device.

Abstract: A first controllable appliance receives from a second controllable appliance a command for causing the first controllable appliance to be placed into a state and, in response, determines a trust level of the second controllable appliance. When it is determined that the second controllable appliance is trustworthy, the first controllable appliance executes the command. When it is determined that the second controllable appliance is untrustworthy, the first controllable appliance ignores the command. Otherwise, the first controllable appliance enters into a state in which the first controllable appliance waits for at least a predetermined period of time for a user to confirm whether or not the first controllable appliance should be caused to execute the command.

Abstract: An apparatus and a method for registering a device in a cloud server are provided. The apparatus includes detecting the device by using short-range communication, requesting an authentication code used for registering the device in the cloud server from an account server in response to the device being detected, receiving the authentication code from the account server, and transmitting the received authentication code and connection address information of the cloud server to the device.

Abstract: Apparatuses, systems, methods, and computer program products are disclosed for distributed and/or decentralized data aggregation. A method includes determining a user's electronic credentials for a third party service provider. A method includes detecting that access to a third party service provider is unavailable. A method includes processing, using machine learning, a website of a third party service provider to determine a prediction of an input location for a user's electronic credentials. A method includes accessing a third party service provider using a predicted input location for a user's electronic credentials to download data associated with the user from the third party service provider.

Abstract: An authentication information issuing apparatus is configured to issue authentication information with which a vehicle is unlocked, to a portable terminal, the vehicle being capable of containing a parcel and being locked and unlocked based on the authentication information acquired from the portable terminal, and includes a storage device, an acquiring device and an authentication information sending device. The storage device is configured to store a parcel receipt ID as information with which a delivery destination of the parcel is specified and a vehicle ID as information with which the vehicle is identified, in association with each other. The acquiring device is configured to acquire the parcel receipt ID associated with a target parcel. The authentication information sending device is configured to send the authentication information with which a vehicle as a containment destination of the parcel is unlocked, to the portable terminal, based on the acquired parcel receipt ID.

Abstract: Disclosed are a transaction card and an information displaying method. The transaction card includes a card body, a power supply, a graphic code generation circuit, and a display device. The power supply, the graphic code generation circuit, and the display device are embedded within the card body. The power supply is connected to the graphic code generation circuit and the display device. The graphic code generation circuit is configured to generate a graphic transaction code based on transaction account information of a user. The display device is configured to display the graphic transaction code.

Abstract: A computer-implemented method for enhancing user authentication is provided. The method is implemented using an authentication computing device in communication with a memory. The method includes storing a plurality of user preferences associated with a user account. The user preferences are rule-based preferences that define steps to be taken for authenticating the user for accessing the user account. The method also includes receiving an authentication request for access to the user account, determining one or more authentication challenges based, at least in part, on the user preferences, transmitting the one or more authentication challenges to be presented to a user attempting to access the user account, and determining whether to authenticate the user based on a response to the one or more authentication challenges.

Abstract: A frontend client system and associated frontend method perform processes for backing up encrypted data in backend storage, such that a frontend client can perform the backup without exposing the encrypted data, using the client-controlled keys, and without long running server-side processes.

Abstract: A system for wearable authentication and management is disclosed. In particular, the system may include identifying and authenticating a user through biometric data or movement signatures specific to the wearer of a wearable device. Once the user and wearable device are authenticated, the system may activate and provision connectivity services for the wearable device, associate the device with a device ecosystem of the user, and push predefined settings to the wearable device. Additionally, the system may deliver communications that are transmitted to other devices in the device ecosystem to the wearable device while the wearable device is worn by the user. If the user no longer wears the wearable device or the wearable device is not utilized for a period of time, the system may deactivate the connectivity services for the wearable device and remove any settings pushed to the wearable device.

Abstract: A method for flow-based authorization includes receiving, at an electronic device, an input from an input agent and passing the input through a path of components to determine one or more action agents. Further, the method includes determining a flow for the input, wherein the flow comprises a representation of all possible paths between the input agent and the one or more action agents and providing a common language permission statement based on the flow.

Abstract: A computer-implemented method for enforcing dynamic network security policies may include (i) monitoring, by a network traffic protection system, network packets transmitted on a network segment, (ii) detecting, by the network traffic protection system, a suspicious transmission of at least one network packet associated with an endpoint computing device connected to the network segment, (iii) modifying, based on the suspicious transmission of the network packet, at least one network security policy for the network segment, and (iv) enforcing, by the network traffic protection system, the modified network security policy for all endpoint computing devices connected to the network segment. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A wearable device includes a display; a sensor configured to obtain a biometric information of a user; a memory configured to store at least one instruction; and at least one processor configured to execute the at least one instruction to: based on an event related to executing an application, identify execution of biometric authentication associated with the application; based on the identification, display a message indicating information corresponding to the biometric authentication to be performed in the wearable device; obtain, by the sensor, the biometric information of the user wearing the wearable device; identify authority using the obtained biometric information and registered biometric information stored in the memory; and display, by the display, a screen associated with the executed application based on the identified authority.

Abstract: A secret share value of object data on which secure computation is to be performed is stored in a secure computation device, and a query which requests secure computation or secret share value of the query is input to the secure computation device. The secure computation device performs consistency verification of the secret share value of the object data and consistency verification of the query or the secret share value of the query, obtains a secret share value of a calculation result by performing secure computation in accordance with the query or the secret share value of the query which passed the consistency verification by using the secret share value of the object data which passed the consistency verification, and outputs the secret share value of the calculation result.

Abstract: A system for accessing protected data comprising a token retriever system operating on a processor and configured to receive a token from a user and to transmit a request including the token to a detokenization system over a data communications medium. The detokenization system configured to receive the token, to verify that the request has been received from an authorized source, and to transmit a response to the request that includes an account number associated with the token. The token retriever system is configured to receive the account number and to display the account number for a predetermined period of time.

Abstract: An information processing system grants an access right to data to a registered user, and includes a receiving unit and a granting unit. The receiving unit receives information on an unregistered user who is to be granted with an access right to specific data. The granting unit grants the access right to the specific data to the unregistered user after the unregistered user has been registered.

Abstract: Systems and methods are described for providing a security code to a second device. A first device receives a textual representation of a security code that is required for authorization of a second device with a remote application server. The first device checks if the textual representation of the security code is accessed during a predefined time period. If not, the first device also checks if the second device is within an output range of the first device. If so, the first device outputs an audio representation of the security code.

Abstract: Methods and systems for granting or denying a client device access to one or more resources in a remote computing environment are described herein. During authentication, context information for the client device, such as device type, device location, etc., may be determined. A computing device in the system may receive data indicating the context information, such as data indicating that the user is at a particular location and/or is of a particular device type. One or more labels for a session associated with the user of the client device may be determined based on the data indicating the context information. The computing device may generate an authentication certificate comprising one or more labels. Based on the certificate, one or more access groups for the user of the client device may be determined, and the user of the client device may be granted or denied access to one or more resources according to the access group(s).

Abstract: Systems for computer security. A proxy service implements methods for substituting callback uniform resource locators (URLs) when using an OAuth protocol exchange to authenticate an application. A proxy service is established at a first uniform resource locator to carry out communications between one or more identity access management servers and a plurality of application hosting sites. At least one of the plurality of application hosting sites has a second uniform resource locator that is different from the first uniform resource locator. An identity access management server will register the application and the first uniform resource locator. From any hosting site, the application is invoked, upon which invocation, the application carries out at least a portion of the OAuth protocol exchange with the IAM. The proxy service at the first uniform resource locator receives an authentication message from the IAM and then redirects the authentication message to the application hosting site.

Abstract: Systems and methods for managing wind power plants (WPPs) having a plurality of wind turbines are provided. The system includes a central server in communication with one or more WPP servers through an external network, wherein each WPP server is associated with a corresponding WPP. The WPP server is in communication with one or more wind turbines in the corresponding WPP through a private network. The central server is configured to identify at least one maintenance activity to be performed based on event information associated with a wind turbine in a WPP. The central server is configured to generate a service operation request (SOR) message including an access request to the turbine based on the identified maintenance activity. The central server transmits the SOR message for approval to an authentication unit and accesses the wind turbine in the first WPP upon approval of the SOR message.

Abstract: One embodiment performs policy evaluation in a multi-tenant cloud-based identity and access management (“IAM”) system. The embodiment receives a request for an IAM service for a tenant of the multi-tenant cloud-based IAM system, and determines an applicable policy associated with the IAM service. The embodiment determines a policy expression of the applicable policy, where the policy expression includes a reference to an attribute value, and where the reference either includes a function or includes an application programming interface (“API”) of an attribute retriever class. The embodiment obtains the attribute value by invoking the function or by invoking the API of the attribute retriever class. The embodiment evaluates the applicable policy at run-time using at least the obtained attribute value, and performs the IAM service based on the result of the evaluating of the policy.

Abstract: Techniques for transaction-specific authentication. An access manager receives information for a transaction. The information can be received in an authentication request from an application that is to perform the transaction or received as part of a transaction request. The information identifies an attribute associated with the transaction and includes a value for the attribute. The access manager uses the value to generate a first one-time password (OTP). The first OTP is compared to a second OTP received from a client device of a user who requested the transaction. Matching of the first OTP and the second OTP indicates that the value received in the information for the transaction matches a value provided by the user to the client device. Based on determining that the first OTP matches the second OTP, the access manager transmits an indication to the application that the user is successfully authenticated for the transaction.

Abstract: An action recognition system is illustrated. The action recognition system has an annular body, at least one light emitting unit, at least one light sensing unit and an action recognition module. The annular body is worn on a movable part of a user. One end of the light emitting unit is exposed on an inner side of the annular body, wherein the light emitting unit emits a first light beam illuminating at least a portion of the movable part. One end of the light sensing unit is exposed on the inner side of the annular body. The light sensing unit operatively senses a second light beam reflected by the at least portion of the movable part and generates a light sensing signal. The action recognition module is configured to operatively determine an action of the user according to the light sensing signal.

Abstract: In some embodiments, a user device may detect, via pattern recognition by a user application, a pattern (indicative of a given code type) presented on a physical object. The user device may cause, via the user application, a code scanning application to be launched based on the detection to scan the pattern. The user device may obtain, via the user application, a code (associated with a biller entity) of the given code type from the code scanning application based on the code scanning application's scan. The user device may cause, via the user application, the code or information derived from the code to be provided over the Internet to a computer system hosting accounts of a user of the user application. The code or the derived information may be used by the computer system to complete transactions between the biller entity and at least one of the accounts.

Abstract: Some embodiments are directed to an electronic cryptographic device including a physically unclonable function and an enrollment unit configured to generate a first PUF data during the enrollment phase, the first PUF data derived from a first noisy bit string of the PUF, the first PUF data uniquely identifying the physically unclonable function, the first PUF data including a first helper data. The first PUF data is transmitted to an electronic server during an enrollment phase. The device includes a use-phase unit configured to generate a second PUF data derived from a second noisy bit string during a use phase. The first helper data is received from the server in response to transmitting the second PUF data. An error corrector is configured to apply the first helper data to the second noisy bit string.

Abstract: Aspects of this disclosure relate to authenticating a communication session. In some variations, a secured hardware storage area may be utilized to store at least one key credential. A communication session may be established from an enterprise associated application. To verify the authenticity of the communication session, a customer system and a host enterprise system may exchange a token. The token which may be signed with a key credential to validate a communication session. Additional validation data may be exchanged between operators of the customer system and a host enterprise system.