Abstract: Disclosed is a security authentication system for a membership login of an online website capable of ensuring a safe membership login without having to directly entering a membership ID and a password for a membership login of a certain online website on a user terminal being used in association with a smartphone for a private or public purpose, and a method thereof.

Abstract: According to a non-limiting embodiment, a multiple identity resolution system includes an IDaaS integrated with a PaaS. The IDaaS is integrated with a cloud-based network, and an application module installed in the cloud-based network. The application module is configured to deliver content to at least one electronic device. The multiple identity resolution system further includes a service module in signal communication with the application module. The service module is configured to identify a physical user operating the at least one electronic device based on at least one user authentication credential received by the at least one electronic user device and at least one device attribute of the at least one electronic device.

Abstract: A mechanism is provided for partial offload of connection tracking from a host processor to a network interface device. Software running in the host processor is used for connection establishment. After a connection has been established the software initializes and transfers flow-control to the network interface device. Thereafter, the network interface device continues transferring packets to the destination, while the software in the host processor monitors the flow. If the connection has been terminated or has expired flow control reverts to the software. Modes of operation are provided for network interface devices with and without a specific connection-tracking module.

Abstract: An action recognition system is illustrated. The action recognition system has an annular body, at least one light emitting unit, at least one light sensing unit and an action recognition module. The annular body is worn on a movable part of a user. One end of the light emitting unit is exposed on an inner side of the annular body, wherein the light emitting unit emits a first light beam illuminating at least a portion of the movable part. One end of the light sensing unit is exposed on the inner side of the annular body. The light sensing unit operatively senses a second light beam reflected by the at least portion of the movable part and generates a light sensing signal. The action recognition module is configured to operatively determine an action of the user according to the light sensing signal.

Abstract: A method for establishing a trust association includes receiving, by a server, a request to associate a web source with an account, the request having a link to the web source, and accessing, by the server, the web source in response to the request to associate. The method further includes locating, by the server and within the web source, a tag associated with the account, creating, by the server and in response to locating the tag within the web source, a trust association between the account and the web source, and providing, by the server, an indicating of the trust association for display in a user interface of a client device.

Abstract: A location verification provision is implemented to determine the location of a device associated with a user at the time of an attempted transaction. The attempted transaction includes receiving user identification and/or payment information, which is associated with the device in an entry stored in a database. Location information of the device, as well as a time at each location, may also be stored in the database. To verify that the device is located at the location of the transaction, a comparison operation may be performed. If the device is located where the transaction is being processed, the transaction may be completed. Predetermined criteria may be defined to account for possible inaccuracies in location and time calculations.

Abstract: The present disclosure provides a user identification marking method. The method includes determining a user identification that needs a classification analysis; obtaining classification basis information of the user identification; analyzing the user identification according to the classification basis information, to obtain possible classifications of the user identification and a ranking thereof in each of the possible classifications; and providing the possible classifications and the rankings to a client.

Abstract: Techniques are disclose herein for facilitating secure user access to resources without user-provided credentials. More specifically, the techniques described herein eliminate the need for end users to remember and provide privileged resource authentication information (e.g., credentials) at the time of resource access. The system accepts and securely stores registration information for accessing privileged resources during a registration process. As discussed herein, the registration information can include identification and authentication information for each privileged resource. The authentication process can also include registration of one or more secondary authentication devices that are used to verify the identity of the end user in lieu of the end user providing credentials.

Abstract: Methods and systems for securing a network including IoT devices are provided. A networking device system can regulate the ability of IoT devices to communicate with their corresponding cloud servers over the Internet, for example, by allowing a device to connect to its associated cloud servers when a user (e.g., an authorized user) requests to use the device. The system can communicate (e.g., directly) with users outside of the network through an app and/or a software development kit installed on user client device(s), where communications received from the app or kit (e.g., to access one or more IoT devices on the network) can be presumed to originate from authorized users.

Abstract: One or more computing devices, systems, and/or methods for verifying a user of a service are provided. That is, the service (e.g., a social network, an email service, a website, etc.) may attempt to verify that a user is an owner of an account with the service by sending a verification code to a device registered by the user with the service, such as through a text message. Because the service may be hosted across multiple data centers for resiliency against failure, the verification code and a verification attempt counter may be stored within a particular data store. An identification of the data store may be encoded into the verification code. In this way, the verification code may be sent to the device, such that when the user submits the verification code back to the service, the verification code is routed to the correct data store for verification.

Abstract: Systems and methods are provided for managing electronic tokens for device interactions. In some embodiments, a unified graphical user interface is provided for an account, for controlling the activation status and settings associated with authorized electronic devices used for conducting transactions on the account. The electronic devices may be programmed with an electronic token that allows a server to look up sensitive account information, although the electronic token does not divulge the account information itself. Therefore, if an electronic token is compromised or stolen, the account does not need to be closed, and sensitive information remains safe. Moreover, the unified graphical user interface provides detailed and highly customizable controls for settings and restrictions associated with each of the electronic tokens, without modifying or accessing sensitive account or personal information.

Abstract: An intelligent system and a method in a packet network to utilize the radio network resource and the core network resource in an optimized way so that more high priority, critical devices are granted access to the network while throttling the low priority, non-critical devices with the same given resource. The system collects all the necessary information from the signaling exchange between the radio access network and the core network and takes the device subscription characteristics and statically or dynamically defined throttling behavior rules into consideration to choose the optimal behavior to handle the requests from devices at any given time including deciding to reject the requests for certain types of devices under certain network conditions while granting the requests for other types of devices.

Abstract: A method and system for verifying both identification and presence of a user is provided. The system includes an identification tag containing data associated with a user, a reader for reading said data from the identification tag, communicating data received from the identification tag to the server, and a server configured for receiving the data sent by the reader, accessing a user record that corresponds to the user, determining whether the data it received is verified against data in the user record, and if said data is verified, then generating a data packet and transmitting said data packet to the reader over the communications network, wherein said data packet includes a verification message, a user name and a user image.

Abstract: A system and method for secure access to IoT devices using a mobile device. The mobile device includes a memory configured to store a private value thereon. The mobile device also includes a processor. The processor is configured establish a secure connection with the between the mobile device and a trusted server using the private value, receive a token from the a third party server via the trusted server, transmit the token to a provisioning server via the trusted server, receive an Internet of Things (IoT) profile from the provisioning server via the trusted server, and configure an IOT gateway based on the IoT profile.

Abstract: A method and system for configuring surveillance cameras can be used to leverage emerging trends in surveillance camera systems, while also enabling the configuration of cameras to operate in such systems. The method comprises displaying configuration images on mobile computing devices and enabling the cameras to view and capture those images within image data. The configuration images are then derived from image data from the surveillance cameras using integrated or separate analytics systems. Then, configuration information from the mobile device can be paired with corresponding surveillance cameras by reference to the configuration images. In one example, cloud image data storage is allocated as part of this setup and configuration process.

Abstract: A user is authenticated for a session with a server, the server generates a unique session token valid during an active session with the server. Valid outstanding transactions for the active session are presented to the user. A selected outstanding transaction is provided to a Self-Service Terminal (SST) with the unique session token. The SST validates the unique session token and the selected outstanding transaction with the server. Upon confirmation from the server, the SST completes the selected outstanding transaction at the SST.

Abstract: The techniques provide a wireless communication carrier with the ability to directly initiate a subscription management service to perform profile state changes with respect to eSIM profile states that are maintained by the subscription management service. A profile transition request is received from an entity at an eSIM management platform. The profile transition request includes a profile state change for an eSIM profile from a first profile state to a second profile state. The requested profile state change is validated using a validation table of permissible profile state changes that is common to the eSIM management platform and the subscription management service. The profile transition request is sent to the subscription management service in response to the validation of the profile state change.

Abstract: A method and system for verifying both identification and presence of an object is provided. The system includes an identification tag containing data associated with an object, a reader for reading said data from the identification tag, communicating data received from the identification tag to the server, and a server configured for receiving the data sent by the reader, accessing an object record that corresponds to the object, determining whether the data it received is verified against data in the object record, and if said data is verified, then generating a URL and transmitting said URL to the reader over the communications network, wherein said URL includes a verification message.

Abstract: Technologies for remote device authentication include a client computing device, an identity provider, and an application server in communication over a network. The identity provider sends an authentication challenge to the client. A capability proxy of the client intercepts an authentication challenge response and retrieves one or more security assertions from a secure environment of the client computing device. The capability proxy may be an embedded web server providing an HTTP interface to platform features of the client. The client sends a resource access token based on the security assertions to the identity provider. The identity provider verifies the resource access token and authenticates the client computing device based on the resource access token in addition to user authentication factors such as username and password. The identity provider sends an authentication response to the client, which forwards the authentication response to the application server.

Abstract: Disclosed is a method including receiving user credentials from a user device by a server system. The user credentials are authenticated by the server system. A token is transmitted to the user device by the server system. A plurality of transaction requests, each including a transaction amount and the token, are received by the server system from the user device. The server system utilizes the token to determine whether to approve each transaction request until the token expires. These steps are repeated after the token has expired.

Abstract: A system for detecting changes to circuitry includes: a processor; and a memory, and the memory has stored thereon instructions that, when executed by the processor, cause the processor to: periodically measure physical characteristic data of the circuitry, operational data of the circuitry, and environmental data; periodically capture the measured data; generate a dynamic fingerprint based on an aggregation of a first set of the captured data, and the dynamic fingerprint is a compound data structure encapsulating the aggregated data; associate metadata with the dynamic fingerprint; periodically update the dynamic fingerprint according to successive sets of the captured data; and compare the updated dynamic fingerprint to a previous dynamic fingerprint, to detect the changes to the circuitry.

Abstract: Examples associated with inactive application restarting are described. One example method includes establishing a connection between a host device and a remote device. The connection is used for communications between the host device and an application on the remote device. An inactive state of the application is detected on the remote device. A message is transmitted to the remote device to notify a user to restart the application. A user interaction with the message restarts the application.

Abstract: A system for authenticating a circuit includes: a processor; and a memory, and the memory has stored thereon instructions that, when executed by the processor, cause the processor to: periodically measure physical characteristic data of the circuit, operational data of the circuit, and environmental data; periodically capture the measured data; generate a dynamic fingerprint based on an aggregation of the captured data, and the dynamic fingerprint is a compound data structure encapsulating the aggregated data; associate metadata with the dynamic fingerprint; and output the dynamic fingerprint as a physically unclonable function (PUF) of the circuit.

Abstract: In one embodiment, a method includes an online social networking system generating an authentication key in response to a request from a media-player device. The media-device player broadcasts the authentication key, which is received by a client system of a user of the online social network that is within range of the broadcast. The user is logged into the online social network via an application running on the client system. The application verifies the authentication key with the online social networking system. Location information of the client system and social-networking information of the user are sent by the application to the media-player device in response to the authentication key being verified. The user may be registered as an owner of the media-player device or a guest user of the media-player device.

Abstract: One method includes receiving, at a first electronic device, communication information via a wireless communication network. The method also includes obtaining, via the first electronic device, user attribute information corresponding to the communication information. The method includes determining, via the first electronic device and based on the user attribute information, whether authorization of the first electronic device to the communication information is to be obtained prior to processing the communication information.

Abstract: A principal database is described in which each entry includes one principal identity, and one or more alias identities that may each have an authorization scope. Principal identity attributes include a principal identifier and login credentials, and alias identity attributes include an authorization scope and login credentials. Responsive to successfully authenticating the user for a first application (a multiple-identity application), based on the alias identity login credentials, an access token containing both the alias identity attributes and the principal identity attributes is transmitted to the first application, causing the first application to grant a scope of access based on the authorization scope. Responsive to a request to authenticate the user for a second application (a single-identity application), the access token is transmitted to the second application without re-authenticating the user, causing the second application to grant a scope of access based on the principal identifier.

Abstract: A method and system for authenticating a user includes providing an invocation element capable of being activated by a single user action, receiving an indication that the invocation element has been activated, obtaining a location of a wireless device associated with the user, determining whether the wireless device is associated with an authorized user, approving the user to use the application based on a predetermined location criterion, and producing an indication that the user has been authenticated.

Abstract: The disclosure includes novel encryption and/or decryption methods and systems that provide various security benefits. More specifically, the disclosure includes a description of a file encryption process and its ability to dynamically control permissions on who is allowed to decrypt the file. Moreover, the disclosed process permits an encrypted file to be freely distributed without losing the ability to govern/regulate decryption.

Abstract: An aspect of the present disclosure facilitates third parties/server system to perform batch processing of requests requiring authorization from resource owners for repeat access to resources. In one embodiment, a server system/third party selects a next request from a batch of requests, with the next request requiring a protected resource (hosted on a second party) owned by a owner/user (first party). The server system checks whether an access token is present authorizing access of the protected resource by the server system on behalf of the owner. If the access token is not present, the server system communicates in an offline mode with the owner to receive the access token. The server system then processes the next request by accessing the protected resource using the present/received access token.

Abstract: Aspects of the disclosure relate to providing information security and preventing unauthorized access to secured resources by implementing token-based authentication techniques. A computing platform may receive, from a client computing device, a request to authenticate a user to a user account associated with a client portal provided by a client portal server. In response to receiving the request to authenticate, the computing platform may generate a validation token for the user account. Subsequently, the computing platform may validate the request to authenticate based on the validation token generated for the user account. In response to validating the request to authenticate, the computing platform may generate and send one or more commands directing the client portal server to provide at least one client portal interface to the client computing device. In some instances, receiving the request to authenticate may include receiving a time-based one-time passcode generated by the client computing device.

Abstract: In an example, an aggregation router encapsulates a first Console command as a control packet in an Ethernet format, determines a target branch router of the control packet, and transmits the control packet to the target branch router via an Ethernet link between the aggregation router and the target branch router, so that the target branch router can decapsulate the control packet to obtain and execute the first Console command. The aggregation router receives a feedback packet from the target branch router via the Ethernet link between the aggregation router and the target branch router, wherein the feedback packet comprises an output result obtained by the target branch router through executing the first Console command.

Abstract: Disclosed herein is a technique for mitigating paging collisions in mobile devices. When a new electronic Subscriber Identity Module (eSIM) is to be provisioned on a mobile device, International Mobile Subscriber Identity (IMSI) information associated with each of the SIMs/eSIMs currently installed on the mobile device is obtained and provided to a provisioning server. In turn, the provisioning server utilizes the IMSI information to select a new eSIM associated with an IMSI that is unlikely to result in a paging collision when operated alongside the SIMs/eSIMs installed on the mobile device. The provisioning server provides the new eSIM to the mobile device, whereupon the mobile device installs the eSIM into the embedded Universal Integrated Circuit Card (eUICC) for operation.

Abstract: Systems and methods are provided for managing electronic tokens for device interactions. In some embodiments, a unified graphical user interface is provided for an account, for controlling the activation status and settings associated with authorized electronic devices used for conducting transactions on the account. The electronic devices may be programmed with an electronic token that allows a server to look up sensitive account information, although the electronic token does not divulge the account information itself. Therefore, if an electronic token is compromised or stolen, the account does not need to be closed, and sensitive information remains safe. Moreover, the unified graphical user interface provides detailed and highly customizable controls for settings and restrictions associated with each of the electronic tokens, without modifying or accessing sensitive account or personal information.

Abstract: A method and apparatus for authenticating a user commerce account associated with a merchant of a commerce platform are described. The method may include initiating authentication of the user commerce account associated with the merchant of the commerce platform from a commerce platform user interface of a user device, the user commerce account established for a user of the merchant. The method may also include sending an electronic message to a mobile device associated with the user account at the commerce platform, wherein the electronic message comprises an authentication code, and receiving the authentication code from the commerce platform user interface. Furthermore, the method may include generating an authentication key for the mobile device in response to matching the received authentication code with the sent authentication code and receiving a cookie provided from the commerce platform to the mobile device.

Abstract: Embodiments of the present invention relate to a method, an apparatus and a system for transmitting a media stream. The method is executed by an access terminal, includes: establishing a real-time collaboration channel between the access terminal and a network computer; sending through a first VDI channel to the network computer an operation instruction input by a user; receiving a real-time collaboration message that is sent through the real-time collaboration channel by the network computer; performing, through the network computer, media negotiation with a communication device, so as to determine a media attribute parameter that is used to transmit a media stream between the access terminal and the communication device; and transmitting, by the access terminal, a media stream mutually with the communication device according to the media attribute parameter determined through the media negotiation.

Abstract: Burst throttling methods may be used to manage computing resources of a data storage service. Tokens may represent I/O operations executed by a customer of the data storage service. A first token bucket may contain a set of tokens representing the overall I/O operation capacity of the data storage service. Additionally, a second token bucket may contain a set of tokens for a given logical volume maintained by the data storage service. When I/O requests are received tokens may be charged the first token bucket and the second token bucket. Furthermore, if there is sufficient capacity, the data storage service may charge a reduced number of tokens to the third token bucket.

Abstract: A method and system for authenticating a user is provided. In some embodiments, a security system determines whether the time since the last authentication was successful is less than a recycle telephone number period (e.g., the minimum time before which a telephone number might be assigned to a new user). If the time is less than the recycle telephone number period, the security system performs a primary authentication of the user based on a telephone number received from the user. When the primary authentication is successful, the security system indicates that the user has been authenticated. When the time is not less than a recycle telephone number period, the security system performs a secondary authentication of the user. When the secondary authentication is successful, the security system indicates that the user has been authenticated.

Abstract: Techniques for generic authentication with arbitrary services are provided. A request to authorize with a first service, of a plurality of services, using the OAuth protocol, is received by a generic client library, from a first application. A set of parameters specific to an implementation of the OAuth protocol provided by the first service are identified in a configuration file. An HTTP request is generated based on the set of parameters identified in the data structure, and the first application is authorized with the first service via the OAuth protocol using the generated HTTP request.

Abstract: A method of associating wireless devices with a wireless medical body area network, MBAN, where the wireless MBAN comprises at least one host is provided. The method comprises activating the host to search for wireless devices in range; displaying a list on the host of available wireless devices in range, wherein displaying the list comprises displaying each wireless device on the list with a unique representation on the list and the same unique representation on the wireless device itself; selecting a wireless device on the list; and associating the selected wireless device on the list with the host.

Abstract: Provided is contextual and time sensitive out of band transactional signing. The transactional signing includes providing a token code in response to a request to initiate a transaction within a secure network. The request is received over a first channel and the token code is provided over a second channel. The first channel and the second channel are different channels. The transactional signing also includes evaluating a received context, wherein the context is appended to the token code. In addition, the transactional signing includes selectively allowing the transaction based on the context appended to the token code.

Abstract: A method and an apparatus for adjusting a transmit power in GSM. The method includes: determining that a communications terminal concurrently executes services respectively on a first SIM card and a second SIM card that are supported by the communications terminal, where the service executed on the first SIM card is a first service, and the service executed on the second SIM card is a second service, a modem corresponding to the first SIM card is a first modem, and a modem corresponding to the second SIM card is a second modem; and further, adjusting steady-state transmit powers of modems according to a service type of the first service and a service type of the second service.

Abstract: Methods and systems for penetration testing of a networked system by a penetration testing system. In some embodiments, both active and passive validation methods are used during a single penetration testing campaign in a single networked system. In other embodiments, a first penetration testing campaign uses only active validation and a second penetration campaign uses only passive validation, where both campaigns are performed by a single penetration testing system in a single networked system. Node-by-node determination of whether to use active or passive validation can be based on expected extent and/or likelihood of damage from actually compromising a network node using active validation.

Abstract: A system and method of authentication that avoids authentication challenges is described. In operation, an authenticator receives a first request to access a resource generated by a requestor and a participation message generated by a collaborator. The authenticator computing device then analyzes the first request and the participation message to determine whether the requestor requesting access to the resource should be granted access and grants the requestor access to the resource based upon the analysis of the first request to access a resource and the participation message.

Abstract: Systems, methods, and non-transitory computer-readable media can determine a user request to recover control of an account for accessing an account provider system. A recovery token that is associated with the account can be obtained. A signature for at least a portion of the recovery token can be generated. Metadata information associated with the account provider system can be obtained. The signed recovery token can be provided to the account provider system based at least in part on the metadata information, wherein the account provider system is configured to provide control of the account to the user upon validating the signed recovery token.

Abstract: An IoT device has a public device identifier and a private device identifier, where the public device identifier is publicly available and the private device identifier is secret but kept in a secure device database as a correspondence. A registration request is sent from the IoT device to an association server in communication with the device database having an association between IoT public identifier and a corresponding IoT private identifier. The association server which receives the registration request responds with a registration acknowledgement containing, in encrypted form, the private device identifier of the original request and, optionally, the public device identifier associated with the registration request. The requesting IoT device receives the association acknowledgement, decrypts the private device identifier, compares it to its own device identifier, and if they match, sends one or more association requests.

Abstract: A computer-implemented method for managing a personal data store is described for binding one or more identities of different types associated with a user. The computer-implemented method is implemented in a trust system including one or more processing devices communicatively coupled to a network. The computer-implemented method includes receiving one or more self-asserted first attributes by the user and second attributes asserted by an Attribute Provider; utilizing one or more of the first attributes and the second attributes as inputs to obtain and/or produce one or more cryptographically signed attributes signed by an associated Attribute Provider; storing the first attributes, the second attributes, and the one or more cryptographically signed attributes in a personal data store associated with the user; and utilizing one or more of the first attributes, the second attributes, and the one or more cryptographically signed attributes to respond to a request from a Relying Party.

Abstract: A network apparatus according to an embodiment performs communication with a user terminal comprising a first communication unit configured to perform communication using a first radio access technology and a second communication unit configured to perform communication using a second radio access technology, by using the first access technology. The network apparatus comprises: a receiver configured to receive, from the user terminal, authentication related information on a country where the user terminal is legally authenticated for transmission by the second communication unit; and a controller configured to determine, based on the authentication related information, whether or not communication by the second communication unit can be configured to the user terminal.

Abstract: A password manager injects credentials into a web browser request. A user can browse to a form provided by a server that includes a password field. A plug-in requests a password for the field from a password manager. The actual password is not provided to the plug-in or the browser. The password manager provides a proxy password that is not the actual password for the field. A request interceptor in a separate process from the browser intercepts the completed request as it is sent to the server and replaces the proxy password with the actual password.

Abstract: The present invention relates to a system and method for issuing an OTP application in a face-to-face confirmation manner, and the system includes at least one or more service provider devices for transmitting OTP application issuance request information, including information on recognition of a terminal device tagged on a reader provided for each service provider or entering a previously set service area, to an integrated service device; and the integrated service device for registering secure storage medium identification information as medium identification information for OTP authentication and transmitting an OTP installation guide to the terminal device if the recognition information is the secure storage medium identification information, and transmitting the OTP installation guide to the terminal device if the recognition information is terminal device identification information, in which the terminal device can be a terminal device of a user seeing a service provider face-to-face.

Abstract: Embodiments provide a system and method for network tracking. Through various methods of packet encapsulation or IP option filling, one or more packets of information can be tagged with a unique security tag to prevent unauthorized access. A user agent can be validated by an authentication server through acceptance of one or more user credentials. The authentication server can generate a security token that can be transmitted to the user agent. The user agent can generate a keystream from the security token, and portions of that keystream can be attached to the packets as the security tag. The tagged packets can be forwarded to an authenticator, who can recreate the keystream from a copy of the security token provided by the authentication server. If the tags generated from the authenticator match the tags on the tagged packet, the authenticator can strip the tag from the tagged packet and forward the packet on to its next network address.