42 - Services scientifiques, technologiques et industriels, recherche et conception
45 - Services juridiques; services de sécurité; services personnels pour individus
Produits et services
Software as a service (SAAS) services, namely, hosting non-downloadable computer software for use by others that facilitates verifiable credentials and identity federation in the field of digital security and identification; Software as a service (SAAS) services, namely, hosting non-downloadable computer software for use by others that provides identity verification services, namely, providing authentication of personal identification information, namely, a person's verified identity; Software as a service (SAAS) services, namely, hosting non-downloadable computer software for use by others that provides identity validation, namely, providing authentication of personal identification information via the internet; Software as a service (SAAS) services, namely, hosting non-downloadable computer software for use by others that provides fraud detection services in the field of identity verification; Software as a service (SAAS) services, namely, hosting non-downloadable computer software for use by others that provides credentialing and identity verification, namely, authentication, issuance and validation of verifiable certificates and credentials for purposes of providing user authentication between two or more entities in the field of digital security Identity verification services, namely, providing authentication of personal identification information, namely, a person's verified identity; identity validation, namely, providing authentication of personal identification information via the internet; fraud detection services in the field of identity verification; Credentialing and identity verification services, namely, authentication, issuance and validation of verifiable certificates and credentials for purposes of providing user authentication between two or more entities in the field of digital security
42 - Services scientifiques, technologiques et industriels, recherche et conception
45 - Services juridiques; services de sécurité; services personnels pour individus
Produits et services
Software as a service (SAAS) services, namely, hosting non-downloadable computer software for use by others that facilitates verifiable credentials and identity federation in the field of digital security and identification; Software as a service (SAAS) services, namely, hosting non-downloadable computer software for use by others that provides identity verification services, namely, providing authentication of personal identification information, namely, a person's verified identity; Software as a service (SAAS) services, namely, hosting non-downloadable computer software for use by others that provides identity validation, namely, providing authentication of personal identification information via the internet; Software as a service (SAAS) services, namely, hosting non-downloadable computer software for use by others that provides fraud detection services in the field of identity verification; Software as a service (SAAS) services, namely, hosting non-downloadable computer software for use by others that provides credentialing and identity verification, namely, authentication, issuance and validation of verifiable certificates and credentials for purposes of providing user authentication between two or more entities in the field of digital security Identity verification services, namely, providing authentication of personal identification information, namely, a person's verified identity; identity validation, namely, providing authentication of personal identification information via the internet; fraud detection services in the field of identity verification; Credentialing and identity verification services, namely, authentication, issuance and validation of verifiable certificates and credentials for purposes of providing user authentication between two or more entities in the field of digital security
3.
Electronic identification verification methods and systems with storage of certification records to a side chain
Method of certification including receiving user data at a device of a certifying entity. The method includes generating a salt that is unique. The method includes hashing the data combined with the salt to create a generated hashed data. The method includes generating a certification record based on signing the generated hashed data using a private key of the certifying entity to create a signed certification of the data. The method includes hashing the certification record. The method includes transmitting the hashed certification record to a blockchain for storing. The method includes receiving a certification tx-ID of the hashed certification record. The method includes generating a certification data block including the certification record and the certification tx-ID. The method includes storing the certification data block to a side chain.
G06K 7/14 - Méthodes ou dispositions pour la lecture de supports d'enregistrement par radiation corpusculaire utilisant la lumière sans sélection des longueurs d'onde, p.ex. lecture de la lumière blanche réfléchie
G06F 7/58 - Générateurs de nombres aléatoires ou pseudo-aléatoires
G06Q 20/06 - Circuits privés de paiement, p.ex. impliquant de la monnaie électronique utilisée uniquement entre les participants à un programme commun de paiement
G06Q 20/38 - Architectures, schémas ou protocoles de paiement - leurs détails
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Downloadable computer software that facilitates verifiable
credentials and identity federation in the field of digital
security and identity verification. Software as a service (SAAS) services, namely, hosting
non-downloadable computer software for use by others that
facilitates verifiable credentials and identity federation
in the field of digital security and identification;
credentialing and identity verification services, namely,
issuing verifiable credentials and providing user
authentication between two or more entities in the field of
digital security.
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
(1) Downloadable computer software that facilitates verifiable credentials and identity federation in the field of digital security and identity verification. (1) Software as a service (SAAS) services, namely, hosting non-downloadable computer software for use by others that facilitates verifiable credentials and identity federation in the field of digital security and identification; credentialing and identity verification services, namely, issuing verifiable credentials and providing user authentication between two or more entities in the field of digital security.
6.
Methods, systems, and apparatus for credential format and protocol management
In an embodiment, a method includes receiving, by a processor and from a user device associated with a user, a request to access a service associated with a first protocol. The method further includes receiving, by the processor, a virtual credential of the user authorized by an authorizing entity. The virtual credential is compliant with a second protocol different than the first protocol. The method further includes verifying, by the processor, that the virtual credential is authorized by the authorizing entity. The method further includes transforming, by the processor, the virtual credential to generate a transformed virtual credential compliant with the first protocol. The method further includes sending, by the processor, a representation of the transformed virtual credential to the service. The method further includes verifying, by the processor and after the sending, that the transformed virtual credential is valid.
In an embodiment, a method includes receiving, by a processor and from a user device associated with a user, a request to access a service associated with a first protocol. The method further includes receiving, by the processor, a virtual credential of the user authorized by an authorizing entity. The virtual credential is compliant with a second protocol different than the first protocol. The method further includes verifying, by the processor, that the virtual credential is authorized by the authorizing entity. The method further includes transforming, by the processor, the virtual credential to generate a transformed virtual credential compliant with the first protocol. The method further includes sending, by the processor, a representation of the transformed virtual credential to the service. The method further includes verifying, by the processor and after the sending, that the transformed virtual credential is valid.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
H04W 12/069 - Authentification utilisant des certificats ou des clés pré-partagées
8.
METHOD AND APPARATUS FOR SECURE AUTHENTICATION BASED ON PROXIMITY
In an embodiment, a set of dynamic proximity attribute (DPA) Risk Signals (RS) indicating whether a user is within a predetermined proximity of a registered user mobile device (RUMD) and a registered user device (RUD) is received from the RUMD and at an identity provider (IDP) communicably coupled to the RUMD based on short-range communication between the RUMD and the RUD. The RUMD is configured to monitor devices in short-range communication in a dynamic proximity area network (DPxAN) via an IDP application (IDPAmd) associated with the RUMD. A Risk Parameter Value (RPV) is determined according to at least the set of DPA RS received from the RUMD. A passwordless request to authenticate the user at the RUD on which a user access request originated is received from a Service Provider (SPn) by the IDP. An authentication response is sent from the IDP to the SPn based on the RPV.
G06Q 20/40 - Autorisation, p.ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasin; Examen et approbation des payeurs, p.ex. contrôle des lignes de crédit ou des listes négatives
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
9.
Methods and systems for data traffic based adaptive security
The present disclosure relates to traffic monitoring through one or more access control servers configured for (i) routing server resource request messages to resource server(s), (ii) extracting information identifying a target server resource from data packets corresponding to one or more received server resource request messages, and (iii) selectively transmitting the received server resource request message to a resource server. The security server(s) is configured to receive a server resource request message data extracted from a server resource request message and initiate a first security response, wherein the initiated first security response is dependent on analysis of the server resource request message data. Responsive to identifying an indicator of compromise or that an originating terminal corresponding to the server resource request is identified within a blacklist, the first security response comprises non-transmission of at least one server resource request message by the access control server to a resource server.
In an embodiment, a set of dynamic proximity attribute (DPA) Risk Signals (RS) indicating whether a user is within a predetermined proximity of a registered user mobile device (RUMD) and a registered user device (RUD) is received from the RUMD and at an identity provider (IDP) communicably coupled to the RUMD based on short-range communication between the RUMD and the RUD. The RUMD is configured to monitor devices in short-range communication in a dynamic proximity area network (DPxAN) via an IDP application (IDPAmd) associated with the RUMD. A Risk Parameter Value (RPV) is determined according to at least the set of DPA RS received from the RUMD. A passwordless request to authenticate the user at the RUD on which a user access request originated is received from a Service Provider (SPn) by the IDP. An authentication response is sent from the IDP to the SPn based on the RPV.
G06F 21/35 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p.ex. clés électroniques ou cartes à puce intelligentes communiquant sans fils
G06F 21/32 - Authentification de l’utilisateur par données biométriques, p.ex. empreintes digitales, balayages de l’iris ou empreintes vocales
11.
SYSTEMS, APPARATUS AND METHODS FOR SECURE ELECTRICAL COMMUNICATION OF BIOMETRIC PERSONAL IDENTIFICATION INFORMATION TO VALIDATE THE IDENTITY OF AN INDIVIDUAL
An apparatus for validating an identity of an individual based on biometrics includes a memory and a processor operatively coupled to a distributed database and the memory. The processor is configured to provide biometric data as an input to a predefined hash function to obtain a first biometric hash value. The processor is configured to obtain, using a first pointer to the distributed database, a signed second biometric hash value. The processor is configured to define a certification of the biometric data in response to verifying that a signature of the signed second biometric hash value is associated with the compute device and verifying that the first biometric hash value corresponds with the second biometric hash value. The processor is configured to digitally sign the certification using a private key associated with the processor to produce a signed biometric certification and store the signed biometric certification in the distributed database.
G06Q 20/40 - Autorisation, p.ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasin; Examen et approbation des payeurs, p.ex. contrôle des lignes de crédit ou des listes négatives
H04L 9/30 - Clé publique, c. à d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/14 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité utilisant plusieurs clés ou algorithmes
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
G06Q 20/02 - Architectures, schémas ou protocoles de paiement impliquant un tiers neutre, p.ex. une autorité de certification, un notaire ou un tiers de confiance
G06Q 20/32 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des dispositifs sans fil
G06Q 20/38 - Architectures, schémas ou protocoles de paiement - leurs détails
G06F 21/34 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p.ex. clés électroniques ou cartes à puce intelligentes
G06F 21/64 - Protection de l’intégrité des données, p.ex. par sommes de contrôle, certificats ou signatures
G06F 21/32 - Authentification de l’utilisateur par données biométriques, p.ex. empreintes digitales, balayages de l’iris ou empreintes vocales
G06F 21/33 - Authentification de l’utilisateur par certificats
G06K 19/06 - Supports d'enregistrement pour utilisation avec des machines et avec au moins une partie prévue pour supporter des marques numériques caractérisés par le genre de marque numérique, p.ex. forme, nature, code
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Downloadable computer software that facilitates verifiable credentials and identity federation in the field of digital security and identity verification Software as a service (SAAS) services, namely, hosting non-downloadable computer software for use by others that facilitates verifiable credentials and identity federation in the field of digital security and identification; Credentialing and identity verification services, namely, authentication, issuance and validation of verifiable certificates and credentials for purposes of providing user authentication between two or more entities in the field of digital security
13.
Methods and systems for deep learning based API traffic security
The present invention relates to the field of networking and API/application security. In particular, the invention is directed towards methods, systems and computer program products for deep learning based API traffic analysis and network security. The invention provides an automated approach to threat and/or attack detection by machine learning based accumulation and/or interpretation of various API/application traffic patterns, identifying and mapping characteristics of normal traffic for each API, and thereafter identifying any deviations from the normal traffic parameter baselines, which deviations may be classified as anomalies or attacks.
Method of certification including receiving user data at a device of a certifying entity. The method includes generating a salt that is unique. The method includes hashing the data combined with the salt to create a generated hashed data. The method includes generating a certification record based on signing the generated hashed data using a private key of the certifying entity to create a signed certification of the data. The method includes hashing the certification record. The method includes transmitting the hashed certification record to a blockchain for storing. The method includes receiving a certification tx-ID of the hashed certification record. The method includes generating a certification data block including the certification record and the certification tx-ID. The method includes storing the certification data block to a side chain.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
G06Q 20/06 - Circuits privés de paiement, p.ex. impliquant de la monnaie électronique utilisée uniquement entre les participants à un programme commun de paiement
G06K 7/14 - Méthodes ou dispositions pour la lecture de supports d'enregistrement par radiation corpusculaire utilisant la lumière sans sélection des longueurs d'onde, p.ex. lecture de la lumière blanche réfléchie
G06Q 20/38 - Architectures, schémas ou protocoles de paiement - leurs détails
G06F 7/58 - Générateurs de nombres aléatoires ou pseudo-aléatoires
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
45 - Services juridiques; services de sécurité; services personnels pour individus
Produits et services
Downloadable computer software that facilitates identity
federation in the field of digital security and identity
verification, namely, downloadable computer software for
building mobile applications that captures facial image data
and maintains that information securely within the mobile
application; downloadable computer software that facilitates
identity federation in the field of digital security and
identity verification, namely, downloadable computer
software for building mobile applications that captures
government identification documents and maintains that
information securely within the mobile application. Software as a service (SAAS) services, namely, services for
hosting non-downloadable computer software for use by others
that facilitates identity verification and identity proofing
to establish a real person's identity based on their
biometric facial image; software as a service (SAAS)
services, namely, services for hosting non-downloadable
computer software for use by others that facilitates
identity verification and identity proofing to establish a
real person's identity based on a form of government
identification. Identity verification services, namely, providing
authentication of personal identification information,
namely, a person's verified identity; identity validation
services, namely, providing authentication of personal
identification information, namely, a person's verified
identity; identity validation, namely, providing
authentication of personal identification information via
the internet; fraud detection services in the field of
identity verification, identity verification services,
namely, providing validation of a person's verified
identity.
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
45 - Services juridiques; services de sécurité; services personnels pour individus
Produits et services
Downloadable computer software that facilitates identity
federation in the field of digital security and identity
verification, namely, downloadable computer software for
building mobile applications that captures facial image data
and maintains that information securely within the mobile
application; downloadable computer software that facilitates
identity federation in the field of digital security and
identity verification, namely, downloadable computer
software for building mobile applications that captures
government identification documents and maintains that
information securely within the mobile application. Software as a service (SAAS) services, namely, services for
hosting non-downloadable computer software for use by others
that facilitates identity verification and identity proofing
to establish a real person's identity based on their
biometric facial image; software as a service (SAAS)
services, namely, services for hosting non-downloadable
computer software for use by others that facilitates
identity verification and identity proofing to establish a
real person's identity based on a form of government
identification. Identity verification services, namely, providing
authentication of personal identification information,
namely, a person's verified identity; identity validation
services, namely, providing authentication of personal
identification information, namely, a person's verified
identity; identity validation, namely, providing
authentication of personal identification information via
the internet; fraud detection services in the field of
identity verification, identity verification services,
namely, providing validation of a person's verified
identity.
42 - Services scientifiques, technologiques et industriels, recherche et conception
45 - Services juridiques; services de sécurité; services personnels pour individus
Produits et services
Software as a service (SAAS) services, namely, services for
hosting non-downloadable computer software for use by others
that facilitates identity verification and identity proofing
to establish a real person's identity based on their
biometric facial image; software as a service (SAAS)
services, namely, services for hosting non-downloadable
computer software for use by others that facilitates
identity verification and identity proofing to establish a
real person's identity based on a form of government
identification. Identity verification services, namely, providing
authentication of personal identification information,
namely, a person's verified identity; identity validation
services, namely, providing authentication of personal
identification information, namely, a person's verified
identity; identity validation, namely, providing
authentication of personal identification information via
the internet; fraud detection services in the field of
identity verification, identity verification services,
namely, providing validation of a person's verified
identity.
18.
Systems, apparatus and methods for secure electrical communication of biometric personal identification information to validate the identity of an individual
An apparatus for validating an identity of an individual based on biometrics includes a memory and a processor operatively coupled to a distributed database and the memory. The processor is configured to provide biometric data as an input to a predefined hash function to obtain a first biometric hash value. The processor is configured to obtain, using a first pointer to the distributed database, a signed second biometric hash value. The processor is configured to define a certification of the biometric data in response to verifying that a signature of the signed second biometric hash value is associated with the compute device and verifying that the first biometric hash value corresponds with the second biometric hash value. The processor is configured to digitally sign the certification using a private key associated with the processor to produce a signed biometric certification and store the signed biometric certification in the distributed database.
09 - Appareils et instruments scientifiques et électriques
45 - Services juridiques; services de sécurité; services personnels pour individus
Produits et services
Downloadable computer software that facilitates identity
federation in the field of digital security and identity
verification, namely, downloadable computer software for
building mobile applications that captures facial image data
and maintains that information securely within the mobile
application; downloadable computer software that facilitates
identity federation in the field of digital security and
identity verification, namely, downloadable computer
software for building mobile applications that captures
government identification documents and maintains that
information securely within the mobile application. Identity verification services, namely, providing
authentication of personal identification information,
namely, a person's verified identity; identity validation
services, namely, providing authentication of personal
identification information, namely, a person's verified
identity; identity validation, namely, providing
authentication of personal identification information via
the internet; fraud detection services in the field of
identity verification; identity verification services,
namely, providing validation of a person's verified
identity.
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
45 - Services juridiques; services de sécurité; services personnels pour individus
Produits et services
Downloadable computer software that facilitates identity
federation in the field of digital security and identity
verification, namely, downloadable computer software for
building mobile applications that captures facial image data
and maintains that information securely within the mobile
application; downloadable computer software that facilitates
identity federation in the field of digital security and
identity verification, namely, downloadable computer
software for building mobile applications that captures
government identification documents and maintains that
information securely within the mobile application. Software as a service (SaaS) services, namely, services for
hosting non-downloadable computer software for use by others
that facilitates identity verification and identity proofing
to establish a real person's identity based on their
biometric facial image; software as a service (SaaS)
services, namely, services for hosting non-downloadable
computer software for use by others that facilitates
identity verification and identity proofing to establish a
real person's identity based on a form of government
identification. Identity verification services, namely, providing
authentication of personal identification information,
namely, a person's verified identity; identity validation
services, namely, providing authentication of personal
identification information, namely, a person's verified
identity; identity validation, namely, providing
authentication of personal identification information via
the internet; fraud detection services in the field of
identity verification; identity verification services,
namely, providing validation of a person's verified
identity.
21.
Methods and apparatus for analyzing sequences of application programming interface traffic to identify potential malicious actions
In some embodiments, a method includes receiving, at a processor of a server, a first application programming interface (API) call from a client device and providing an indication associated with the first API call as an input to a machine learning model such that the machine learning model identifies a set of parameters associated with a set of likely subsequent API calls. The method can further include receiving a second API call from the client device, identifying the second API call as an anomalous API call based on the second API call not meeting the set of parameters associated with the set of likely subsequent API calls, and sending a signal to perform a remedial action based on the identifying.
H04L 41/16 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p.ex. des réseaux de commutation de paquets en utilisant l'apprentissage automatique ou l'intelligence artificielle
A method for recovering data. The method including collecting identity factors at a user device, wherein hashes of the identity factors are configured to be stored at a server. The method including generating at the user device a dynamic password based on the identity factors and a Salt configured to be generated by the server and configured to be delivered to the user device. The method including generating at the user device a data key and encrypting the data key using the dynamic password to generate an encrypted data key configured to be stored at the server. The method including encrypting at the user device data items using the data key to generate encrypted data items configured to be stored at the server. As such, the data items are recoverable by presenting the identity factors to the server.
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
45 - Services juridiques; services de sécurité; services personnels pour individus
Produits et services
Downloadable computer software that facilitates identity
federation in the field of digital security and identity
verification that is used to build mobile applications that
capture facial image and government identification document
(s) and maintains that information securely within the
mobile application; downloadable computer software that
facilitates identity verification that captures personal
validation information related to health records, namely,
immunization and vaccination status, educational status and
degree credentials, personal and real property ownership
credentials, namely, deeds of ownership, insurance and
employment information and status, and third party verified
information about a user. Software as a service (SAAS) services, namely, hosting
non-downloadable computer software for use by others that
facilitates identity verification and proofing to establish
a real person's identity based on their biometric facial
image and a government identification; software as a service
(SAAS) services, namely, hosting non-downloadable computer
software for use by others that that facilitates identity
verification that captures personal validation information
related to health records, namely, immunization and
vaccination status, educational status and degree
credentials, personal and real property ownership
credentials, namely, deeds of ownership, insurance and
employment information and status, and third party verified
information about a user. Identity verification services, namely, providing validation
of one's proof of verified identity between two or more
entities in the field of digital security (terms too vague
in the opinion of the International Bureau – Rule 13 (2) (b)
of the Regulations); identity verification services, namely,
providing validation of one's proof of verified identity,
namely, personal validation information related to health
records and immunization and vaccination status, educational
status and degree credentials, personal and real property
ownership credentials, namely, deeds of ownership, insurance
and employment information and status, and third party
verified information about a user.
24.
Method and system for authenticated login using static or dynamic codes
Method of authentication including sending a login web page to a first device of a user including a scannable code having an envelope ID and a login challenge. The envelope ID generated by an identity manager is associated with a first envelope of data including a session ID. A confirmation login request is received from a second device associated with the user, and includes a second envelope of data comprising the session ID, a user ID, and a seal of the user ID registering the user ID with the identity manager. The confirmation login request to the login challenge is verified using the session ID, and the user is verified using the user ID and seal. User login is authorized upon successful verification of the login challenge and user, and a communication session having the session ID is established between the web server and the first device.
G06F 21/64 - Protection de l’intégrité des données, p.ex. par sommes de contrôle, certificats ou signatures
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
25.
Methods and systems for API deception environment and API traffic control and security
The present invention relates to the field of networking and API/application security. In particular, the invention is directed towards methods, systems and computer program products for Application Programming Interface (API) based flow control and API based security at the application layer of the networking protocol stack. The invention additionally provides an API deception environment to protect a server backend from threats, attacks and unauthorized access.
A method for login, including making a login request to an entity through a federation server that generates a session identifier. A QR code is sent to the federation server to receive the session identifier. A secure envelope including user personal information is sent to the federation server to verify user registration with the federation server. A login token generated by the federation server is received and is associated with a smart contract generated by the federation server and stored on a blockchain. The login token is signed using user private key and sent to the blockchain for inclusion in the smart contract. A transaction identifier is received from the blockchain, and is sent to the federation server that generates a session record based on the login token. The federation server sends user verification to the entity to authorize a communication session between the user device and the entity.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
27.
Methods and systems for creating and recovering accounts using dynamic passwords
A method for recovering data. Identity factors are collected at a device, wherein hashes of the identity factors are configured to be stored at a server. A dynamic password is generated at the device based on the identity factors and a Salt generated by the server and configured to be delivered to the device. A selfie is captured of a user. The device generates a symmetric key used to encrypt the selfie. The symmetric key is encrypted using the dynamic password. The encrypted symmetric key and the encrypted selfie are stored on the server. One or more data items are stored on the server. The dynamic password is recoverable by presenting the plurality of identity factors that are hashed to the server. The symmetric key is recoverable using the recovered dynamic password. The data items are recoverable by presenting the symmetric key and a second selfie of the user.
G06F 16/22 - Indexation; Structures de données à cet effet; Structures de stockage
G06F 21/46 - Structures ou outils d’administration de l’authentification par la création de mots de passe ou la vérification de la solidité des mots de passe
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Downloadable computer software that facilitates identity federation in the field of digital security and identity verification, namely, downloadable computer software for building mobile applications that captures facial image data and maintains that information securely within the mobile application; Downloadable computer software that facilitates identity federation in the field of digital security and identity verification, namely, downloadable computer software for building mobile applications that captures government identification documents and maintains that information securely within the mobile application Computer security services, namely, restricting unauthorized access to web, mobile and application programmable interfaces (API) by providing authentication of personal identification information; cybersecurity services in the nature of restricting unauthorized access to computer systems by verifying identity
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Software as a service (SAAS) services, namely, services for hosting non-downloadable computer software for use by others that facilitates identity verification and identity proofing to establish a real person's identity based on their biometric facial image; Software as a service (SAAS) services, namely, services for hosting non-downloadable computer software for use by others that facilitates identity verification and identity proofing to establish a real person's identity based on a form of government identification; Identity verification services, namely, providing authentication of personal identification information, namely, a person's verified identity in order to protect data stored on computers from unauthorized access; identity validation services, namely, providing authentication of personal identification information, namely, a person's verified identity for the purposes of protecting data stored on computers from unauthorized access; identity validation for the purposes of protecting data from unauthorized access, namely, providing authentication of personal identification information via the internet; computer fraud detection services in the field of identity verification to protect data stored on computers from unauthorized access; Identity verification services, namely, providing validation of a person's verified identity in order to protect data stored on computers from unauthorized access; computer security services, namely, restricting unauthorized access to web, mobile and application programmable interfaces (API) by providing authentication of personal identification information; cybersecurity services in the nature of restricting unauthorized access to computer systems by verifying identity
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Downloadable computer software that facilitates identity federation in the field of digital security and identity verification, namely, downloadable computer software for building mobile applications that captures facial image data and maintains that information securely within the mobile application; Downloadable computer software that facilitates identity federation in the field of digital security and identity verification, namely, downloadable computer software for building mobile applications that captures government identification documents and maintains that information securely within the mobile application Software as a service (SAAS) services, namely, services for hosting non-downloadable computer software for use by others that facilitates identity verification and identity proofing to establish a real person's identity based on their biometric facial image; Software as a service (SAAS) services, namely, services for hosting non-downloadable computer software for use by others that facilitates identity verification and identity proofing to establish a real person's identity based on a form of government identification; Identity verification services, namely, providing authentication of personal identification information, namely, a person's verified identity; identity validation services, namely, providing authentication of personal identification information, namely, a person's verified identity; identity validation, namely, providing authentication of personal identification information via the internet; fraud detection services in the field of identity verification; Identity verification services, namely, providing validation of a person's verified identity; computer security services, namely, restricting unauthorized access to web, mobile and application programmable interfaces (API) by providing authentication of personal identification information; cybersecurity services in the nature of restricting unauthorized access to computer systems by verifying identity
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Downloadable computer software that facilitates identity federation in the field of digital security and identity verification, namely, downloadable computer software for building mobile applications that captures facial image data and maintains that information securely within the mobile application; Downloadable computer software that facilitates identity federation in the field of digital security and identity verification, namely, downloadable computer software for building mobile applications that captures government identification documents and maintains that information securely within the mobile application Software as a service (SAAS) services, namely, services for hosting non-downloadable computer software for use by others that facilitates identity verification and identity proofing to establish a real person's identity based on their biometric facial image; Software as a service (SAAS) services, namely, services for hosting non-downloadable computer software for use by others that facilitates identity verification and identity proofing to establish a real person's identity based on a form of government identification; Identity verification services, namely, providing authentication of personal identification information, namely, a person's verified identity; identity validation services, namely, providing authentication of personal identification information, namely, a person's verified identity; identity validation, namely, providing authentication of personal identification information via the internet; fraud detection services in the field of identity verification; Identity verification services, namely, providing validation of a person's verified identity; computer security services, namely, restricting unauthorized access to web, mobile and application programmable interfaces (API) by providing authentication of personal identification information; cybersecurity services in the nature of restricting unauthorized access to computer systems by verifying identity
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Downloadable computer software that facilitates identity federation in the field of digital security and identity verification, namely, downloadable computer software for building mobile applications that captures facial image data and maintains that information securely within the mobile application; Downloadable computer software that facilitates identity federation in the field of digital security and identity verification, namely, downloadable computer software for building mobile applications that captures government identification documents and maintains that information securely within the mobile application Software as a service (SAAS) services, namely, services for hosting non-downloadable computer software for use by others that facilitates identity verification and identity proofing to establish a real person's identity based on their biometric facial image; Software as a service (SAAS) services, namely, services for hosting non-downloadable computer software for use by others that facilitates identity verification and identity proofing to establish a real person's identity based on a form of government identification; Identity verification services, namely, providing authentication of personal identification information, namely, a person's verified identity; identity validation services, namely, providing authentication of personal identification information, namely, a person's verified identity; identity validation, namely, providing authentication of personal identification information via the internet; fraud detection services in the field of identity verification Identity verification services, namely, providing validation of a person's verified identity; computer security services, namely, restricting unauthorized access to web, mobile and application programmable interfaces (API) by providing authentication of personal identification information; cybersecurity services in the nature of restricting unauthorized access to computer systems by verifying identity
The invention enables high-availability, high-scale, high security and disaster recovery for API computing, including in terms of capture of data traffic passing through proxies, routing communications between clients and servers, and load balancing and/or forwarding functions. The invention inter alia provides (i) a scalable cluster of proxies configured to route communications between clients and servers, without any single point of failure, (ii) proxy nodes configured for implementing the scalable cluster (iii) efficient methods of configuring the proxy cluster, (iv) natural resiliency of clusters and/or proxy nodes within a cluster, (v) methods for scaling of clusters, (vi) configurability of clusters to span multiple servers, multiple racks and multiple datacenters, thereby ensuring high availability and disaster recovery (vii) switching between proxies or between servers without loss of session.
H04L 67/1095 - Réplication ou mise en miroir des données, p.ex. l’ordonnancement ou le transport pour la synchronisation des données entre les nœuds du réseau
H04L 67/12 - Protocoles spécialement adaptés aux environnements propriétaires ou de mise en réseau pour un usage spécial, p.ex. les réseaux médicaux, les réseaux de capteurs, les réseaux dans les véhicules ou les réseaux de mesure à distance
H04L 67/145 - Interruption ou inactivation de sessions, p.ex. fin de session contrôlée par un événement en évitant la fin de session, p.ex. maintien en vie, battements de cœur, message de reprise ou réveil pour une session inactive ou interrompue
H04L 69/40 - Dispositions, protocoles ou services de réseau indépendants de la charge utile de l'application et non couverts dans un des autres groupes de la présente sous-classe pour se remettre d'une défaillance d'une instance de protocole ou d'une entité, p.ex. protocoles de redondance de service, état de redondance de protocole ou redirection de service de protocole
H04L 67/1061 - Réseaux de pairs [P2P] en utilisant des mécanismes de découverte de pairs basés sur les nœuds
H04L 41/0813 - Réglages de configuration caractérisés par les conditions déclenchant un changement de paramètres
H04L 67/56 - Approvisionnement des services mandataires
H04L 67/60 - Ordonnancement ou organisation du service des demandes d'application, p.ex. demandes de transmission de données d'application en utilisant l'analyse et l'optimisation des ressources réseau requises
H04L 67/1014 - Sélection du serveur pour la répartition de charge basée sur le contenu d'une demande
H04L 41/0893 - Affectation de groupes logiques aux éléments de réseau
H04L 47/125 - Prévention de la congestion; Récupération de la congestion en équilibrant la charge, p.ex. par ingénierie de trafic
H04L 47/20 - Commande de flux; Commande de la congestion en assurant le maintien du trafic
H04L 69/16 - Implémentation ou adaptation du protocole Internet [IP], du protocole de contrôle de transmission [TCP] ou du protocole datagramme utilisateur [UDP]
H04L 69/329 - Protocoles de communication intra-couche entre entités paires ou définitions d'unité de données de protocole [PDU] dans la couche application [couche OSI 7]
H04L 41/28 - Restriction de l’accès aux systèmes ou aux fonctions de gestion de réseau, p.ex. en utilisant la fonction d’autorisation pour accéder à la configuration du réseau
34.
Large data transfer using visual codes with feedback confirmation
A method of confirming receipt, including iteratively capturing by a receiving device visual codes in a series of visual codes displayed on a sending device. A corresponding captured visual code being from a display block that resulted from a partition of an original data file into display blocks, and wherein each display block is converted to a corresponding string and header including an ordered identifying display block number and a total count of the display blocks. Each corresponding string is converted to a corresponding visual code. Each of the captured visual codes is converted into a corresponding string and a header is read for the corresponding string. Captured display blocks are determined. A confirmation message is generated including information indicating which display blocks have been received. The confirmation message is sent over a wireless communication link to the sending device to reduce the number of visual codes being displayed.
G06K 7/14 - Méthodes ou dispositions pour la lecture de supports d'enregistrement par radiation corpusculaire utilisant la lumière sans sélection des longueurs d'onde, p.ex. lecture de la lumière blanche réfléchie
G06K 5/04 - Vérification de l'alignement du marquage
G06K 9/00 - Méthodes ou dispositions pour la lecture ou la reconnaissance de caractères imprimés ou écrits ou pour la reconnaissance de formes, p.ex. d'empreintes digitales
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G09C 5/00 - Appareils ou méthodes de chiffrement ou de déchiffrement non prévus dans les autres groupes de la présente sous-classe, p.ex. comportant la dissimulation ou la déformation de données graphiques telles que dessins, messages écrits ou imprimés
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
41 - Éducation, divertissements, activités sportives et culturelles
Produits et services
Educational services, namely, conducting seminars,
conference and workshops in the fields of security and
identity management; training services in the field of
security and identity management; Arranging and conducting
educational conferences in the field of security and
identity management.
41 - Éducation, divertissements, activités sportives et culturelles
Produits et services
Educational services, namely, conducting seminars,
conference and workshops in the fields of security and
identity management; training services in the field of
security and identity management; arranging and conducting
educational conferences in the field of security and
identity management.
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
45 - Services juridiques; services de sécurité; services personnels pour individus
Produits et services
Downloadable computer software that facilitates identity
federation in the field of digital security and identity
verification that is used to build mobile applications that
capture facial image and government identification document
(s) and maintains that information securely within the
mobile application; downloadable computer software that
facilitates identity verification that captures personal
validation information related to health records, namely,
immunization and vaccination status, educational status and
degree credentials, personal and real property ownership
credentials, namely, deeds of ownership, insurance and
employment information and status, and third party verified
information about a user. Software as a service (SAAS) services, namely, hosting
non-downloadable computer software for use by others that
facilitates identity verification and proofing to establish
a real person's identity based on their biometric facial
image and a government identification; software as a service
(SAAS) services, namely, hosting non-downloadable computer
software for use by others that facilitates identity
verification that captures personal validation information
related to health records, namely, immunization and
vaccination status, educational status and degree
credentials, personal and real property ownership
credentials, namely, deeds of ownership, insurance and
employment information and status, and third party verified
information about a user. Identity verification services, namely, providing validation
of one's proof of verified identity between two or more
entities in the field of digital security; identity
verification services, namely, providing validation of one's
proof of verified identity, namely, personal validation
information related to health records and immunization and
vaccination status, educational status and degree
credentials, personal and real property ownership
credentials, namely, deeds of ownership, insurance and
employment information and status, and third party verified
information about a user.
41 - Éducation, divertissements, activités sportives et culturelles
Produits et services
(1) Educational services, namely, conducting seminars, conference and workshops in the fields of security and identity management; training services in the field of security and identity management; arranging and conducting educational conferences in the field of security and identity management.
41 - Éducation, divertissements, activités sportives et culturelles
Produits et services
(1) Educational services, namely, conducting seminars, conference and workshops in the fields of security and identity management; training services in the field of security and identity management; Arranging and conducting educational conferences in the field of security and identity management.
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
45 - Services juridiques; services de sécurité; services personnels pour individus
Produits et services
(1) Downloadable computer software that facilitates identity federation in the field of digital security and identity verification that is used to build mobile applications that capture facial image and government identification document (s) and maintains that information securely within the mobile application; downloadable computer software that facilitates identity verification that captures personal validation information related to health records, namely, immunization and vaccination status, educational status and degree credentials, personal and real property ownership credentials, namely, deeds of ownership, insurance and employment information and status, and third party verified information about a user.
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
45 - Services juridiques; services de sécurité; services personnels pour individus
Produits et services
(1) Downloadable computer software that facilitates identity federation in the field of digital security and identity verification that is used to build mobile applications that capture facial image and government identification document (s) and maintains that information securely within the mobile application; downloadable computer software that facilitates identity verification that captures personal validation information related to health records, namely, immunization and vaccination status, educational status and degree credentials, personal and real property ownership credentials, namely, deeds of ownership, insurance and employment information and status, and third party verified information about a user. (1) Software as a service (SAAS) services, namely, hosting non-downloadable computer software for use by others that facilitates identity verification and proofing to establish a real person's identity based on their biometric facial image and a government identification; software as a service (SAAS) services, namely, hosting non-downloadable computer software for use by others that that facilitates identity verification that captures personal validation information related to health records, namely, immunization and vaccination status, educational status and degree credentials, personal and real property ownership credentials, namely, deeds of ownership, insurance and employment information and status, and third party verified information about a user.
(2) Identity verification services, namely, providing validation of one's proof of verified identity between two or more entities in the field of digital security; identity verification services, namely, providing validation of one's proof of verified identity, namely, personal validation information related to health records and immunization and vaccination status, educational status and degree credentials, personal and real property ownership credentials, namely, deeds of ownership, insurance and employment information and status, and third party verified information about a user.
42.
Transferring data files using a series of visual codes
Software on an image-capturing device iteratively captures a visual code in a series of visual codes displayed in a repeating progression on a screen of a mobile device. The visual code was generated from a display block that resulted from a partition of an original data file into a series of display blocks of at least a specified size. The software converts the visual code back into a display block and reads a header for the display block, discarding the display block if it has already been captured, as determined by the ordered identifying block number in a header. The software stops the iterative capturing when all of the display blocks in the series have been captured, as determined by the count in the header and coalesces the captured display blocks into the original data file, using an order determined by the ordered identifying block numbers.
G06F 17/00 - TRAITEMENT ÉLECTRIQUE DE DONNÉES NUMÉRIQUES Équipement ou méthodes de traitement de données ou de calcul numérique, spécialement adaptés à des fonctions spécifiques
G06K 7/10 - Méthodes ou dispositions pour la lecture de supports d'enregistrement par radiation corpusculaire
G06K 7/14 - Méthodes ou dispositions pour la lecture de supports d'enregistrement par radiation corpusculaire utilisant la lumière sans sélection des longueurs d'onde, p.ex. lecture de la lumière blanche réfléchie
G06K 19/06 - Supports d'enregistrement pour utilisation avec des machines et avec au moins une partie prévue pour supporter des marques numériques caractérisés par le genre de marque numérique, p.ex. forme, nature, code
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/14 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité utilisant plusieurs clés ou algorithmes
H04L 9/30 - Clé publique, c. à d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
G09C 5/00 - Appareils ou méthodes de chiffrement ou de déchiffrement non prévus dans les autres groupes de la présente sous-classe, p.ex. comportant la dissimulation ou la déformation de données graphiques telles que dessins, messages écrits ou imprimés
41 - Éducation, divertissements, activités sportives et culturelles
Produits et services
Educational services, namely, conducting seminars, conference and workshops in the fields of security and identity management; training services in the field of security and identity management; Arranging and conducting educational conferences in the field of security and identity management
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
45 - Services juridiques; services de sécurité; services personnels pour individus
Produits et services
Downloadable computer software that facilitates identity
federation in the field of digital security and identity
verification, namely, downloadable computer software for
building mobile applications that captures facial image data
and maintains that information securely within the mobile
application; downloadable computer software that facilitates
identity federation in the field of digital security and
identity verification, namely, downloadable computer
software for building mobile applications that captures
government identification documents and maintains that
information securely within the mobile application. Software as a service (SAAS) services, namely, services for
hosting non-downloadable computer software for use by others
that facilitates identity verification and identity proofing
to establish a real person's identity based on their
biometric facial image; software as a service (SAAS)
services, namely, services for hosting non-downloadable
computer software for use by others that facilitates
identity verification and identity proofing to establish a
real person's identity based on a form of government
identification. Identity verification services, namely, providing validation
of a person's verified identity.
41 - Éducation, divertissements, activités sportives et culturelles
Produits et services
Educational services, namely, conducting seminars, conference and workshops in the fields of security and identity management; training services in the field of security and identity management; Arranging and conducting educational conferences in the field of security and identity management
42 - Services scientifiques, technologiques et industriels, recherche et conception
45 - Services juridiques; services de sécurité; services personnels pour individus
Produits et services
(1) Software as a service (SAAS) services, namely, services for hosting non-downloadable computer software for use by others that facilitates identity verification and identity proofing to establish a real person's identity based on their biometric facial image; software as a service (SAAS) services, namely, services for hosting non-downloadable computer software for use by others that facilitates identity verification and identity proofing to establish a real person's identity based on a form of government identification.
(2) Identity verification services, namely, providing authentication of personal identification information, namely, a person's verified identity; identity validation services, namely, providing authentication of personal identification information, namely, a person's verified identity; identity validation, namely, providing authentication of personal identification information via the internet; fraud detection services in the field of identity verification, namely validating a person's identity based on their biometric facial image and providing validation of a person's verified identity based on a form of government identification; identity verification services, namely, providing validation of a person's verified identity based on their biometric facial image and providing validation of a person's verified identity based on a form of government identification.
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
45 - Services juridiques; services de sécurité; services personnels pour individus
Produits et services
Downloadable computer software that facilitates identity federation in the field of digital security and identity verification that is used to build mobile applications that capture facial image and government identification document(s) and maintains that information securely within the mobile application; Downloadable computer software that facilitates identity verification that captures personal validation information related to health records, namely, immunization and vaccination status, educational status and degree credentials, personal and real property ownership credentials, namely, deeds of ownership, insurance and employment information and status, and third party verified information about a user Software as a service (SAAS) services, namely, hosting non-downloadable computer software for use by others that facilitates identity verification and proofing to establish a real person's identity based on their biometric facial image and a government identification; Software as a service (SAAS) services, namely, hosting non-downloadable computer software for use by others that that facilitates identity verification that captures personal validation information related to health records, namely, immunization and vaccination status, educational status and degree credentials, personal and real property ownership credentials, namely, deeds of ownership, insurance and employment information and status, and third party verified information about a user Identity verification services, namely, providing validation of one's proof of verified identity between two or more entities in the field of digital security; Identity verification services, namely, providing validation of one's proof of verified identity, namely, personal validation information related to health records and immunization and vaccination status, educational status and degree credentials, personal and real property ownership credentials, namely, deeds of ownership, insurance and employment information and status, and third party verified information about a user
09 - Appareils et instruments scientifiques et électriques
Produits et services
Downloadable computer software that facilitates identity federation in the field of digital security and identity verification that is used to build mobile applications that capture facial image and government identification document(s) and maintains that information securely within the mobile application; Downloadable computer software that facilitates identity verification that captures personal validation information related to health records, namely, immunization and vaccination status, educational status and degree credentials, personal and real property ownership credentials, namely, deeds of ownership, insurance and employment information and status, and third party verified information about a user
49.
Methods and apparatus for analyzing sequences of application programming interface traffic to identify potential malicious actions
In some embodiments, a method includes receiving, at a processor of a server, a first application programming interface (API) call from a client device and providing an indication associated with the first API call as an input to a machine learning model such that the machine learning model identifies a set of parameters associated with a set of likely subsequent API calls. The method can further include receiving a second API call from the client device, identifying the second API call as an anomalous API call based on the second API call not meeting the set of parameters associated with the set of likely subsequent API calls, and sending a signal to perform a remedial action based on the identifying.
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
H04L 41/16 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p.ex. des réseaux de commutation de paquets en utilisant l'apprentissage automatique ou l'intelligence artificielle
42 - Services scientifiques, technologiques et industriels, recherche et conception
45 - Services juridiques; services de sécurité; services personnels pour individus
Produits et services
Software as a service (SAAS) services, namely, services for hosting non-downloadable computer software for use by others that facilitates identity verification and identity proofing to establish a real person's identity based on their biometric facial image; Software as a service (SAAS) services, namely, services for hosting non-downloadable computer software for use by others that facilitates identity verification and identity proofing to establish a real person's identity based on a form of government identification Identity verification services, namely, providing authentication of personal identification information, namely, a person's verified identity; identity validation services, namely, providing authentication of personal identification information, namely, a person's verified identity; identity validation, namely, providing authentication of personal identification information via the internet; fraud detection services in the field of identity verification Identity verification services, namely, providing validation of a person's verified identity
51.
Methods and systems for API proxy based adaptive security
The invention concerns API proxy based adaptive security. The invention implements adaptive security for API servers, while avoiding data bottlenecks and maintaining client experience. The invention provides methods and configurations for API security that may be employed at proxies for implementing routing decisions involving client messages received at said proxies. The invention also involves generating or collecting at proxies, log information that captures data corresponding to received client messages and responses from API servers—which log information correlates communications between clients, proxies and backend API servers, and includes data relevant for purposes generating API metrics and identifying anomalies and/or indicators of compromise. The invention yet further provides security server clusters configured for generating API metrics and/or identify anomalies or indicators of compromise—which may be used by proxies to terminate existing connections and block subsequent requests or messages from clients associated with the identified anomalies or indicators of compromise.
H04L 67/1095 - Réplication ou mise en miroir des données, p.ex. l’ordonnancement ou le transport pour la synchronisation des données entre les nœuds du réseau
H04L 67/12 - Protocoles spécialement adaptés aux environnements propriétaires ou de mise en réseau pour un usage spécial, p.ex. les réseaux médicaux, les réseaux de capteurs, les réseaux dans les véhicules ou les réseaux de mesure à distance
H04L 67/145 - Interruption ou inactivation de sessions, p.ex. fin de session contrôlée par un événement en évitant la fin de session, p.ex. maintien en vie, battements de cœur, message de reprise ou réveil pour une session inactive ou interrompue
H04L 69/40 - Dispositions, protocoles ou services de réseau indépendants de la charge utile de l'application et non couverts dans un des autres groupes de la présente sous-classe pour se remettre d'une défaillance d'une instance de protocole ou d'une entité, p.ex. protocoles de redondance de service, état de redondance de protocole ou redirection de service de protocole
H04L 67/1061 - Réseaux de pairs [P2P] en utilisant des mécanismes de découverte de pairs basés sur les nœuds
H04L 41/0813 - Réglages de configuration caractérisés par les conditions déclenchant un changement de paramètres
H04L 67/56 - Approvisionnement des services mandataires
H04L 67/60 - Ordonnancement ou organisation du service des demandes d'application, p.ex. demandes de transmission de données d'application en utilisant l'analyse et l'optimisation des ressources réseau requises
H04L 67/1014 - Sélection du serveur pour la répartition de charge basée sur le contenu d'une demande
H04L 41/0893 - Affectation de groupes logiques aux éléments de réseau
H04L 47/125 - Prévention de la congestion; Récupération de la congestion en équilibrant la charge, p.ex. par ingénierie de trafic
H04L 47/20 - Commande de flux; Commande de la congestion en assurant le maintien du trafic
H04L 69/16 - Implémentation ou adaptation du protocole Internet [IP], du protocole de contrôle de transmission [TCP] ou du protocole datagramme utilisateur [UDP]
H04L 69/329 - Protocoles de communication intra-couche entre entités paires ou définitions d'unité de données de protocole [PDU] dans la couche application [couche OSI 7]
H04L 41/28 - Restriction de l’accès aux systèmes ou aux fonctions de gestion de réseau, p.ex. en utilisant la fonction d’autorisation pour accéder à la configuration du réseau
09 - Appareils et instruments scientifiques et électriques
41 - Éducation, divertissements, activités sportives et culturelles
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Downloadable computer software that facilitates identity
federation; multi-factor and strong authentication (terms
too vague in the opinion of the International Bureau – Rule
13 (2) (b) of the Regulations); access control for web,
mobile and application programmable interface (API) all of
the foregoing in the field of authorization policy services
(terms too vague in the opinion of the International Bureau
– Rule 13 (2) (b) of the Regulations); directory, identity
provisioning and identity administration services (terms too
vague in the opinion of the International Bureau – Rule 13
(2) (b) of the Regulations); identity services auditing and
reporting (terms too vague in the opinion of the
International Bureau – Rule 13 (2) (b) of the Regulations);
and other identity and access management services in the
field of digital security and identity verification (terms
too vague in the opinion of the International Bureau – Rule
13 (2) (b) of the Regulations); software for API traffic
security; software for API activity monitoring and attack
detection and reporting; security software for data,
applications, and computer systems accessed via API or other
programmatic methods; software for reporting programmatic
interface traffic activity; software for reporting API
traffic activity; software for computer network security;
software for cloud-based computer security; software for
monitoring computer networks; software for detecting
computer network intrusion; software for monitoring and
maintaining network security; computer software for use in
the safeguarding of network data or network services;
computer software for detecting security threat; computer
software for analyzing attacker behavior within computer
networks; computer software for discovering, documenting,
and analyzing attacker tools and methods; computer software
for exporting computer security threat information and for
creating attack signatures to safeguard computer networks;
software for firewall protection in computer networks,
monitoring incoming and outgoing data carried by a computer
network, detecting and reporting computer network
intrusions, and computer network security management;
software for securing API traffic across hybrid clouds;
software for protecting computers and network services from
attack; computer, network, and telecommunications software
for providing active protection for network servers and
network adapters by detecting packet content, detecting
network traffic, recording packet content or network
traffic, capturing packet content or network traffic,
monitoring packet content or network traffic, filtering
packet content or network traffic, attack blocking, namely,
blocking or rate limiting network traffic, event management
and reporting; software for creating, centrally managing,
maintaining, and executing firewall filters, content
filters, and access control; software for implementing
network packet. Educational services, namely, conducting seminars,
conference and workshops in the fields of security and
identity management; training services in the field of
security and identity management; arranging and conducting
educational conferences; arranging, organizing and
conducting collaborative meetings in the field of enterprise
security solutions, namely, identity and access security,
authentication services, directory services, enterprise
mobility management, cloud governance and threat and fraud
detection. Software as a service (SAAS) services, namely, hosting
non-downloadable computer software for use by others that
facilitates identity federation, multi-factor and strong
authentication of computer users and identity verification
protocols, and access control for web, mobile and
application programmable interfaces (API); identity (terms
too vague in the opinion of the International Bureau – Rule
13 (2) (b) of the Regulations); software as a service (SAAS)
services, namely, hosting non-downloadable computer software
for use by others that provides a self-service portal for
application owners and developers to centrally manage
policies across all products, create policy templates, and
manage the configuration of applications.
53.
Methods and systems for deep learning based API traffic security
The present invention relates to the field of networking and API/application security. In particular, the invention is directed towards methods, systems and computer program products for deep learning based API traffic analysis and network security. The invention provides an automated approach to threat and/or attack detection by machine learning based accumulation and/or interpretation of various API/application traffic patterns, identifying and mapping characteristics of normal traffic for each API, and thereafter identifying any deviations from the normal traffic parameter baselines, which deviations may be classified as anomalies or attacks.
A method of replicating changes to a dataset includes receiving from a client a request for an operation on the dataset, dynamically selecting from a plurality of replication assurance policies a selected replication assurance policy for the operation, the selected replication assurance policy determining a selected assurance level, wherein the selection is based on at least one of an operation criteria or a connection criteria, submitting, to a first replica of the dataset, a command comprising the operation, and reporting to the client the result of the operation according to the selected assurance level.
G06F 16/27 - Réplication, distribution ou synchronisation de données entre bases de données ou dans un système de bases de données distribuées; Architectures de systèmes de bases de données distribuées à cet effet
G06F 16/28 - Bases de données caractérisées par leurs modèles, p.ex. des modèles relationnels ou objet
55.
Large data transfer using visual codes with feedback confirmation
A method of confirming receipt, including iteratively capturing by a receiving device visual codes in a series of visual codes displayed on a sending device. A corresponding captured visual code being from a display block that resulted from a partition of an original data file into display blocks, and wherein each display block is converted to a corresponding string and header including an ordered identifying display block number and a total count of the display blocks. Each corresponding string is converted to a corresponding visual code. Each of the captured visual codes is converted into a corresponding string and a header is read for the corresponding string. Captured display blocks are determined. A confirmation message is generated including information indicating which display blocks have been received. The confirmation message is sent over a wireless communication link to the sending device to reduce the number of visual codes being displayed.
G06K 7/10 - Méthodes ou dispositions pour la lecture de supports d'enregistrement par radiation corpusculaire
G06K 19/06 - Supports d'enregistrement pour utilisation avec des machines et avec au moins une partie prévue pour supporter des marques numériques caractérisés par le genre de marque numérique, p.ex. forme, nature, code
G06K 7/14 - Méthodes ou dispositions pour la lecture de supports d'enregistrement par radiation corpusculaire utilisant la lumière sans sélection des longueurs d'onde, p.ex. lecture de la lumière blanche réfléchie
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G09C 5/00 - Appareils ou méthodes de chiffrement ou de déchiffrement non prévus dans les autres groupes de la présente sous-classe, p.ex. comportant la dissimulation ou la déformation de données graphiques telles que dessins, messages écrits ou imprimés
56.
Electronic identification verification methods and systems with storage of certification records to a side chain
Method of certification including receiving user data at a device of a certifying entity. The method includes generating a salt that is unique. The method includes hashing the data combined with the salt to create a generated hashed data. The method includes generating a certification record based on signing the generated hashed data using a private key of the certifying entity to create a signed certification of the data. The method includes hashing the certification record. The method includes transmitting the hashed certification record to a blockchain for storing. The method includes receiving a certification tx-ID of the hashed certification record. The method includes generating a certification data block including the certification record and the certification tx-ID. The method includes storing the certification data block to a side chain.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
G06Q 20/06 - Circuits privés de paiement, p.ex. impliquant de la monnaie électronique utilisée uniquement entre les participants à un programme commun de paiement
G06K 7/14 - Méthodes ou dispositions pour la lecture de supports d'enregistrement par radiation corpusculaire utilisant la lumière sans sélection des longueurs d'onde, p.ex. lecture de la lumière blanche réfléchie
G06Q 20/38 - Architectures, schémas ou protocoles de paiement - leurs détails
G06F 7/58 - Générateurs de nombres aléatoires ou pseudo-aléatoires
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Downloadable computer software that facilitates identity
federation; software for API traffic security; software for
API activity monitoring and attack detection and reporting;
security software for data, applications, and computer
systems accessed via API or other programmatic methods;
software for reporting programmatic interface traffic
activity; software for reporting API traffic activity;
software for computer network security; software for
cloud-based computer security; software for monitoring
computer networks; software for detecting computer network
intrusion; software for monitoring and maintaining network
security; computer software for use in the safeguarding of
network data or network services; computer software for
detecting security threat; computer software for analyzing
attacker behavior within computer networks; computer
software for discovering, documenting, and analyzing
attacker tools and methods; computer software for exporting
computer security threat information and for creating attack
signatures to safeguard computer networks; software for
firewall protection in computer networks, monitoring
incoming and outgoing data carried by a computer network,
detecting and reporting computer network intrusions, and
computer network security management; software for securing
API traffic across hybrid clouds; software for protecting
computers and network services from attack; computer,
network, and telecommunications software for providing
active protection for network servers and network adapters
by detecting packet content, detecting network traffic,
recording packet content or network traffic, capturing
packet content or network traffic, monitoring packet content
or network traffic, filtering packet content or network
traffic, attack blocking, namely, blocking or rate limiting
network traffic, event management and reporting; software
for creating, centrally managing, maintaining, and executing
firewall filters, content filters, and access control;
software for implementing network packet brokers, intrusion
prevention systems and network load balancers; software for
monitoring, analyzing or reporting of network information,
data, and traffic. Software as a service (SAAS) services, namely, hosting
non-downloadable computer software for use by others that
facilitates identity federation, multi-factor and strong
authentication of computer users and identity verification
protocols, and access control for web, mobile and
application programmable interfaces (API); identity
verification services, namely, providing user authentication
between two or more entities using digital certificates,
multi factor authentication and strong identification
protocols in the field of digital security for allowing user
access to web, mobile and application programmable
interfaces (API); user authentication, identification and
monitoring services, namely multi-factor and strong
authentication, access control for web, mobile and
application programmable interface (API) all of the
foregoing in the field of authorization policy services;
user authentication, identification and monitoring services,
namely identity provisioning and administration services,
identity services auditing and reporting and other identity
and access management services in the field of digital
security and identity verification.
58.
Methods and systems for API deception environment and API traffic control and security
The present invention relates to the field of networking and API/application security. In particular, the invention is directed towards methods, systems and computer program products for Application Programming Interface (API) based flow control and API based security at the application layer of the networking protocol stack. The invention additionally provides an API deception environment to protect a server backend from threats, attacks and unauthorized access.
The invention enables high-availability, high-scale, high security and disaster recovery for API computing, including in terms of capture of data traffic passing through proxies, routing communications between clients and servers, and load balancing and/or forwarding functions. The invention inter alia provides (i) a scalable cluster of proxies configured to route communications between clients and servers, without any single point of failure, (ii) proxy nodes configured for implementing the scalable cluster (iii) efficient methods of configuring the proxy cluster, (iv) natural resiliency of clusters and/or proxy nodes within a cluster, (v) methods for scaling of clusters, (vi) configurability of clusters to span multiple servers, multiple racks and multiple datacenters, thereby ensuring high availability and disaster recovery (vii) switching between proxies or between servers without loss of session.
A method for login, including making a login request to an entity through a federation server that generates a session identifier. A QR code is sent to the federation server to receive the session identifier. A secure envelope including user personal information is sent to the federation server to verify user registration with the federation server. A login token generated by the federation server is received and is associated with a smart contract generated by the federation server and stored on a blockchain. The login token is signed using user private key and sent to the blockchain for inclusion in the smart contract. A transaction identifier is received from the blockchain, and is sent to the federation server that generates a session record based on the login token. The federation server sends user verification to the entity to authorize a communication session between the user device and the entity.
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
61.
Methods and systems for creating and recovering accounts using dynamic passwords
A method for recovering data. Identity factors are collected at a device, wherein hashes of the identity factors are configured to be stored at a server. A dynamic password is generated at the device based on the identity factors and a Salt generated by the server and configured to be delivered to the device. A selfie is captured of a user. The device generates a symmetric key used to encrypt the selfie. The symmetric key is encrypted using the dynamic password. The encrypted symmetric key and the encrypted selfie are stored on the server. One or more data items are stored on the server. The dynamic password is recoverable by presenting the plurality of identity factors that are hashed to the server. The symmetric key is recoverable using the recovered dynamic password. The data items are recoverable by presenting the symmetric key and a second selfie of the user.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06F 16/22 - Indexation; Structures de données à cet effet; Structures de stockage
G06F 21/46 - Structures ou outils d’administration de l’authentification par la création de mots de passe ou la vérification de la solidité des mots de passe
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
(1) Downloadable computer software that facilitates identity federation, facilitates multi-factor and strong authentication, facilitates access control for web, mobile and application programmable interface (API) all of the foregoing in the field of authorization policy services; downloadable computer software that facilitates directory, identity provisioning and identity administration services, facilitates identity services auditing and reporting, and facilitates multi-factor authentication and strong authentication in the field of digital security and identity verification; downloadable software for API traffic security; downloadable software for API activity monitoring and attack detection and reporting; downloadable digital security software for secure transmission of user generated data, software applications, and computer systems accessed via application programmable interface (API) or the Internet; software for reporting programmatic interface traffic activity; downloadable software for reporting API traffic activity; downloadable software for computer network security; downloadable software for cloud-based computer security; downloadable software for monitoring computer networks; downloadable software for detecting computer network intrusion; downloadable software for monitoring and maintaining network security; downloadable computer software for use in the safeguarding of network data or network services; downloadable computer software for detecting security threat; downloadable computer software for analyzing attacker behavior within computer networks; downloadable computer software for discovering, documenting, and analyzing attacker tools and methods; downloadable computer software for exporting computer security threat information and for creating attack signatures to safeguard computer networks; downloadable software for firewall protection in computer networks, monitoring incoming and outgoing data carried by a computer network, detecting and reporting computer network intrusions, and computer network security management; downloadable software for securing API traffic across hybrid clouds; downloadable software for protecting computers and computer network services from cyber attack; downloadable computer, network, and telecommunications software for providing active protection for network servers and network adapters by detecting packet content, detecting network traffic, recording packet content or network traffic, capturing packet content or network traffic, monitoring packet content or network traffic, filtering packet content or network traffic, attack blocking, namely, blocking or rate limiting network traffic, event management and reporting; downloadable software for creating, centrally managing, maintaining, and executing firewall protection filters, content filters, and controlling access to computer networks; downloadable software for filtering network packet brokers, intrusion prevention systems and network load balancers; downloadable software for monitoring, analyzing and reporting of computer network security, user generated data, and computer network traffic in the field of digital security and identity verification. (1) Software as a service (SAAS) services, namely, hosting non-downloadable computer software for use by others that facilitates identity federation, multi-factor and strong authentication of computer users and identity verification protocols, and access control for web, mobile and application programmable interfaces (API); identity verification services, namely, providing user authentication between two or more entities using digital certificates, multi factor authentication and strong identification protocols in the field of digital security for allowing user access to web, mobile and application programmable interfaces (API).
09 - Appareils et instruments scientifiques et électriques
Produits et services
Downloadable computer software that facilitates identity federation, multi-factor and strong authentication, access control for web, mobile and application programmable interface (API), all of the foregoing in the field of authorization policy services, directory, identity provisioning and identity administration services, identity services auditing and reporting, and other identity and access management services in the field of digital security and identity verification; downloadable software for API traffic security; downloadable software for API activity monitoring and attack detection and reporting; downloadable security software for data, applications, and computer systems accessed via API or other programmatic methods; software for reporting programmatic interface traffic activity; software for reporting API traffic activity; downloadable software for computer network security; downloadable software for cloud-based computer security; downloadable software for monitoring computer networks; downloadable software for detecting computer network intrusion; downloadable software for monitoring and maintaining network security; downloadable computer software for use in the safeguarding of network data or network services; downloadable computer software for detecting security threat; downloadable computer software for analyzing attacker behavior within computer networks; downloadable computer software for discovering, documenting, and analyzing attacker tools and methods; downloadable computer software for exporting computer security threat information and for creating attack signatures to safeguard computer networks; downloadable software for firewall protection in computer networks, monitoring incoming and outgoing data carried by a computer network, detecting and reporting computer network intrusions, and computer network security management; software for securing API traffic across hybrid clouds; downloadable software for protecting computers and network services from attack; downloadable computer, network, and telecommunications software for providing active protection for network servers and network adapters by detecting packet content, detecting network traffic, recording packet content or network traffic, capturing packet content or network traffic, monitoring packet content or network traffic, filtering packet content or network traffic, attack blocking, namely, blocking or rate limiting network traffic, event management and reporting; downloadable software for creating, centrally managing, maintaining, and executing firewall filters, content filters, and access control; downloadable software for implementing network packet
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Downloadable computer software that facilitates identity
federation, multi-factor and strong authentication and
access control for web, mobile and application programmable
interface (API), all of the foregoing in the field of
authorization policy services, directory, identity
provisioning and identity administration services, identity
services auditing and reporting, and other identity and
access management services in the field of digital security
and identity verification; software for API traffic
security; software for API activity monitoring and attack
detection and reporting; security software for data,
applications, and computer systems accessed via API or other
programmatic methods; software for reporting programmatic
interface traffic activity; software for reporting API
traffic activity; software for computer network security;
software for cloud-based computer security; software for
monitoring computer networks; software for detecting
computer network intrusion; software for monitoring and
maintaining network security; computer software for use in
the safeguarding of network data or network services;
computer software for detecting security threat; computer
software for analyzing attacker behavior within computer
networks; computer software for discovering, documenting,
and analyzing attacker tools and methods; computer software
for exporting computer security threat information and for
creating attack signatures to safeguard computer networks;
software for firewall protection in computer networks,
monitoring incoming and outgoing data carried by a computer
network, detecting and reporting computer network
intrusions, and computer network security management;
software for securing API traffic across hybrid clouds;
software for protecting computers and network services from
attack; computer, network, and telecommunications software
for providing active protection for network servers and
network adapters by detecting packet content, detecting
network traffic, recording packet content or network
traffic, capturing packet content or network traffic,
monitoring packet content or network traffic, filtering
packet content or network traffic, attack blocking, namely,
blocking or rate limiting network traffic, event management
and reporting; software for creating, centrally managing,
maintaining, and executing firewall filters, content
filters, and access control; software for implementing
network packet brokers, intrusion prevention systems and
network load balancers; software for monitoring, analyzing
or reporting of network information, data, and traffic. Software as a service (SAAS) services, namely, hosting non-
downloadable computer software for use by others that
facilitates identity federation, multi-factor and strong
authentication of computer users and identity verification
protocols, and access control for web, mobile and
application programmable interfaces (API); identity
verification services, namely, providing user authentication
between two or more entities using digital certificates,
multi factor authentication and strong identification
protocols in the field of digital security for allowing user
access to web, mobile and application programmable
interfaces (API).
65.
Methods and systems for recovering data using dynamic passwords
A method for recovering data. The method including collecting identity factors at a user device, wherein hashes of the identity factors are configured to be stored at a server. The method including generating at the user device a dynamic password based on the identity factors and a Salt configured to be generated by the server and configured to be delivered to the user device. The method including generating at the user device a data key and encrypting the data key using the dynamic password to generate an encrypted data key configured to be stored at the server. The method including encrypting at the user device data items using the data key to generate encrypted data items configured to be stored at the server. As such, the data items are recoverable by presenting the identity factors to the server.
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Downloadable computer software that facilitates identity federation, facilitates multi-factor and strong authentication, facilitates access control for web, mobile and application programmable interface (API) all of the foregoing in the field of authorization policy services; downloadable computer software that facilitates directory, identity provisioning and identity administration services, facilitates identity services auditing and reporting, and facilitates other identity and access management services in the field of digital security and identity verification; downloadable software for API traffic security; downloadable software for API activity monitoring and attack detection and reporting; security software, being downloadable, for data, applications, and computer systems accessed via API or other programmatic methods; software for reporting programmatic interface traffic activity; downloadable software for reporting API traffic activity; downloadable software for computer network security; downloadable software for cloud-based computer security; downloadable software for monitoring computer networks; downloadable software for detecting computer network intrusion; downloadable software for monitoring and maintaining network security; downloadable computer software for use in the safeguarding of network data or network services; downloadable computer software for detecting security threat; downloadable computer software for analyzing attacker behavior within computer networks; downloadable computer software for discovering, documenting, and analyzing attacker tools and methods; downloadable computer software for exporting computer security threat information and for creating attack signatures to safeguard computer networks; downloadable software for firewall protection in computer networks, monitoring incoming and outgoing data carried by a computer network, detecting and reporting computer network intrusions, and computer network security management; downloadable software for securing API traffic across hybrid clouds; downloadable software for protecting computers and network services from attack; downloadable computer, network, and telecommunications software for providing active protection for network servers and network adapters by detecting packet content, detecting network traffic, recording packet content or network traffic, capturing packet content or network traffic, monitoring packet content or network traffic, filtering packet content or network traffic, attack blocking, namely, blocking or rate limiting network traffic, event management and reporting; downloadable software for creating, centrally managing, maintaining, and executing firewall filters, content filters, and access control; downloadable software for implementing network packet brokers, intrusion prevention systems and network load balancers; downloadable software for monitoring, analyzing or reporting of network information, data, and traffic Software as a service (SAAS) services, namely, hosting non-downloadable computer software for use by others that facilitates identity federation, multi-factor and strong authentication of computer users and identity verification protocols, and access control for web, mobile and application programmable interfaces (API); identity verification services, namely, providing user authentication between two or more entities using digital certificates, multi factor authentication and strong identification protocols in the field of digital security for allowing user access to web, mobile and application programmable interfaces (API)
67.
Method and system for authenticated login using static or dynamic codes
Method of authentication including sending a login web page to a first device of a user including a scannable code having an envelope ID and a login challenge. The envelope ID generated by an identity manager is associated with a first envelope of data including a session ID. A confirmation login request is received from a second device associated with the user, and includes a second envelope of data comprising the session ID, a user ID, and a seal of the user ID registering the user ID with the identity manager. The confirmation login request to the login challenge is verified using the session ID, and the user is verified using the user ID and seal. User login is authorized upon successful verification of the login challenge and user, and a communication session having the session ID is established between the web server and the first device.
G06F 21/64 - Protection de l’intégrité des données, p.ex. par sommes de contrôle, certificats ou signatures
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
68.
Methods and apparatus for analyzing sequences of application programming interface traffic to identify potential malicious actions
In some embodiments, a method includes receiving, at a processor of a server, a first application programming interface (API) call from a client device and providing an indication associated with the first API call as an input to a machine learning model such that the machine learning model identifies a set of parameters associated with a set of likely subsequent API calls. The method can further include receiving a second API call from the client device, identifying the second API call as an anomalous API call based on the second API call not meeting the set of parameters associated with the set of likely subsequent API calls, and sending a signal to perform a remedial action based on the identifying.
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Downloadable computer software that facilitates identity
federation, multi-factor and strong authentication of
computer users and identity verification protocols, and
access control for web, mobile and application programmable
interfaces (API), all of the foregoing in the field of
authorization policy services, directory, identity
provisioning and identity administration services, identity
services auditing and reporting, and other identity and
access management services in the field of digital security
and identity verification. Software as a service (SaaS) services, namely, hosting non-
downloadable computer software for use by others that
facilitates identity federation, multi-factor and strong
authentication of computer users and identity verification
protocols, and access control for web, mobile and
application programmable interfaces (API); identity
verification services, namely, providing user authentication
between two or more entities using digital certificates,
multi factor authentication and strong identification
protocols in the field of digital security for allowing user
access to web, mobile and application programmable
interfaces (API).
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Downloadable computer software that facilitates identity
federation, multi-factor and strong authentication of
computer users and identity verification protocols, and
access control for web, mobile and application programmable
interfaces (API), all of the foregoing in the field of
authorization policy services, directory, identity
provisioning and identity administration services, identity
services auditing and reporting, and other identity and
access management services in the field of digital security
and identity verification. Software as a service (SaaS) services, namely, hosting non-
downloadable computer software for use by others that
facilitates identity federation, multi-factor and strong
authentication of computer users and identity verification
protocols, and access control for web, mobile and
application programmable interfaces (API); identity
verification services, namely, providing user authentication
between two or more entities using digital certificates,
multi factor authentication and strong identification
protocols in the field of digital security for allowing user
access to web, mobile and application programmable
interfaces (API).
71.
Methods and systems for API proxy based adaptive security
The invention concerns API proxy based adaptive security. The invention implements adaptive security for API servers, while avoiding data bottlenecks and maintaining client experience. The invention provides methods and configurations for API security that may be employed at proxies for implementing routing decisions involving client messages received at said proxies. The invention also involves generating or collecting at proxies, log information that captures data corresponding to received client messages and responses from API servers—which log information correlates communications between clients, proxies and backend API servers, and includes data relevant for purposes generating API metrics and identifying anomalies and/or indicators of compromise. The invention yet further provides security server clusters configured for generating API metrics and/or identify anomalies or indicators of compromise—which may be used by proxies to terminate existing connections and block subsequent requests or messages from clients associated with the identified anomalies or indicators of compromise.
The invention enables high-availability, high-scale, high security and disaster recovery for API computing, including in terms of capture of data traffic passing through proxies, routing communications between clients and servers, and load balancing and/or forwarding functions. The invention inter alia provides (i) a scalable cluster of proxies configured to route communications between clients and servers, without any single point of failure, (ii) proxy nodes configured for implementing the scalable cluster (iii) efficient methods of configuring the proxy cluster, (iv) natural resiliency of clusters and/or proxy nodes within a cluster, (v) methods for scaling of clusters, (vi) configurability of clusters to span multiple servers, multiple racks and multiple datacenters, thereby ensuring high availability and disaster recovery (vii) switching between proxies or between servers without loss of session.
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
45 - Services juridiques; services de sécurité; services personnels pour individus
Produits et services
(1) Downloadable computer software that facilitates identity federation; downloadable computer software that facilitates multi-factor authentication and strong authentication in the field of digital security and identity verification; downloadable computer software that facilitates access control for web, mobile and application programmable interface (API), all in the field of digital security and identity verification; downloadable computer software that facilitates authorization policy services authentication in the field of digital security and identity verification; downloadable computer software that facilitates directory, identity provisioning and identity administration services in the field of digital security and identity verification; downloadable computer software that facilitates identity services auditing and reporting in the field of digital security and identity verification; downloadable computer software that facilitates identity federation and access management services in the field of digital security and identity verification; Software for API traffic security; software for API activity monitoring and attack detection and reporting; security software for digital security and identity verification data, applications, and computer systems accessed via API; software for reporting programmatic interface traffic activity; software for reporting API traffic activity; software for computer network security; software for cloud-based computer security; software for monitoring computer networks; software for detecting computer network intrusion; software for monitoring and maintaining network security; computer software for use in the safeguarding of network data or network services; computer software for detecting security threat; computer software for analyzing attacker behavior within computer networks; computer software for discovering, documenting, and analyzing attacker tools and methods; computer software for exporting computer security threat information and for creating attack signatures to safeguard computer networks; software for firewall protection in computer networks, monitoring incoming and outgoing data carried by a computer network, detecting and reporting computer network intrusions, and computer network security management; software for securing API traffic across hybrid clouds; software for protecting computers and network services from security breaches and cyber attacks; Computer, network, and telecommunications software for providing active protection for network servers and network adapters by detecting packet content, detecting network traffic, recording packet content or network traffic, capturing packet content or network traffic, monitoring packet content or network traffic, filtering packet content or network traffic, attack blocking, namely, blocking or rate limiting network traffic, event management and reporting; software for creating, centrally managing, maintaining, and executing firewall filters, content filters of computers and computer networks, and access control for web, mobile and application programmable interface (API); Software for implementing network packet brokers, intrusion prevention systems and network load balancers; software for monitoring, analyzing or reporting of global computer network digital security and identity information, data, and traffic (1) Software as a service (SAAS) services, namely, hosting non-downloadable computer software for use by others that facilitates identity federation, multi-factor and strong authentication, access control for web, mobile and application programmable interface (API)
(2) Identity verification services, namely, providing user authentication between two or more entities in the field of digital security
74.
Transferring data files using a series of visual codes
Software on an image-capturing device iteratively captures a visual code in a series of visual codes displayed in a repeating progression on a screen of a mobile device. The visual code was generated from a display block that resulted from a partition of an original data file into a series of display blocks of at least a specified size. The software converts the visual code back into a display block and reads a header for the display block, discarding the display block if it has already been captured, as determined by the ordered identifying block number in a header. The software stops the iterative capturing when all of the display blocks in the series have been captured, as determined by the count in the header and coalesces the captured display blocks into the original data file, using an order determined by the ordered identifying block numbers.
G06F 17/00 - TRAITEMENT ÉLECTRIQUE DE DONNÉES NUMÉRIQUES Équipement ou méthodes de traitement de données ou de calcul numérique, spécialement adaptés à des fonctions spécifiques
G06K 7/10 - Méthodes ou dispositions pour la lecture de supports d'enregistrement par radiation corpusculaire
G06K 7/14 - Méthodes ou dispositions pour la lecture de supports d'enregistrement par radiation corpusculaire utilisant la lumière sans sélection des longueurs d'onde, p.ex. lecture de la lumière blanche réfléchie
G06K 19/06 - Supports d'enregistrement pour utilisation avec des machines et avec au moins une partie prévue pour supporter des marques numériques caractérisés par le genre de marque numérique, p.ex. forme, nature, code
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/14 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité utilisant plusieurs clés ou algorithmes
H04L 9/30 - Clé publique, c. à d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
G09C 5/00 - Appareils ou méthodes de chiffrement ou de déchiffrement non prévus dans les autres groupes de la présente sous-classe, p.ex. comportant la dissimulation ou la déformation de données graphiques telles que dessins, messages écrits ou imprimés
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
45 - Services juridiques; services de sécurité; services personnels pour individus
Produits et services
(1) Downloadable computer software that facilitates identity federation; downloadable computer software that facilitates multi-factor authentication and strong authentication in the field of digital security and identity verification; downloadable computer software that facilitates access control for web, mobile and application programmable interface (API), all in the field of digital security and identity verification; downloadable computer software that facilitates authorization policy services authentication in the field of digital security and identity verification; downloadable computer software that facilitates directory, identity provisioning and identity administration services in the field of digital security and identity verification; downloadable computer software that facilitates identity services auditing and reporting in the field of digital security and identity verification; downloadable computer software that facilitates identity federation and access management services in the field of digital security and identity verification (1) Software as a service (SAAS) services, namely, hosting non-downloadable computer software for use by others that facilitates identity federation, multi-factor and strong authentication, access control for web, mobile and application programmable interface (API)
(2) Identity verification services, namely, providing user authentication between two or more entities in the field of digital security
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
45 - Services juridiques; services de sécurité; services personnels pour individus
Produits et services
(1) Downloadable computer software that facilitates identity federation; downloadable computer software that facilitates multi-factor authentication and strong authentication in the field of digital security and identity verification; downloadable computer software that facilitates access control for web, mobile and application programmable interface (API), all in the field of digital security and identity verification; downloadable computer software that facilitates authorization policy services authentication in the field of digital security and identity verification; downloadable computer software that facilitates directory, identity provisioning and identity administration services in the field of digital security and identity verification; downloadable computer software that facilitates identity services auditing and reporting in the field of digital security and identity verification; downloadable computer software that facilitates identity federation and access management services in the field of digital security and identity verification (1) Software as a service (SAAS) services, namely, hosting non-downloadable computer software for use by others that facilitates identity federation, multi-factor and strong authentication, access control for web, mobile and application programmable interface (API)
(2) Identity verification services, namely, providing user authentication between two or more entities in the field of digital security
09 - Appareils et instruments scientifiques et électriques
Produits et services
Downloadable computer software that facilitates identity federation; multi-factor and strong authentication; access control for web, mobile and application programmable interface (API) all of the foregoing in the field of authorization policy services; directory, identity provisioning and identity administration services; identity services auditing and reporting; and other identity and access management services in the field of digital security and identity verification; Software for API traffic security; software for API activity monitoring and attack detection and reporting; security software for data, applications, and computer systems accessed via API or other programmatic methods; software for reporting programmatic interface traffic activity; software for reporting API traffic activity; software for computer network security; software for cloud-based computer security; software for monitoring computer networks; software for detecting computer network intrusion; software for monitoring and maintaining network security; computer software for use in the safeguarding of network data or network services; computer software for detecting security threat; computer software for analyzing attacker behavior within computer networks; computer software for discovering, documenting, and analyzing attacker tools and methods; computer software for exporting computer security threat information and for creating attack signatures to safeguard computer networks; software for firewall protection in computer networks, monitoring incoming and outgoing data carried by a computer network, detecting and reporting computer network intrusions, and computer network security management; software for securing API traffic across hybrid clouds; software for protecting computers and network services from attack; Computer, network, and telecommunications software for providing active protection for network servers and network adapters by detecting packet content, detecting network traffic, recording packet content or network traffic, capturing packet content or network traffic, monitoring packet content or network traffic, filtering packet content or network traffic, attack blocking, namely, blocking or rate limiting network traffic, event management and reporting; Software for creating, centrally managing, maintaining, and executing firewall filters, content filters, and access control; Software for implementing network packet brokers, intrusion prevention systems and network load balancers; Software for monitoring, analyzing or reporting of network information, data, and traffic
78.
Electronic identification verification methods and systems with storage of certification records to a side chain
Method of certification including receiving user data at a device of a certifying entity. The method includes generating a salt that is unique. The method includes hashing the data combined with the salt to create a generated hashed data. The method includes generating a certification record based on signing the generated hashed data using a private key of the certifying entity to create a signed certification of the data. The method includes hashing the certification record. The method includes transmitting the hashed certification record to a blockchain for storing. The method includes receiving a certification tx-ID of the hashed certification record. The method includes generating a certification data block including the certification record and the certification tx-ID. The method includes storing the certification data block to a side chain.
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
G06Q 20/06 - Circuits privés de paiement, p.ex. impliquant de la monnaie électronique utilisée uniquement entre les participants à un programme commun de paiement
G06K 7/14 - Méthodes ou dispositions pour la lecture de supports d'enregistrement par radiation corpusculaire utilisant la lumière sans sélection des longueurs d'onde, p.ex. lecture de la lumière blanche réfléchie
G06Q 20/38 - Architectures, schémas ou protocoles de paiement - leurs détails
G06F 7/58 - Générateurs de nombres aléatoires ou pseudo-aléatoires
79.
Electronic identification verification methods and systems
Method of certification including receiving user data at a certification device of a certifying entity, and receiving a registration tx-ID of the data, wherein the registration tx-ID was generated from a blockchain when receiving and storing a signed hash value of the data for registration signed using a private key of the user, wherein the hash value of the data was generated using a registration hash algorithm. The method includes generating a salt that is unique. The method includes hashing the data combined with the salt to create generated hashed data. The method includes signing the generated hashed data using a private key of the certifying entity to create a signed certification of the data. The method includes transmitting the signed certification of the data to a blockchain for storing. The method includes receiving a certification tx-ID of the signed certification of the data.
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
G06Q 20/06 - Circuits privés de paiement, p.ex. impliquant de la monnaie électronique utilisée uniquement entre les participants à un programme commun de paiement
G06K 7/14 - Méthodes ou dispositions pour la lecture de supports d'enregistrement par radiation corpusculaire utilisant la lumière sans sélection des longueurs d'onde, p.ex. lecture de la lumière blanche réfléchie
G06Q 20/38 - Architectures, schémas ou protocoles de paiement - leurs détails
G06F 7/58 - Générateurs de nombres aléatoires ou pseudo-aléatoires
Systems and methods for managing the identity of a user are provided. One example includes receiving personal data identifying the user to define input data. The receiving of personal data is via an application that enables entry of said personal data for verifying the identity of the user by third parties. Then, executing a hash of the input data for generating a hash value. The method includes executing, responsive to input via a user accessible interface of the application, instructions for transmitting the hash value to a block chain over a network connection. The application is configured for receiving back from the block chain a transaction number corresponding to the hash value transmitted to the block chain. Then providing said personal data identifying the user and the transaction number to a third party for verifying the identity of the user. The third party is configured to generate a second hash value using at least part of the personal data. The third party is configured to use the transaction number to retrieve the hash value from the block chain and compare the second hash value with the hash value retrieved from the block chain. If said second hash value matches the retrieved hash value the identity of the user is considered verified by the third party.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
81.
Method, System and apparatus for synchronizing changes in a directory service
In a directory service, a sync request requesting changes to a dataset is received from a sync client, the sync request comprising a token, and sync requests containing tokens are sent to first and second directory servers. Changes are returned by the directory servers with tokens, and the changes are returned to the sync client with a unified token. In embodiments, the changes returned to the sync client are new to the sync client. Also disclosed is a method where a request for new changes to a dataset is received from a sync client, the request including a token, and a response that contains a token and changes that are new to the sync client is returned.
A method of confirming receipt, including iteratively capturing by a receiving device visual codes in a series of visual codes displayed on a sending device. A corresponding captured visual code being from a display block that resulted from a partition of an original data file into display blocks, and wherein each display block is converted to a corresponding string and header including an ordered identifying display block number and a total count of the display blocks. Each corresponding string is converted to a corresponding visual code. Each of the captured visual codes is converted into a corresponding string and a header is read for the corresponding string. Captured display blocks are determined. A confirmation message is generated including information indicating which display blocks have been received. The confirmation message is sent over a wireless communication link to the sending device to reduce the number of visual codes being displayed.
G06K 17/00 - Méthodes ou dispositions pour faire travailler en coopération des équipements couverts par plusieurs des groupes principaux , p.ex. fichiers automatiques de cartes incluant les opérations de transport et de lecture
G06K 7/10 - Méthodes ou dispositions pour la lecture de supports d'enregistrement par radiation corpusculaire
G06K 7/14 - Méthodes ou dispositions pour la lecture de supports d'enregistrement par radiation corpusculaire utilisant la lumière sans sélection des longueurs d'onde, p.ex. lecture de la lumière blanche réfléchie
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
G09C 5/00 - Appareils ou méthodes de chiffrement ou de déchiffrement non prévus dans les autres groupes de la présente sous-classe, p.ex. comportant la dissimulation ou la déformation de données graphiques telles que dessins, messages écrits ou imprimés
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
83.
Methods and systems for API deception environment and API traffic control and security
The present invention relates to the field of networking and API/application security. In particular, the invention is directed towards methods, systems and computer program products for Application Programming Interface (API) based flow control and API based security at the application layer of the networking protocol stack. The invention additionally provides an API deception environment to protect a server backend from threats, attacks and unauthorized access.
The present invention relates to the field of networking and API/application security. In particular, the invention is directed towards methods, systems and computer program products for deep learning based API traffic analysis and network security. The invention provides an automated approach to threat and/or attack detection by machine learning based accumulation and/or interpretation of various API/application traffic patterns, identifying and mapping characteristics of normal traffic for each API, and thereafter identifying any deviations from the normal traffic parameter baselines, which deviations may be classified as anomalies or attacks.
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Downloadable computer software that facilitates identity federation, multi-factor and strong authentication of computer users and identity verification protocols, and access control for web, mobile and application programmable interfaces (API), all of the foregoing in the field of authorization policy services, directory, identity provisioning and identity administration services, identity services auditing and reporting, and other identity and access management services in the field of digital security and identity verification Software as a service (SAAS) services, namely, hosting non-downloadable computer software for use by others that facilitates identity federation, multi-factor and strong authentication of computer users and identity verification protocols, and access control for web, mobile and application programmable interfaces (API); identity verification services, namely, providing user authentication between two or more entities using digital certificates, multi factor authentication and strong identification protocols in the nature of Security Assertion Markup Language (SAML), OpenID Connect (OIDC), OAuth, WS-Fed, WS-Trust, Lightweight Directory Access Protocol (LDAP), System for Cross-domain Identity Management (SCIM), Fast Identity Online (FIDO), Universal Authentication Framework (UAF), FIDO Universal 2nd Factor (U2F), Web Authentication (WebAuthn), Client-to-Authenticator Protocol (CTAP), Open Authentication (OATH) protocols for one-time password (OTP), time-based one-time password (TOTP), HMAC-based One-Time Password (HTOP), and Public Key Cryptography Standards (PKCS) in the field of digital security for allowing user access to web, mobile and application programmable interfaces (API)
09 - Appareils et instruments scientifiques et électriques
Produits et services
Downloadable computer software that facilitates identity federation, multi-factor and strong authentication of computer users and identity verification protocols, and access control for web, mobile and application programmable interfaces (API), all of the foregoing in the field of authorization policy services, directory, identity provisioning and identity administration services, identity services auditing and reporting, and other identity and access management services in the field of digital security and identity verification
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Software as a service (SAAS) services, namely, hosting non-downloadable computer software for use by others that facilitates identity federation, multi-factor and strong authentication of computer users and identity verification protocols, and access control for web, mobile and application programmable interfaces (API); identity verification services, namely, providing user authentication between two or more entities using digital certificates, multi factor authentication and strong identification protocols in the nature of Security Assertion Markup Language (SAML), OpenID Connect (OIDC), OAuth, WS-Fed, WS-Trust, Lightweight Directory Access Protocol (LDAP), System for Cross-domain Identity Management (SCIM), Fast Identity Online (FIDO), Universal Authentication Framework (UAF), FIDO Universal 2 nd Factor (U2F), Web Authentication (WebAuthn), Client-to-Authenticator Protocol (CTAP), Open Authentication (OATH) protocols for one-time password (OTP), time-based one-time password (TOTP), HMAC-based One-Time Password (HTOP), and Public Key Cryptography Standards (PKCS) in the field of digital security for allowing user access to web, mobile and application programmable interfaces (API)
41 - Éducation, divertissements, activités sportives et culturelles
Produits et services
Educational services, namely, conducting seminars,
conference and workshops in the fields of security and
identity management; training services in the field of
security and identity management; arranging and conducting
educational conferences.
89.
Identity management service using a blockchain providing certifying transactions between devices
Logic on a first remote device receives a first transaction number and personal data transmitted from a second remote device. The first transaction number was received from a distributed public database in response to a transmission, from the second remote device, of a signed hash value and a first public key associated with a first private key on the second remote device. The signed hash value was created by signing a hash value with the first private key and the hash value was generated by hashing the personal data with a hashing algorithm on the second remote device. The logic uses the first transaction number to retrieve the signed hash value and the first public key from the distributed public database. The logic hashes the personal data using the hashing algorithm to create a generated hash value and verifies the signed hash value against the generated hash value.
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
G06Q 20/40 - Autorisation, p.ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasin; Examen et approbation des payeurs, p.ex. contrôle des lignes de crédit ou des listes négatives
H04L 9/30 - Clé publique, c. à d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/14 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité utilisant plusieurs clés ou algorithmes
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
G06Q 20/02 - Architectures, schémas ou protocoles de paiement impliquant un tiers neutre, p.ex. une autorité de certification, un notaire ou un tiers de confiance
G06Q 20/32 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des dispositifs sans fil
G06Q 20/38 - Architectures, schémas ou protocoles de paiement - leurs détails
G06F 21/34 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p.ex. clés électroniques ou cartes à puce intelligentes
G06F 21/64 - Protection de l’intégrité des données, p.ex. par sommes de contrôle, certificats ou signatures
G06K 19/06 - Supports d'enregistrement pour utilisation avec des machines et avec au moins une partie prévue pour supporter des marques numériques caractérisés par le genre de marque numérique, p.ex. forme, nature, code
H04W 12/00 - Dispositions de sécurité; Authentification; Protection de la confidentialité ou de l'anonymat
90.
METHODS AND APPARATUS FOR ASSESSING AUTHENTICATION RISK AND IMPLEMENTING SINGLE SIGN ON (SSO) USING A DISTRIBUTED CONSENSUS DATABASE
In some embodiments, a method includes receiving, from a client compute device and at a server, a request to access a resource. The request can include an identifier associated with the client compute device. The method can further include accessing risk information associated with the client compute device from an instance of a distributed database at the server using the identifier. The risk information is provided to the distributed database by a set of compute devices. Each compute device from the set of compute devices implements a different instance of the distributed database. The risk information can be analyzed to identify an access decision and a level of access to the resource can be granted to the client compute device based on the access decision.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
H04L 29/08 - Procédure de commande de la transmission, p.ex. procédure de commande du niveau de la liaison
G06F 9/50 - Allocation de ressources, p.ex. de l'unité centrale de traitement [UCT]
G06F 12/14 - Protection contre l'utilisation non autorisée de mémoire
G06F 15/173 - Communication entre processeurs utilisant un réseau d'interconnexion, p.ex. matriciel, de réarrangement, pyramidal, en étoile ou ramifié
41 - Éducation, divertissements, activités sportives et culturelles
Produits et services
(1) Educational services, namely conducting seminars, conferences and workshops in the fields of digital security and customer, employee and partner identity management; Training services in the field of digital security and customer, employee and partner identity management; Arranging and conducting educational conferences in the fields of digital security and customer, employee and partner identity management.
09 - Appareils et instruments scientifiques et électriques
41 - Éducation, divertissements, activités sportives et culturelles
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Downloadable computer software that facilitates identity
federation in the field of digital security and identity
verification. Educational services, namely, conducting seminars,
conference and workshops in the fields of security and
identity management; training services in the field of
security and identity management; arranging and conducting
educational conferences. Software as a service (SAAS) services, namely, hosting
non-downloadable computer software for use by others that
facilitates identity federation in the fields of digital
security, identification, best practices, and content
distribution.
93.
Method and system for authenticated login using static or dynamic codes
Method of authentication including sending a login web page to a first device of a user including a scannable code having an envelope ID and a login challenge. The envelope ID generated by an identity manager is associated with a first envelope of data including a session ID. A confirmation login request is received from a second device associated with the user, and includes a second envelope of data comprising the session ID, a user ID, and a seal of the user ID registering the user ID with the identity manager. The confirmation login request to the login challenge is verified using the session ID, and the user is verified using the user ID and seal. User login is authorized upon successful verification of the login challenge and user, and a communication session having the session ID is established between the web server and the first device.
G06F 21/64 - Protection de l’intégrité des données, p.ex. par sommes de contrôle, certificats ou signatures
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
94.
Transferring data files using a series of visual codes
Software on an image-capturing device iteratively captures a visual code in a series of visual codes displayed in a repeating progression on a screen of a mobile device. The visual code was generated from a display block that resulted from a partition of an original data file into a series of display blocks of at least a specified size. The software converts the visual code back into a display block and reads a header for the display block, discarding the display block if it has already been captured, as determined by the ordered identifying block number in a header. The software stops the iterative capturing when all of the display blocks in the series have been captured, as determined by the count in the header and coalesces the captured display blocks into the original data file, using an order determined by the ordered identifying block numbers.
G06F 17/00 - TRAITEMENT ÉLECTRIQUE DE DONNÉES NUMÉRIQUES Équipement ou méthodes de traitement de données ou de calcul numérique, spécialement adaptés à des fonctions spécifiques
G06K 7/10 - Méthodes ou dispositions pour la lecture de supports d'enregistrement par radiation corpusculaire
G06K 7/14 - Méthodes ou dispositions pour la lecture de supports d'enregistrement par radiation corpusculaire utilisant la lumière sans sélection des longueurs d'onde, p.ex. lecture de la lumière blanche réfléchie
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/30 - Clé publique, c. à d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
H04L 9/14 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité utilisant plusieurs clés ou algorithmes
G06K 19/06 - Supports d'enregistrement pour utilisation avec des machines et avec au moins une partie prévue pour supporter des marques numériques caractérisés par le genre de marque numérique, p.ex. forme, nature, code
09 - Appareils et instruments scientifiques et électriques
41 - Éducation, divertissements, activités sportives et culturelles
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
(1) Downloadable computer software that facilitates identity federation in the field of online digital security and online identity verification (1) Educational services, namely conducting seminars, conferences and workshops in the fields of online digital security and customer, employee and partner identity management; training services in the field of online digital security and customer, employee and partner identity management; arranging and conducting educational conferences in the fields of online digital security and customer, employee and partner identity management
(2) Software as a service (SAAS) services, namely, hosting non-downloadable computer software for use by others that facilitates identity federation in the fields of online digital security, customer, employee and partner identification, best practices for online identity verification, and content distribution via the internet
09 - Appareils et instruments scientifiques et électriques
35 - Publicité; Affaires commerciales
42 - Services scientifiques, technologiques et industriels, recherche et conception
45 - Services juridiques; services de sécurité; services personnels pour individus
Produits et services
Downloadable computer software that facilitates multi-factor
authentication and strong authentication in the field of
digital security and identity verification. Arranging, organizing and conducting collaborative meetings
in the field of enterprise security solutions, namely,
identity and access security, authentication services,
directory services, enterprise mobility management, cloud
governance and threat and fraud detection. Software as a service (SAAS) services, namely, hosting
non-downloadable computer software for use by others that
facilitates multi-factor authentication and strong
authentication in the field of digital security and
identification. Identity verification services, namely, providing user
authentication between two or more entities in the field of
digital security.
98.
Methods and systems for API proxy based adaptive security
The invention concerns API proxy based adaptive security. The invention implements adaptive security for API servers, while avoiding data bottlenecks and maintaining client experience. The invention provides methods and configurations for API security that may be employed at proxies for implementing routing decisions involving client messages received at said proxies. The invention also involves generating or collecting at proxies, log information that captures data corresponding to received client messages and responses from API servers—which log information correlates communications between clients, proxies and backend API servers, and includes data relevant for purposes generating API metrics and identifying anomalies and/or indicators of compromise. The invention yet further provides security server clusters configured for generating API metrics and/or identify anomalies or indicators of compromise—which may be used by proxies to terminate existing connections and block subsequent requests or messages from clients associated with the identified anomalies or indicators of compromise.
The invention enables high-availability, high-scale, high security and disaster recovery for API computing, including in terms of capture of data traffic passing through proxies, routing communications between clients and servers, and load balancing and/or forwarding functions. The invention inter alia provides (i) a scalable cluster of proxies configured to route communications between clients and servers, without any single point of failure, (ii) proxy nodes configured for implementing the scalable cluster (iii) efficient methods of configuring the proxy cluster, (iv) natural resiliency of clusters and/or proxy nodes within a cluster, (v) methods for scaling of clusters, (vi) configurability of clusters to span multiple servers, multiple racks and multiple datacenters, thereby ensuring high availability and disaster recovery (vii) switching between proxies or between servers without loss of session.
The invention provides methods, computer program products, proxies and proxy clusters configured for forwarding, routing and/or load balancing of client requests or messages between multiple different APIs and/or multiple instances of an API. The invention further provides for efficient session information based routing of client requests for a target API, wherein multiple instances of the target API are simultaneously implemented across one or more API servers. The invention additionally enables separation of a control plane (i.e. control logic) and run time execution logic within a data plane within proxies in a proxy cluster, and also enables implementation of a plurality of data planes within each proxy—thereby ensuring security, high availability and scalability. An invention embodiment additionally implements two-stage rate limiting protection for API servers combining rate limiting between client and each proxy, and rate limiting between a proxy cluster and a server backend.
