This disclosure generally relates to a method for authenticating a user in a digital or physical environment. The method includes receiving an identity verification request based on input provided by a user to be verified, receiving a facial and audio recognition sample from the user, transmitting the facial and audio recognition sample to one or more third party entities with a request to verify that the facial and audio recognition sample represents the user, receiving an indication from at least one of the third party entities that the user is verified, and verifying that the user who provided the facial and audio recognition sample is the person the user purports to be.

A computing system identifies a third-party dependency to be added to a codebase. The third-party dependency is hosted on a third-party server. The computing system downloads the third-party dependency within a secure runtime environment. The computing system generates a signature value for the third-party dependency. The computing system compares the signature value to a database of signature values of approved third-party dependencies. Upon determining that the signature value does not correspond to any signature values of the approved third-party dependencies, the computing system executes the third-party dependency within the secure runtime environment. The computing system monitors the execution of the third-party dependency within the secure runtime environment to identify suspicious activity. Upon determining that the third-party dependency is not exhibiting suspicious activity, the computing system adds the signature value to the database of signature values of approved third-party dependencies.

Broadly speaking, embodiments of the present techniques provide methods and systems to enable a user to securely and privately share their data with selected third parties in a way that ensures the user retains at least some control over their data at all times. Thus, the present techniques enable a user to benefit from the results of sharing their data (e.g. access to health related products or services kudos or a reward), without losing control of their data and without unauthorised use of their data. A user may add user data items into a storage and may specify for each user data item a permission setting that specifies whether or not the user data item may be shared, who it can be shared with or for what purpose it can be shared. A third party who is granted access to a user data item is able to access the user data item via a secure portal, but is not able to remove, download or copy the data item from the storage itself. Thus, unauthorised use or sharing of user data is prevented.

The present disclosure relates to a computer-implemented method of distributing a delta update of a firmware, comprising: sending a first verification request to a device for a first attestation report generated based on an existing version of the firmware installed on the device; receiving a first evaluation for the first attestation report from a trusted third party; determining based on the first evaluation whether the device is secure; and sending a delta update to the device upon determining that the device is secure.

A network device for enforcing an authorization policy to a database includes identifying an authorization policy based on declarative designations of a set of objects, subjects and actions affected by an access request, and distributing the executable entity to a plurality if endpoints of a network of users. Each endpoint of the plurality of endpoints has one or more client applications. The endpoint embeds the executable entity in the client application, the executable entity responsive to access requests from the client application, and the endpoint node grants the access request based on evaluating the access request against the authorization policy, evaluating based only on instructions in the executable entity.

A system and a method are provided for facilitating the security of sets of credentials. The system and method allow a user to lock or unlock a credential set of at least one user account. The user attempts to access the user account as standard procedure. Before a service provider goes through an authentication process, a third-party server of a service provider requests a token from the system. Based on if the credential set is in a locked status or unlocked status, at least one remote server of the system respectively relays an invalidation token or a validation token to the third-party server. If the invalidation token is relayed to the third-party server, the service provider does not go through the authentication process. If the validation token is relayed to the third-party server, the service provider proceeds with the authentication process as standard procedure.

Security techniques for device assisted services are provided. In some embodiments, secure service measurement and/or control execution partition is provided. In some embodiments, implementing a service profile executed at least in part in a secure execution environment of a processor of a communications device for assisting control of the communications device use of a service on a wireless network, in which the service profile includes a plurality of service policy settings, and wherein the service profile is associated with a service plan that provides for access to the service on the wireless network; monitoring use of the service based on the service profile; and verifying the use of the service based on the monitored use of the service.

Systems, computer program products, and methods are described herein for securely managing device communication. The present invention may be configured to provide, to another system, staging information including a digital certificate, a PIN, and a protocol for storing on a device, receive from the device a request to connect to an internal network after user input of the PIN, receive a digital certificate from the device, establish a wireless connection between the device and the internal network, and cause the device to delete the PIN. In some embodiments, the system is configured to permit communication from the device to the other system for a predetermined time window. In some embodiments, the system receives updates from the other system, via an external network, and the system sends the updates to the device, via the internal network.

A personalized card may be generated using a card-personalization system accessible via multiple access points on a network. In some aspects, the personalized card may include a physical card having an image selected by a user in a card-personalization process. The user may be assigned a code that may both authenticate the user to access the card-personalization system and identify a position of the user in the card-personalization process. The card-personalization process may include a selection process for selecting an image, an approval process for approving the image, and a creation process for generating the personalized card including the image.

This disclosure relates to systems, methods, and computer-readable media for identifying an asset privacy management trigger on an end-user device related to a third-party application. In response to identifying the asset privacy management trigger, a privacy selection interface to enable a user to select a limited asset access option is displayed. In response to the limited asset access option being selected, an asset selection interface is displayed, where the asset selection interface is configured to define a sub-set of assets of the end-user device as authorized for the third-party application based on user selection. In response to a subsequent request to access assets of the end-user device by the third-party application, the third-party application is able to access only the defined sub-set of assets. For different third-party applications or scenarios, the asset privacy management triggers and asset sub-set definitions may vary.