Techniques for computer security, and more specifically timestamp-based key generation techniques, are described. Some implementations provide a table of key generation processes that is shared as a secret between a first computing system and a second computing system, both of which have synchronized clocks. Both computing systems use the same technique for selecting a key generation process from the table, such as based on a random number generator seeded with a timestamp. Since the computing systems have synchronized clocks, they both select and use the same key generation process, thereby generating the same encryption key without the need to communicate the key from one system to another. Furthermore, both computing systems may synchronize their clocks to a private time server that maintains a clock that runs faster or slower than standard time. Security is maintained by one or more of restricting access to the time server, using secret key generation processes, and/or using a secret random number generator.

A Fine Time Measurement (FTM) authentication system and method include performing a FTM transaction comprising at least one FTM-ACK message pair transmitted and received via a first communication channel between two endpoints, where the at least one FTM-ACK message pair contains timestamp values of message departure time and message arrival time during the FTM transaction. At least one authenticating value indicative of timestamp values of the at least one FTM-ACK message pair arrival and departure times during the FTM transaction is then transmitted via a second communication channel. FTM timestamp values are recovered from the received at least one authenticating value, which are compared with the received FTM timestamp values. The received FTM timestamp values can be authenticated if there is a match between the recovered FTM timestamp values and the received FTM timestamp values.

A system is provided for enforcing time-based user access levels in a computing infrastructure of an organization. The system includes a processor and a computer readable medium operably coupled thereto, to perform operations which include executing a synchronization of the time-based user access levels, obtaining a first login identifier (ID) of a plurality of login IDs for a group of employees of the organization, identifying a position ID and an employment status ID for the first login ID, determining a current time and a last login timestamp for the first login ID, determining a time-based access rule for the group of employees, determining whether a time period from the last login timestamp to the current time violates the time-based access rule, and setting, for the synchronization of the first login ID, at least a first access level of the first login ID to computing resources.

An example apparatus includes: at least one memory; instructions in the apparatus; and processor circuitry to execute the instructions to: determine whether a census impression record corresponds to a panelist impression record by: comparing a first internet protocol (IP) address of the panelist impression record with a second IP address of the census impression record; and comparing a first timestamp of the panelist impression record with a second timestamp of the census impression record; and send a comparison result to a computer of an audience measurement entity, the comparison result indicative of a match confirming the census impression record corresponds to the panelist impression record of the audience measurement entity.

A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

A method of scheduling and validating a multiple-participant process, the method including: submitting, by a submitting node associated with a participant in the multiple-participant process, a proposed transaction by sending a cryptographically-protected message to one or more recipient nodes, wherein the cryptographically-protected message includes at least an unencrypted submessage readable by an external node and a cryptographically-protected submessage to preserve privacy from at least the external node; determining, by the external node, an order of the proposed transaction relative to other transactions; by way of at least some of the recipient nodes, validating the cryptographically-protected message; receiving a confirmation of validity of the cryptographically-protected message from at least some of the recipient nodes; finalizing the proposed transaction, as a confirmed transaction, based on receiving one or more confirmations from at least some of the recipient nodes that satisfy a confirmation condition; and writing the confirmed transaction to a distributed ledger according to the order determined by the external node.

A method includes displaying on a graphic user interface (GUI) of a computing device of a user, a log of computing operations performed by the user at computing terminals of entity servers respectively managed by entities. The user uses a unique authorization identifier provided by the authorizing entity to authorize the computing operations at the computing terminals of the entity servers. The user provides a fraud indication through the GUI that at least one computing operation in the log is fraudulent. Memory jogging visual units are displayed on the GUI to the user that cause the user to recall performing the at least one computing operation identified as being fraudulent. An entry of the at least one computing operation in an operation database is marked as a valid operation authorized by the user when receiving a recognition indication and potentially fraudulent when no recognition indication by the user.

Disclosed is an ultra-wideband (UWB) system and, more particularly, a UWB system using UWB ranging factor definition. The UWB system using the UWB ranging factor definition includes a memory in which a UWB ranging factor definition program is embedded and a processor which executes the program, wherein the program predefines UWB ranging factors to define a scrambled timestamp sequence (STS) index, an encryption key, and a nonce.

Disclosed herein are methods and systems for electronic authentication using delegated credentials to complete checkout and payment operations on a trusted device of a user. A computing system is structured to perform operations comprising receiving transaction information corresponding to an incomplete checkout operation, transmitting at least a subset of transaction information to a customer device, causing the customer device to generate and display a notification comprising a request for user authorization to complete the incomplete checkout operation, receiving customer input indicative of instructions to complete the incomplete checkout operation, and, responsive to receiving customer input, completing the incomplete checkout operation.

Disclosed are systems and methods of adding tags for use in detecting computer attacks. In one aspect, the system comprises a computer protection module configured to: receive a security notification, extract an object from the security notification, search for the extracted object in a threat database, add a first tag corresponding to the extracted object in the threat database only when the extracted object is found in the threat database, search for signs of suspicious activity in a database of suspicious activities based on the received security notification and the added first tag, and when at least one sign of suspicious activity is found, extract a second tag from the database of suspicious activities and add the second tag to an object database, wherein the object database is used for identifying signature of targeted attacks based on security notifications, objects, first tags and second tags.