A secure element (SE) with a notion of time useful for checking secure items is disclosed herein. Methods of obtaining time information by the SE include push, pull, opportunistic, local interface, and multi-check methods. Time information can be obtained from a root certification authority (CA) and one or more subordinate CAs, which are associated with and subordinate to the root CA. The SE uses the time information for time management of time values stored in the SE. The SE also uses the time information in cooperation with certificate revocation lists (CRLs) and/or online certificate status protocol (OCSP) stapling procedures.

Certain embodiments involve extracting seasonal, level, and spike components from a time series of metrics data, which describe interactions with an online service over a time period. For example, an analytical system decomposes the time series into latent components that include a seasonal component series, a level component series, a spike component series, and an error component series. The decomposition involves configuring an optimization algorithm with a constraint indicating that the time series is a sum of these latent components. The decomposition also involves executing the optimization algorithm to minimize an objective function subject to the constraint and identifying, from the executed optimization algorithm, the seasonal component series, the level component series, the spike component series, and the error component series that minimize the objective function. The analytical system outputs at least some latent components for anomaly-detection or data-forecasting.

An example operation may include one or more of receiving a blockchain request from a client application in a blockchain network, receiving validity information of a timestamp included in the blockchain request from one or more endorsing nodes in the blockchain network, modifying the timestamp included in the blockchain request based on the validity information received from the one or more endorsing nodes, ordering the blockchain request among a group of blockchain requests based on the modified timestamp with respect to timestamps of other blockchain requests in the group, and storing the ordered group of blockchain requests within a data block among a hash-linked chain of data blocks.

Systems and methods for preventing fraud are disclosed. The system includes, for example, a front end device that is operatively coupled to a back end device. The front end device is configured to generate a first dynamic device identification based on dynamic device characteristics of the front end device. The back end device is configured to generate a second dynamic device identification based on the dynamic device characteristics of the front end device to authenticate the front end device. The front end device can also authenticate itself through an Internet of Things (IoT) device that has a trusted connection to the back end device.

The described technology provides a capability to perform in-session updates to entitlements associated with a user's access to content served by a web application. The content may be from one or more external servers. The technology provides for automatically detecting changes to entitlements, and without requiring a user of an active session to initiate a new session, updating entitlement data in a memory such that subsequent requests for data made by the client in the same active session are serviced using the updated entitlements.

A first request and a first identifier corresponding to an identity of a first source device that initiated the first request is received. At least a second source device is queried to obtain information indicative of whether the first source device is authorized to complete the first request. The second source device is configured to periodically gather and transmit data, over one or more networks, to one or more local processing devices or one or more remote devices for data analysis. The first request is blocked or authorized to proceed based at least in part on whether at least the first source device is authorized to complete the first request.

A system to generate a graphical user interface to display a presentation of a set of shared user groups between users of a social networking service is described. Embodiments of the present disclosure relate generally to systems for: receiving an identification of a second user from a user account of a first user; identifying a user group that includes the first user and the second user in response to the identification of the second user from the user account of the first user; retrieving user identifiers of the first user and the second user, wherein the user identifiers may include graphical avatars; generating a group identifier based on the user identifiers; and causing display of a presentation of the user group at a client device.

An information processing apparatus includes a first cryptographic communication control unit, a second cryptographic communication control unit, and a timeout control unit. The first cryptographic communication control unit issues an encrypted connection request to a communication destination node and performs cryptographic communication. The second cryptographic communication control unit issues, concurrently with the connection request by the first cryptographic communication control unit, a connection request by plain text to the communication destination node, establishes connection, and then performs cryptographic communication. The timeout control unit changes a period for a timeout set in advance for the connection request by the first cryptographic communication control unit in a case where a response to the connection request by the second cryptographic communication control unit is received from the communication destination node before a response to the connection request by the first cryptographic communication control unit is received from the communication destination node.

A method may include identifying a shared usage of a first network address and a second network address in a predetermined period of time. The method may also include clustering the first network address and the second network address based on the shared usage. The method may include determining a weighting factor between the first network address and the second network address based on the shared usage. The method may further include receiving a request that includes the second network address from a client device. The method may include determining that the request for the electronic activity does not include suspicious activity based on the first network address and the second network address being in the cluster. The method may further include permitting the electronic activity based on the determination that the request for the electronic activity does not include suspicious activity.

Using a secure portable reference to medical information, stored on a portable storage medium, various embodiments allow a patient to give to their doctor an easy-to-use access key that will enable access to desired medical information stored on a computer network. The secure portable reference provides greater transportability of medical records to a patient or medical data repository including a doctor's office, clinic, or hospital, while maintaining data security to satisfy medical data privacy regulations and expectations. Some described embodiments use encrypted information inside the secure portable reference to hide, for example, who is allowed access to the stored medical information, and the network location of the stored information. Some embodiments use a secret PIN to authenticate the user attempting access to the referenced medical information. The secure portable reference contains information on network resources used to enable download access to medical information, including medical records and medical images.