Abstract: A central authentication service is for authentication of a user operating a computing device requesting access to a service provider. The central authentication service stores a universal group that includes principals from different types of identity providers, with the user of the computing device included as one of the principals. An access token generated by an identity provider associated with the computing device is received by the central authentication service. The central authentication service generates a universal token that includes group membership information for the universal group, and exchanges the access token with the universal token. The universal token is provided to the service provider, with the group membership information on the universal token to allow the service provider to determine if the user of the computing device has permission to access desired services.

Abstract: Techniques are provided for visualizing user access data and for configuring and enforcing location-based access policies.

Abstract: The described technology is generally directed towards providing unified analytics and troubleshooting for enterprise software systems. According to an embodiment, a system can comprise a memory that can store computer executable components, and a processor that can execute the computer executable components stored in the memory. The computer executable components can comprise a remote service component that receives first information from an edge array installed in a second security zone, wherein the edge array employs an application programming interface of an application to generate the first information from the application on a server in the second security zone. The system can further comprise a processing component that processes the first information, resulting in second information. The system can further comprise a communication component that communicates the second information to the edge array.

Abstract: A computer-implemented method includes receiving, by an application, a request to copy application data of the application, where the application data includes sensitive data generated by the application. The application identifies each instance of the sensitive data in the application data. The application generates a clean copy of the application data, where generating the clean copy includes removing each instance of the sensitive data from the application data. The clean copy is returned responsive to the request to copy the application data.

Abstract: Example methods are provided for a network device to perform packet capture in a software-defined networking (SDN) environment. One example method may comprise detecting an egress packet that includes an inner header addressed from a first node to a second node; and identifying a security policy applicable to the egress packet by comparing one or more fields in the inner header with one or more match fields specified by the security policy. The method may further comprise: based on the security policy, capturing the egress packet in an unencrypted form; performing encryption on the egress packet to generate an encrypted packet that includes the egress packet in an encrypted form; and sending the encrypted packet to the second node.

Abstract: A random code generator includes an address Y decoder, an address X decoder, a PUF entropy pool, a processing circuit and an entropy key storage circuit. The address Y decoder includes plural Y control lines. The address Y decoder selectively activates the plural Y control lines according to a first address Y signal. The address X decoder includes plural X control lines. The address X decoder selectively activates the plural X control lines according to a first address X signal. The PUF entropy pool generates an output data according to the activated Y control lines and the activated X control lines. When the random code generator is in a normal working state, the processing circuit processes the output data into a random code according to at least one entropy key from the entropy key storage circuit.

Abstract: Embodiments include method, systems and computer program products for securing content. Aspects include accessing, by a first user device, content, wherein the content includes a security profile associated with the content. The content is displayed on a display for the first user device. An input is received by the first user device. The input is analyzed to determine that the input is in compliance with the security profile associated with the content and based at least in part on determining the input is not in compliance with the security profile associated with the content, a portion of the content is transmitted to a second user device.

Abstract: A communication device includes a directional antenna, and a control circuit. The directional antenna has a directional radiation pattern for directing greater power of a transmitted signal in a specific direction. The control circuit is coupled to the directional antenna and determines an angle and a distance to another device. Based on the determined distance and angle to the another device, the control circuit selects a security level from a plurality of security levels for communication between the device and the another device. In another embodiment, a method for transmitting data between the first and second devices is provided.

Abstract: An authentication device that uses biometric authentication includes an acquisition unit configured to acquire first biometric information of a user, a storage unit configured to store second biometric information which is preregistered, a processing unit configured to obtain an authentication determination value based on similarity between the first biometric information acquired by the acquisition unit and the second biometric information stored in the storage unit, and a decision unit configured to decide a service providable to the user based on the authentication determination value and a plurality of thresholds to which different services are respectively assigned.

Abstract: A method and apparatus for providing two-step authentication is provided herein. During operation, the two parts of authentication comprise (1) something a user knows, for example, a password; and (2) a push-to-talk (PTT) communication over a predetermined talkgroup.

Abstract: An identity profile of a user is tracked using previous message communications of the user. A message identified as potentially from the user is received. The identity profile of the user is identified and obtained. Information is extracted from a header of the received message. A security risk assessment of the received message is determined at least in part by comparing the extracted information with one or more corresponding entries of the identity profile of the user. A security action is performed based on the determined security risk assessment.

Abstract: A method includes generating a core record identification (ID) associated with an electronic document. A processor sets one or more access rules indicative of whether the electronic document may be edited after saving the document. The one or more access rules are associated with at least one administrator ID of an administrative user. The method further includes determining, based on a core record ID, whether or not to obtain the electronic consent of a consenting party. The processor evaluates whether the first consenting party ID must provide an electronic consent to the electronic document based on one or more organization consent rules indicative of i) whether consent is required for each access of the computing resource, and ii) whether per-user consent or organizational consent is required. The processor provides access to the computing resource based at least in part on the first consenting party and the core record ID.

Abstract: Proxied multi-factor authentication using credential and authentication management in scalable data networks is described, including initiating a request by an extension to authenticate a browser to access a data network, the request being associated with an address and transmitted over HTTP, receiving at a proxy browser a first message from the data network in response to the request, the first message comprising authentication data, the authentication data being forwarded to a server in data communication with the proxy browser and the browser, sending a second message from the server to the extension, the second message comprising the authentication data, and transferring authentication data to the data network from the browser and the extension in response to an query from the data network.

Abstract: A method for creating rules for recognizing anomalies in a data stream of data packets. The method includes: providing a reference time signal having successive reference points in time; for at least two data portions from one or multiple data packets determined by a selected data packet type in a data stream section, ascertaining a time series of successive values of the relevant data portion, the values of the time series corresponding to the values of the relevant data portion or being a function of these values, the values of the relevant data portion each being assigned to a respective reference point in time of the respective reference points in time; carrying out a correlation method in order to ascertain, in each case, one correlation value for at least two different time series; creating a rule for the rule-based anomaly recognition method as a function of the ascertained correlation values.

Abstract: A method disclosed herein generally facilitates authenticating of an electronically-detectable device identifier against a user account identifier, such as a user-provided phone number, to ensure that a user account identified by the user account identifier is accessible by a user who is in possession of the electronic device having the device identifier.