Abstract: This disclosure describes techniques for authenticating one or more devices of a user in association with cloud computing services. The techniques include generating credential portions. The credential portions may be used in a signing protocol between one of the user devices and a cloud authenticator. The signing protocol may generate a signature that may be used in authentication with a cloud computing service. In some cases, the credential portions may be shared with other devices of the user. As such, the cloud authenticate may assist multiple user devices to authenticate with the cloud computing service.

Abstract: A computer implemented system and method for acquisition of advance consent for each instance of PII use includes the steps of receiving reference specimens for a user, electronically storing the reference specimens on a distributed block chain. When PII of the user is to be used, a consent session is electronically requested for the user. Consent-session specimens are electronically received from the user in response to the electronic request for the consent-session after completion of the consent session. The consent-session specimens include a video of the user making an affirmative consent statement, a photograph of fingerprints of the user, and a photograph of identification (ID) credentials of the user. A degree to which each of the consent-session specimens from the user match the reference specimens for the user is electronically determined and the transaction information is electronically stored on the distributed block chain.

Abstract: In an embodiment, a method includes receiving, by a processor and from a user device associated with a user, a request to access a service associated with a first protocol. The method further includes receiving, by the processor, a virtual credential of the user authorized by an authorizing entity. The virtual credential is compliant with a second protocol different than the first protocol. The method further includes verifying, by the processor, that the virtual credential is authorized by the authorizing entity. The method further includes transforming, by the processor, the virtual credential to generate a transformed virtual credential compliant with the first protocol. The method further includes sending, by the processor, a representation of the transformed virtual credential to the service. The method further includes verifying, by the processor and after the sending, that the transformed virtual credential is valid.

Abstract: Run-time attestation of a workspace including deploying, at a client information handling system, an application broker, the application broker including a model that defines characteristics of a computer-implemented application accessible through a server information handling system; establishing a trust relationship between a control vault system of the client information handling system and the server information handling system; provisioning entitlements, by the application broker, that are associated with the computer-implemented application at the client information handling system; identifying an execution of the entitlements at the client computing device, and comparing the execution of the entitlements with the model; determining, based on the comparing, a violation of the model, and in response, procuring a trust challenge from the server information handling system; generating, by the application broker and in response to the trust challenge, an attestation of the trust relationship between the con

Abstract: A method includes receiving, at an access node of a local network, a connection request from a device and in response to the connection request, establishing a connection with an identity provider. The device, the access node, the local network, and the identity provider are members of an identity federation. The method further includes receiving an indication that the device previously violated a network policy of a network different from the local network and after the device is authenticated with the identity provider, determining, by the access node and based on the indication, whether to allow the device to communicate over the access node.

Abstract: One example method includes correlating trust scoring with authentication levels. Trust scores are protected in a computing system such that devices can be validated. Authentication levels are based on the verified trust scores.

Abstract: Methods, systems, and devices are described for orchestrating server management in a modern IT network. The described techniques may be implemented to manage any number of networked severs, whether local, remote, or both. Server orchestration may leverage a central, cloud-based management system and/or one or more autonomous agents installed on servers with the network. The autonomous agents may each be registered with the supervisory server and may have awareness of one another.

Abstract: System and methods of brokering trust across multiple Authentication and Authorization methods in a multi-domain, multi-operator, private and public cloud networks are identified. A Digital Trust Broker (DTB) is disclosed that brokers trust between infrastructure authentication methods that use digital certificates (PKI) and operator/enterprise Authentication/Authorization methods through interaction with multiple operator/service provider control and management platforms. The Digital Trust Broker interacts with vendor management and security platforms for associating device manufacturing, assembly, supply-chain, and logistics attributes for assuring trust of compute, network, storage and other system components that a high security enterprise or service provider acquires and installs in their networks. Additionally, methods of generating enhanced certificates for secure network slices and other Cloud and SDN hosted virtual network functions as trust assured services are also disclosed.

Abstract: A client application establishes a connection between the client application and an origin server over one or more networks. The application generates a request to establish a secure session with the origin server over the connection. The request includes information, in a header of the request, that flags traffic sent during the secure session to a network of the one or more networks as subject to one or more optimizations performed by the network. Subsequent to establishing the secure session, the application encrypts the traffic in accordance with the secure session and sends the traffic to the origin server over the connection, subject to the one or more optimizations. The infrastructure service applies the one or more optimizations to the traffic as it passes through the edge network to the origin server.

Abstract: An embodiment of a semiconductor apparatus may include technology to receive data with a unique identifier, and bypass encryption logic of a media controller based on the unique identifier. Other embodiments are disclosed and claimed.

Abstract: A third-party server, delegated by organizations to manage application environment, may maintain a plurality of guided workflow plans. At least one of the guided workflow plans may include one or more steps associated with setting up an interaction control policy. The third-party server may receive an interaction report associated with the organization. The interaction report may include metadata of one or more devices that interacted with other devices. The third-party server may identify a particular device to which existing interaction control policies of the organization are inapplicable. The third-party server may search for additional out-of-band information of the particular device using the metadata in the interaction report. The third-party server may select an applicable guided workflow plan for setting up an applicable interaction control policy for the particular device. A guided workflow may be presented via a graphical user interface according to the applicable guided workflow plan.

Abstract: A computer system may receive one or more requests for access to one or more cloud services and may store the one or more requests in a request log. The computer system may receive one or more access rules applicable to cloud service access rights. The computer system may aggregate the one or more requests of the request log to determine access requirements for a container, the container being configured to store one or more applications. The computer system may generate and store container access policies that define access of a container and the one or more cloud services, the container access policies based at least in part on the aggregated one or more requests and the one or more access rules. The computer system may send the container access policies to a request forwarder of a compute instance in a production environment.

Abstract: Techniques are described for detecting and attributing automatic unauthorized redirects originating from executable code contained within an advertisement hosted within a web page or application displayed on an end user's mobile or desktop computing devices.

Abstract: An example network security and threat assessment system is configured to determine, based on one or more events that have occurred during execution of one or more applications, a potential security vulnerability of a target computing system, where the one or more events correspond to a node represented in the hierarchical risk model. The system is further configured to identify, based on a mapping of the node represented in the hierarchical risk model to a node represented in a hierarchical game tree model, one or more actions that are associated with the potential security vulnerability and that correspond to the node represented in the hierarchical game tree model, and to output, for display in a graphical user interface, a graphical representation of the potential security vulnerability and the one or more actions associated with the potential security vulnerability.

Abstract: This disclosure relates to systems and methods for managing connected devices and associated network connections. In certain embodiments, trust, privacy, safety, and/or security of information communicated between connected devices may be established in part through use of security associations and/or shared group tokens. In some embodiments, these security associations may be used to form an explicit private network associated with the user. A user may add and/or manage devices included in the explicit private network through management of various security associations associated with the network's constituent devices.

Abstract: Methods, computer-readable media, software, and apparatuses may assist in proactively warning a consumer they are a victim or possible target of a cyber-attack or cyber-threat. To discover whether a consumer may be a victim, the methods, computer-readable media, software, and apparatuses will monitor the Surface Web, Deep Web, and Dark Web for potential cyber-threats and cyber-attacks. If one is discovered, the methods, computer-readable media, software, and apparatuses will compare the criteria of victims of targeted in the cyber-attack and compare that criteria with consumer profiles. If a consumer profile matches the criteria, the methods, computer-readable media, software, and apparatuses will notify the consumer of the threat.

Abstract: In one embodiment, a device in a network receives an attack mitigation request regarding traffic in the network. The device causes an assessment of the traffic, in response to the attack mitigation request. The device determines that an attack detector associated with the attack mitigation request incorrectly assessed the traffic, based on the assessment of the traffic. The device causes an update to an attack detection model of the attack detector, in response to determining that the attack detector incorrectly assessed the traffic.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for quantum entanglement authentication (QEA). An example method includes generating, at a first computing device, a first number based on a subset of a first set of entangled quantum particles comprised by a quantum authentication device and associated with the first computing device. Each entangled quantum particle in the first set of entangled quantum particles may be entangled with a respective entangled quantum particle in a second set of entangled quantum particles associated with a second computing device. The example method further includes transmitting an electronic identification of the subset of the first set of entangled quantum particles to the second computing device.

Abstract: A cyber-physical system may have a plurality of system nodes including a plurality of monitoring nodes each generating a series of current monitoring node values over time that represent current operation of the cyber-physical system. According to some embodiments, a watermarking computer platform may randomly inject a watermarking signal into an injection subset of the system nodes. The watermarking computer platform may then receive current monitoring node values over time and generate a current watermarking feature vector based on the current monitoring node values. The watermarking computer platform might comprise a dedicated watermarking abnormality detection platform or a unified abnormality detection platform (e.g., that also uses data-drive feature vectors). The injection subset may be associated with a randomly selected subset of the system nodes and/or magnitudes of watermarking signals that are randomly selected.

Abstract: Provided is a computing device of a group based communication system configured to securely validate a client device associated with a group-based communication interface user. An example computing device is configured to identify a validating request transmitted from the client device. If a validating request is identified, the example computing device will transmit a temporary device code to the client device associated with the group-based communication interface user and an e-mail code to an e-mail address associated with a user profile associated with the group-based communication interface user. The example computing device also stores the codes transmitted. The example computing device then receives a confirmation exchange from the client device and determines whether the confirmation exchange satisfies client device validation parameters.