Abstract: The system and method disclosed performs entity authentication through identification proofing. A relying party such as a corporation or other type of entity having a secure website, computer network and secure facility working a risk engine can determine the authenticity, validation and verification during registration of a user entity. The identification proofing is integrated with a risk engine. The risk engine is capable of using bio-behavior based information which may be continuously monitored.

Abstract: A communication device includes circuitry configured to acquire a digital certificate including information associated with a first attribute from a first device coupled to any of a plurality of devices sharing a distributed ledger having recorded therein a correspondence between an attribute of user information included in the digital certificate and a definition of the attribute, receive a request for information associated with a second attribute from a second device coupled to any of the plurality of devices, acquire a first definition associated with the first attribute, and a second definition associated with the second attribute, from any of the plurality of devices, and transmit a digital certificate including information associated with the first attribute to the second device together with a message notifying that the first attribute and the second attribute have the same definition, when the first definition and the second definition match.

Abstract: Disclosed herein is a computing device that includes a memory and a processor. The memory store processor executable instructions for an authentication system. The processor is coupled to the memory. The processor executes the authentication system to cause the computing device to generate a credential asset, which includes a unique name. The authentication system, also, fetches tokens for the credential asset using the unique name, calls a notification for each of the tokens, polls for a code of the credential asset, and utilizes the code for an authentication to run a job.

Abstract: A method and a system for providing access by an application to data stored in a security data zone of a cloud platform are provided. The method includes determining, in response to a query received from a querying application of the cloud platform, credentials for a security data zone based on determining whether a first access token included in the received query belongs to an application registered at an access manager module of the cloud platform, and whether the user specified in the received query is allowed to use the registered application. The method also includes determining a second access token to the querying application generated based on the determined credentials. The querying application uses a returned second access token to obtain access to data stored in the security data zone to be processed by the querying application.

Abstract: Methods, system, and apparatus, including computer programs encoded on computer storage media for data processing are provided. One of the methods includes: establishing a logic contract of a blockchain and one or more data contracts corresponding to the logic contract; deploying the logic contract and the one or more data contracts in the blockchain; storing data of a target block in the blockchain into the one or more data contracts; computing a hash value of each of the one or more data contracts; and determining a hash value of the target block in the blockchain based on the hash value of each of the one or more data contracts.

Abstract: Embodiments perform bulk multifactor authentication (MFA) enrollment in an identity cloud management system. An entity can be created in the identity cloud management system, where the entity is issued a credential that includes a permissions scope for communicating with the identity cloud management system. A bulk set of user identities and MFA enrollment information including MFA security factors for the user identities and a status for the user identities can be received in association with the credential, where the MFA security factors include a mix of communication addresses and shared secrets. A subset of the user identities that include a status that indicates MFA enrollment can be enrolled, where the enrolling includes creating an MFA footprint for the subset of user identities within an MFA database, and each created MFA footprint includes a received MFA security factor.

Abstract: Systems and methods are disclosed for securely identifying a computing device via a web browser utilizing a customized digital font. In particular, in one or more embodiments, the disclosed systems and methods generate a customized digital font and install the customized digital font on a computing device. Moreover, the disclosed systems and methods utilize the customized digital font to identify the computing device. In particular, one or more embodiments include systems and methods that identify an element of a webpage rendered by the computing device utilizing the customized digital font and identify the client device based on the rendered element of the webpage.

Abstract: An information processing apparatus includes an authenticator that authenticates a user so that the user accesses plural resources on a network, an acquirer that acquires conditions that are related to a strength of authentication information and are provided differently for the respective resources, and a controller that controls, when the user accesses one resource out of the plural resources, access to the one resource based on a condition related to the strength for the one resource and strength information related to the strength of the authentication information of the user that is used by the authenticator.

Abstract: Described is a system for maintaining dual-party authentication requirements for data retention compliance in a distributed storage environment that includes servers or nodes with remote access components. When administering a data retention policy, an operating system component may require a dual-party authentication mechanism to prevent data deletion, while a different authentication mechanism may control access to the remote access components. Access to the remote access component by a single privileged user, however, may enable overriding or compromising the retention lock compliance implemented by the operating system. Accordingly, the system may tie the dual-party authentication requirement to the authentication mechanism of the remote access components.

Abstract: A certified application is installed onto a content creation device and a mobile certified application is installed onto a mobile device, the applications establish first and second trust relationships with the cloud service. The certified application and mobile certified application establish the third trust relationship via a proximity network. The mobile certified application generates a first ephemeral key pair having a private part. The certified application generates a second ephemeral key pair having a private part. The mobile certified application requests a service from the content creation device involving the transfer of data between the content creation device and the cloud service. The data is protected by at least one of the first and second ephemeral key pairs in response to invocation of the service. The service results in the data being stored at the cloud service and/or rendered at the content creation device.

Abstract: The concepts and technologies disclosed herein are directed to a website verification service. A system can receive, from a web server that hosts a website, a query for a set of authentication credentials (“credentials”) to be used to verify that the website is trustworthy. The system can generate and provide the credentials to the web server. The web server can, in turn, provide the credentials to a web browser device for presentation to a user via a web browser application executing on the web browser device. The system also can provide the credentials to a verifier device. The verifier device can present the credentials to the user via a verifier application executing on the verifier device. The user can compare the credentials presented via the web browser application to the credentials presented via the verifier application executing on the verifier device to determine whether the website can be trusted.

Abstract: Aspects of the current subject matter are directed to secure group file sharing. An architecture for end-to-end encrypted, group-based file sharing using a trusted execution environment (TEE) is provided to protect confidentiality and integrity of data and management of files, enforce immediate permission and membership revocations, support deduplication, and mitigate rollback attacks.

Abstract: Embodiments of the present invention disclose a method, a computer program product, and a computer system for a drone-based network vulnerability detection system. According to embodiments of the present invention, a drone receives routes and protocols for detecting and resolving network vulnerabilities. The drone identifies one or more electronic devices connected to one or more networks within an area of interest and detects one or more network vulnerabilities of the one or more electronic devices. If the drone detects a vulnerability, the drone updates a command center and identifies a resolution to the one or more network vulnerabilities. The drone then resolves the one or more network vulnerabilities based on the identified resolution.

Abstract: Embodiments are related to computing systems and methods for event based transfer of DID delegated authority. An indication is received that a first DID user is attempting to use a delegated DID on behalf of a second DID user. The first DID user has previously been delegated authority to use the delegated DID by operation of a legal relationship or a legal agreement between the first and second DID users. A determination is made if an event has occurred that has changed the legal relationship or the legal agreement between the first and second DID users. If an event has occurred, the delegation of authority to use the delegated DID is automatically revoked such that the first DID user is no longer able to use the delegated DID. If an event has not occurred, the first DID user is allowed to continue to use the delegated DID.

Abstract: A cloud computing environment receives a request from a client. The request relates to access of an application executing in the cloud computing environment and it encapsulates a certificate. This certificate is then translated into an authorization graph descriptor which, in turn, is used to traverse a certificate authorization graph to identify a match within a certificate repository. In response to the identification of the match, an access token is requested including the authorization graph descriptor. The access token is then encapsulated in the request which is then forwarded to an authentication service which provides access to the application if there is a match of the authorization graph descriptor against pre-defined authorization requirements. Related apparatus, systems, techniques and articles are also described.

Abstract: A server comprises a communications module; a processor coupled with the communications module; and a memory coupled to the processor and storing processor-executable instructions which, when executed by the processor, configure the processor to authenticate a user via a first authentication channel; receive, via the communications module and from a computing device associated with the user, a signal representing a request to transfer a first quantity of resources; determine that the first quantity of resources is less than a first threshold associated with the first authentication channel; obtain identity data associated with the request to transfer the first quantity of resources; determine, based on the identity data, that a request to transfer a second quantity of resources has been previously initiated by the user via a second authentication channel that is different than the first authentication channel; and determine that the sum of the first quantity of resources and the second quantity of resources i

Abstract: A system and a method of determining persistent presence of an authorized user while performing allowed operations on an allowed resource of the system while satisfying certain context-sensitive restrictions are disclosed. The system receives a request from a user to authenticate him/her. The system authenticates the user using biometric information of the user or any other authentication mechanism in a given context-sensitive restriction. If the user is authenticated, then the system allows the user to perform the allowed operation using the allowed resources in the context-sensitive restriction. If the authentication fails indicating that the user is an unauthorized user, then the system initiates a resolution process to halt or terminate the allowed operation to restrict or obfuscate the allowed operation from being accessed by the unauthorized user. In one embodiment, the system comprises an External Companion Device (ECD) paired with the system to perform the authentication and manage the allowed.

Abstract: A method for deploying a device to a local network hosted by a host device includes receiving a message causing the host device to request a piece of information from the device; requesting a determination if the received piece of information comprises data corresponding to an expected data pattern; if the received piece of information comprises data corresponding to the expected data pattern initiating a pairing with the device; and in response to the pairing generating an indication that the device is paired with the host device. A host device, a system and to a computer program product are also disclosed.

Abstract: Disclosed are various examples for distributed profile and key management. In one example, a client device can include an agent application and a PIV-D application. The agent application can receive a partially populated device profile generated by a management service to configure a setting on the client device. The PIV-D application can generate a derived credential and provide the derived credential to the agent application. The agent application can modify the partially populated device profile to include the credential to create a fully populated device profile and configure the client device in accordance with the fully populated device profile.

Abstract: Method and system for programming a power tool from an external device. The method includes establishing a first communication link with a server. The server includes a profile bank that includes mode profiles generated by a plurality of users. The method further includes receiving, over the first communication link, a list of mode profiles representing a subset of the mode profiles of the profile bank. The method further includes receiving, in response to user input from a first user on the external device, a selection of a mode profile. The method further includes transmitting, over the first communication link, the selection of the mode profile. The method further includes receiving, over the first communication link, the mode profile, the mode profile having been generated by a second user. The method further includes transmitting wirelessly, to the power tool, the mode profile to configure the power tool.