Abstract: Disclosed is an electronic device including a communication module that performs communication with at least one external device, a memory that stores a list in which identification information for at least one security application involving user authentication is listed, a processor electrically connected to the communication module and the memory, wherein the processor transmits information for factory reset to at least one external device associated with the security application based on the identification information on the list when a factory reset event of the electronic device occurs. In addition, various embodiments understood through the disclosure may be possible.

Abstract: A method for authorization of internet of things (“IoT”) identity bootstrapping includes receiving from a device, at a network access server (“NAS”) of a user and in response to an attestation request sent to the device, a vendor network address of a vendor server of a vendor and a device identifier for the device. The method includes authenticating the vendor using the vendor network address and, in response to authenticating the vendor, sending the device identifier to the vendor server. The method includes communicating device attestation packets between the vendor server and the device. The device attestation packets validate the device to the vendor server. The method includes receiving device attestation from the vendor server. The device attestation indicating validity status of the device to the NAS. The method includes, in response to the device attestation indicating validity of the device, transmitting a new device identity to the device.

Abstract: A method for double anonymization of data includes: receiving, by a first computing system, a plurality of first data sets, each including a set identifier and personally identifiable information; anonymizing, by the first computing system, each of the first data sets, by hashing the set identifier included in each first data set to obtain a hashed identifier and deidentifying the personally identifiable information; transmitting, by the first computing system, the plurality of anonymized first data sets to a second computing system, wherein the second computing system is distinct and separate from the first computing system; anonymizing, by the second computing system, each of the anonymized first data sets, by hashing the hashed identifier to obtain a double-hashed identifier; and storing, in the second computing system or a third separate and distinct computing system, the plurality of double anonymized first data.

Abstract: A wireless system can be used to authenticate a user device via proximity information of wireless network devices. The system can include the user device, the wireless network devices, and a server. At least some of the wireless network devices can be wirelessly connected to the user device and at least some other wireless network devices can be wirelessly unconnected to the user device. The server can use proximity information about the user device with respect to the wireless network devices to authenticate a user.

Abstract: An encrypted file system key associated with a first secure enclave may be received. A request from a second secure enclave to access a file system associated with the encrypted file system key may be received. In response to receiving the request, the encrypted file system key may be decrypted with a cryptographic key associated with an enclave manager to obtain a file system key. The file system key may be encrypted based on another cryptographic key associated with the second secure enclave to generate a re-encrypted file system key. Furthermore, the re-encrypted file system key may be provided to the second secure enclave.

Abstract: A method of managing access to on-demand cloud services may comprise receiving at a PCaaS cloud management service information handling system log-in credentials from a remote information handling system via a low-power wide area network communication link, executing code instructions to determine if the log-in credentials are associated with an existing subscriber, if the log-in credentials are associated with an existing subscriber whose subscription is not expired, transmitting via the wireless adapter a verification of the log-in credentials to the remote information handling system, establishing via the wireless adapter a high-speed wireless communication link with the remote information handling system, and transmitting code instructions via the wireless adapter of one or more in-band applications associated with the existing subscriber via the high-speed wireless communication link.

Abstract: Roughly described, anomalous behavior of a machine-learned computer-implemented individual can be detected while operating in a production environment. A population of individuals is represented in a computer storage medium, each individual identifying actions to assert in dependence upon input data. As part of machine learning, the individuals are tested against samples of training data and the actions they assert are recorded in a behavior repository. The behavior of an individual is characterized from the observations recorded during training. In a production environment, the individuals are operated by applying production input data, and the production behavior of the individual is observed and compared to the behavior of the individual represented in the behavior repository. A determination is made from the comparison of whether the individual's production behavior during operation is anomalous.

Abstract: The present disclosure relates to a method for operating a transmitting device of a motor vehicle, in which method the transmitting device is operated in a private mode or in a transmitting mode. In the transmitting mode, the transmitting device transmits vehicle data to a computing device external to the vehicle. In the private mode, transmission of the vehicle data is stopped. A switchover from the transmitting mode into the private mode occurs as soon as a successful authentication of a specified user action has been captured.

Abstract: A method and apparatus for mixed-mode cloud/on-premise secure communication. The method includes commissioning an on-premise device, and connecting to web address via a client web browser using a name and a log in credential of a user; and verifying a login credential of a user at a cloud-based service and establishing communication with the client web browser if the login credential is authenticated, then permitting communication between the client web browser and the cloud based service.

Abstract: An authentication system handles authentication requests to apply introspection and policy enforcement. A policy server obtains a client security policy and an authenticator security policy. The policy server obtains an encrypted credential request with client metadata from a client and determines whether the client metadata satisfies the client security policy. The policy server provides the encrypted credential request to an authenticator device and obtains an encrypted credential response with authenticator metadata in response. The policy server determines whether the authenticator metadata satisfies the authenticator security policy. The policy server processes the encrypted credential response, without decrypting the encrypted credential request or the encrypted credential response, based on a determination of whether the client metadata satisfies the client security policy and the authenticator metadata satisfies the authenticator security policy.

Abstract: Provided are computer-implemented methods that may include receiving, via a communication network, a request to perform an online action from a user device; retrieving data associated with a number of times the user device performed the online action within at least one time interval; determining whether a dataset associated with a number of times a plurality of user devices have performed the online action within the at least one time interval is normally distributed; and determining a standard deviation associated with the number of times the user device performed the online action within the at least one time interval in response to determining that the dataset is normally distributed, and performing a control operation associated with the request to conduct the online action based on a threshold of standard deviation. Systems and computer program products are also provided.

Abstract: A system, method and computer program for a scanning service is presented. A scanning service compatible with a cloud storage system is configured to receive notifications from a cloud storage service about storage event activity and to access data in the cloud storage service. The scanning service receives a notification regarding storage activity related to a file in the data. After the completion of the storage activity, the scanning service receives the file from the cloud storage service and scans the file. When a determination is made based on the scan that at least a portion of the file should not be distributed then an action is taken with respect to the cloud storage service based on the determination that at least a portion of the file should not be distributed.

Abstract: The invention described herein is that of systems and methods for agentless identity-based authentication of network-enabled devices for control of network traffic to and from each device based on identity. The invention leverages X.509 certificates associated with network devices and comprises at least one querying device in communication with at least target device and optionally at least one intermediate device, such as but not limited to a switching device that can interface with the target device and enable the querying device to query the target device to obtain an X.509 certificate and any extensions, then dictate switching actions, which may be carried out by the querying device according to instructions provided by a switching module residing on the querying device or located external to the querying device. The systems and methods described herein are suitable for validation of the identities of fixed application devices to prevent unauthorized network access.

Abstract: A networked infrastructure is described that includes a set of programmed computing nodes, each node being configured with a processor and non-transitory computer readable media including computer-executable instructions that, when executed by the processor, facilitate a social security number registry server carrying out a method that provides an individual with the ability to remotely approve or disapprove, in real-time, the use of his/her social security number (SSN) by a relying party server.

Abstract: A certificate issued by an authentication server 200 in response to a request from a client terminal 100 is stored in an issued certificate storage unit 113, and the stored certificate is transmitted to the authentication server 200 together with device information to execute first authentication and then a user ID/password is transmitted to the authentication server 200 to execute second authentication, so that it is possible to perform the first authentication using a certificate and perform the second authentication using a user ID/password without setting up the service usage environment in which the certificate of the client terminal 100 and the user ID/password are stored in advance in the authentication server 200 so as to be associated with each other and the certificate is stored in advance in each client terminal 100.

Abstract: A mobile computing device is configured to allow a user to launch native SaaS applications from different vendors using a single-sign-on without having to modify or hook the native SaaS applications. A VPN application operates as man-in-the-middle (MITM) for identity provider requests from SaaS services. The VPN application is initially authenticated with the identity provider, and receives an IDP authentication token which is stored. The IDP authentication token is used for authentication requests from SaaS services.

Abstract: Techniques for described for generating and using rule-enhanced access tokens in connection with authorization for access to resources. An access token is generated in response to determining that a user is authorized to access a protected resource. The access token contains rule information including one or more constraints, each constraint corresponding to a condition for granting or denying access to the protected resource. Upon receiving the access token, a client application can present the access token for accessing the protected resource. The client application can be configured to enforce one or more rules represented in the rule information. The client application can, for example, determine based on the one or more constraints that a condition for granting access is unmet and, in response, cancel a pending access request for the protected resource.

Abstract: Methods and apparatuses for authentication in a computer network system based on security credentials issued for client hosts by a remote security authority are disclosed. In response to detection that a client host is prevented from obtaining security credentials from the remote security authority for use in accessing a target host, the client host can obtain an emergency security credential from a storage of emergency security credentials. The emergency security credential with an error state indication can be send from the client host to the target host for use in the authentication.

Abstract: Systems and techniques are described for preventing data leaks from a network. A set of sensitive files or sensitive data that includes sensitive information can be received, and a first set of labels can be determined based on the set of sensitive files or sensitive data. An apparatus can then receive data that is to be checked for sensitive information, and determine a second set of labels based on the data. Next, the apparatus can match the second set of labels with the first set of labels. The apparatus can then determine whether or not the data includes sensitive information based on a result of said matching, and perform a data leak prevention action if it is determined that the data includes sensitive information.

Abstract: A formalized set of interfaces (e.g., application programming interfaces (APIs)) is described, that uses a security scheme, such as asymmetric (or symmetric) cryptography, in order authorize and authenticate requests sent to a virtualization later. The interfaces can be invoked to perform security monitoring, forensic capture, and/or patch software systems at runtime. In addition to the foregoing, other aspects are described in the claims, detailed description, and figures.