Abstract: Systems, methods, and storage media for management of identity systems in an identity infrastructure are disclosed. Exemplary implementations may: install a discovery agent in the identity infrastructure; assess the identity infrastructure by the discovery agent; install an identity fabric in the identity infrastructure based on the assessing; receive, at the identity infrastructure, one or more data flows pertaining to identity data or identity metadata for at least one identity domain/system; manage, by a controller element, control plane operations across one or more elements or agents; manage, by at least one of the agents, the one or more data flows; detect and monitor, by the one or more elements or agents, at least one event linked to the one or more data flows; and assess the identity data or metadata and an associated state across the identity domains in the identity infrastructure based on the detecting and monitoring.

Abstract: Systems and methods of Exact Data Matching (EDM) include receiving customer specific sensitive data for a customer, wherein the customer specific sensitive data are converted into a plurality of tokens; receiving a configuration for exact data matching of the plurality of tokens; performing inline monitoring of a user associated with the customer; detecting a presence of one or more tokens of the plurality of tokens based on the inline monitoring; and, responsive to the detecting, performing an action based on the configuration.

Abstract: Method for authenticating at least one ventilator with at least one remote station, wherein the ventilator can connect itself via at least one interface to the remote station, at least one authentication file is stored on the ventilator, the authentication file contains at least one signature code of a signing authority, and a public keycode of the signing authority is known to the remote station, the ventilator sends the authentication file to the remote station when establishing the connection to the remote station, the remote station checks the signature code of the authentication file using the public keycode as to whether the signature code originates from the signing point and the ventilator is authenticated when the remote station recognizes the signature code as originating from the signing authority.

Abstract: The disclosed computer-implemented method for dynamic formjacking protection may include identifying a sensitive data input field element on a webform loaded in a browser, creating a secure isolated container overlaid on the identified sensitive data input field element, and collecting, via the secure isolated container, real input data intended for the sensitive data input field element. The method may also include inserting dummy data into the sensitive data input field element and intercepting a form submit request from the webform to a destination. The method may further include determining whether the destination is a trusted destination, and when the destination is determined to be the trusted destination, modifying the form submit request to allow the real input data to be sent to the trusted destination. The method may also include sending the form submit request to the destination. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Embodiments detect identity attacks by comparing usage of compromised passphrases or other weak credentials in failed sign-in attempts to access restriction conditions. A restriction threshold amount of weak credential failed sign-ins (WCFSI) or a WCFSI increase indicates an identity attack, such as a password spray attack. Going beyond the mere number of failed sign-ins by also considering credential strength allows embodiments to detect attacks sooner than other approaches. An embodiment may also initiate or impose defenses by locking accounts, blocking IP addresses, or requiring additional authentication before access to an account is allowed. Weak credentials may include short passwords, simple passwords, compromised passwords, or wrong usernames, for instance. Password strength testing may be used for attack detection in addition to preventive use on passwords proposed by authorized users. Familiar and unfamiliar traffic source locations may be tracked, as sets or individually.

Abstract: Example subscription information configuration methods and a communications device are described. One example method includes receiving a first device identifier by a network device from a first terminal device in a first access mode and receiving a second device identifier from a second terminal device in a second access mode. The network device determines whether the first device identifier matches the second device identifier to identify legality of the first terminal device. If the first device identifier matches the second device identifier, it indicates that the first terminal device is a legal terminal device. The network device sends subscription information of the first terminal device to the first terminal device in the first access mode, so that the first terminal device successfully accesses a network by using the subscription information.

Abstract: A request to contact a service provider may be received from a client machine. The request may be associated with an identity claim and including a service identifier. The identity claim may be validated via a distributed identity service that includes a plurality of identity nodes in communication via a network. Validating the identity claim may include determining a designated network identifier associated with a distributed identity account shared among the plurality of identity nodes. A service query that includes the service identifier and the designated network identifier may be sent to a plurality of customer relations management services. A communication session may be established between a service provider remote computing system and the client machine. The service provider may store customer relations management information at a designated one of the plurality of customer relations management services.

Abstract: Provided a method for setting up an authorization verification for a first device, for example a field device in an automation system, wherein the first device is configured by configuration data transmitted to the first device from a configuration module that is detachably connected to the first device and, for example, is implemented in the form of an SD card or a USB stick, having: detection of a connection of a configuration module to the first device, reading configuration module-specific device information from the configuration module, requesting configuration module-specific authorization verification for the configuration model-specific device information from the first device in an authorization device, and storing the requested configuration module-specific authorization verification on a security storage unit of the first device.

Abstract: A blockchain smart contract rewriting framework system has a vulnerability detection tool, a rewriter tool, and a deployment component. The deployment component obtains a permission to upgrade the smart contract, which granted by a smart contract creator/owner. The contract rewriting framework system retrieves the smart contract from the blockchain network, and passes it to the vulnerability detection tool. The vulnerability detection tool detects a vulnerability in the smart contract, and determines a type of the vulnerability and an instruction location of the vulnerability. The rewriter tool rewrites the smart contract to include a patch for fixing the vulnerability, a patched smart contract being generated by the rewriter tool based on the type of the vulnerability and the instruction location of the vulnerability.

Abstract: Aspects of the disclosure relate to generating threat intelligence information. A computing platform may receive forensics information corresponding to message attachments. For each message attachment, the computing platform may generate a feature representation. The computing platform may input the feature representations into a neural network, which may result in a numeric representation for each message attachments. The computing platform may apply a clustering algorithm to cluster each message attachments based on the numeric representations, which may result in clustering information. The computing platform may extract, from the clustering information, one or more indicators of compromise indicating that one or more attachments corresponds to a threat campaign.

Abstract: According to one embodiment of the present application, provided is an access management method of an access control device, comprising the steps of: receiving, from a user terminal, a first advertising packet including open authentication information; generating a key on the basis of at least a first random key; confirming the open authentication information on the basis of the generated key; and determining the opening of a door on the basis of the open authentication information.

Abstract: A system for communicating email messages using tokens receives a request to send an email message to a receiver. The email message is associated with a sender's email address. The system determines whether the sender's email address is associated with a token from a plurality of tokens stored in a token-email address mapping table. The system generates a particular token for the sender's email address in response to determining that the sender's email address is not associated with a token, where the particular token uniquely identifies the sender's email address. The system sends the email message using the particular token instead of the sender's email address, such that the sender's email address remains anonymous from the perspective of the receiver.

Abstract: Examples of renewal of security certificates of supplicant devices are described. In an example, a request to authenticate a supplicant device based on a security certificate is received by an authenticator device and from a supplicant device. The request comprises information relating to the security certificate which is expired. A login history of the supplicant device and presence of a valid account associated with the supplicant device in a directory database is determined. An authentication successful message is sent to the supplicant device based on the login history and presence of the valid account in the directory database. The supplicant device is redirected to a captive web portal for authentication of the supplicant device based on the login credential. In response to a successful authentication of the supplicant device in the captive web portal, a renewed security certificate for the supplicant device is provided.

Abstract: The communication system is a communication system including a management communication apparatus, a first communication apparatus, and a second communication apparatus. The first communication apparatus is capable of communicating using a plurality of Internet Protocol (IP) addresses in different versions from each other, and includes a first communication unit configured to notify the management communication apparatus of a first IP address among the plurality of IP addresses in a first authentication process for entering the communication system, and to notify the management communication apparatus of a second IP address among the plurality of IP addresses after the first authentication process, the first authentication process being performed between the first communication apparatus and the management communication apparatus.

Abstract: There is disclosed in one example an enrollment over secure transport (EST)-capable gateway device, including: a hardware platform including a processor and a memory; a first network interface to communicatively couple to an external network, including an external DNS server; a second network interface to communicatively couple to a home network; a caching DNS server including a local DNS cache, and logic to provide DNS services to the home network; and an EST proxy to authenticate to a local endpoint on the home network, provision a DNS server certificate on the local endpoint, provision an authentication domain name (ADN) on the local endpoint, and provide encrypted domain name system (DNS) services to the local endpoint.

Abstract: Presented herein are certificate-based techniques through which a Radio Interface Unit may be securely onboarded to a service provider network. In one example, a method is provided that includes obtaining, by a Dynamic Host Configuration Protocol (DHCP) server, an address assignment request for the, wherein the address assignment request comprises a vendor device certificate, a signed nonce, a non-encrypted serial number for the RIU, a signed serial number for the RIU, and a vendor identifier; validating the vendor device certificate, the signed nonce, and the signed serial number for the RIU based on a vendor root certification authority certificate; validating the non-encrypted serial number for the RIU; and generating an address assignment response based on validating the non-encrypted serial number for the RIU, the vendor device certificate, the signed nonce, and the signed serial number for the RIU.

Abstract: A relay device includes a plurality of input/output ports (111); an authentication information storage unit (114) to store authentication information used for performing authentication of a target relay device which is a relay device to be authenticated; an authentication processing unit (113) to acquire a target authentication packet which is an authentication packet used for authentication of the target relay device via a target input/output port (111) which is an input/output port connected to the target relay device in the plurality of input/output ports and to authenticate the target relay device by referring to the authentication information, and a relay processing unit (112) to cause a transfer input/output port which is an input/output port (111) to which a transfer destination of the transfer packet is connected, and to discard the transfer packet when the authentication of the target relay device is failed.

Abstract: Systems and methods of Exact Data Matching (EDM) for identifying related tokens in data content using structured signature data implemented in a cloud-based system receiving data sets and customer configuration from a customer, wherein the data sets include customer specific sensitive data from a structured data source with each token represented by a hash value and the customer configuration includes one or more primary keys for a plurality of records in the data sets; distributing the data sets and the customer configuration to a plurality of nodes in the cloud-based system; performing monitoring of content between a client of the customer and an external network; detecting a presence of a plurality of tokens associated with a record in the customer specific sensitive data based on the monitoring; and performing a policy-based action in the cloud-based system based on the detecting.

Abstract: Various embodiments of the present invention relate to a device and method for providing connection between an electronic device and other electronic devices through figure input.

Abstract: A method in a first virtual private network (VPN) server associated with clustering a plurality of VPN servers in a clustered network, the method including receiving, from a VPN service provider (VSP) control infrastructure, VPN data associated with a user device having an established VPN connection with the clustered network; and communicating, utilizing key information, the VPN data with the user device during the established VPN connection. Various other aspects are contemplated.