Abstract: A VPN servers request is transmitted from a user device to a central server. A first VPN server is received from the central server at the user device. Responsive to the user device failing to establish a first encrypted tunnel with the first VPN server, a request for another VPN server is transmitted from the user device to the central server. A second VPN server is received from the central server. A second encrypted tunnel is established with the second VPN server. An encrypted communication is obtained by encrypting a communication directed to a network server. The encrypted communication is transmitted from the user device to the VPN second server.

Abstract: A biometric token is generated for a user and provided to a user-operated device. A pre-staged transaction is defined by a user and the user supplies the token for association with the pre-staged transaction. Subsequently, a user visits a transaction terminal and a new candidate token is generated from biometric attributes of the user. The candidate token is matched to the token associated with pre-staged transaction to authenticate the user and the pre-staged transaction is processed at the transaction terminal as a completed transaction.

Abstract: Techniques and mechanisms described herein facilitate the efficient common storage of partially encrypted content. According to various embodiments, a client device to transmit a designated representation of a media content item via a communications interface may be received. The media content item may be associated with a plurality of representations including the designated representation. The media content item may be associated with first media content data and second media content data. The first media content data may be shared among the plurality of representations. The second media content data may be specific to the designated representation. The first media content data may be combined with the second media content data to create a designated partially encrypted media content portion associated with the designated representation via a processor. The designated partially encrypted media content portion may be transmitted to the client device via the communications interface.

Abstract: Client devices in public workspaces are typically reconfigured to default settings for each new user. Thus, a user may manually pre-configure a publicly accessible client device each time the user accesses a virtual workspace via the device. Systems and methods according to this disclosure provide client device configuration based on user identification. Upon launching a remote access application on a “fresh” client device that has not been configured for remote access, the user may be prompted to provide user identifying information, such as, biometric information. A user identification may be determined based on the user identifying information. Various configuration settings may be determined based on the user identification. The client device may be configured based on the determined configuration settings. After the client device is configured, the user may be prompted for authentication credentials. If the user is successfully authenticated, the user is authorized to access the user's virtual workspace.

Abstract: Methods and systems for defending an infrastructure against a distributed denial of service (DDoS) attack use a software decoy installed in the infrastructure to deliberately attract a malware. An address or a domain name of a command and control (C&C) server is extracted from the malware. A client of the infrastructure uses the address or the domain name of the C&C server to connect to the C&C server. The client receives a command intended by the C&C server to cause the client to participate in the DDoS attack. The client forwards particulars of the DDoS attack to a cleaning component. The cleaning component discards incoming signals having one or more of the particulars of the DDoS attack. The address or domain name of the C&C server may be obfuscated in the malware, in which case reverse engineering is used to decipher the malware.

Abstract: An information processing system includes an authentication server, a proxy authentication terminal, and an information processing device. The authentication server is connected to a wide-area line located outside a prescribed area, has an authentication privilege, and issues an authentication code. The proxy authentication terminal is connected to the authentication server through the wide-area line, has a proxy authentication privilege which serves as a proxy for the authentication privilege, and issues a proxy authentication code. The information processing device is connected to the proxy authentication terminal through a local-area line located within the prescribed area, receives the proxy authentication code from the proxy authentication terminal, and instructs processing of a job.

Abstract: Apparatus, method and computer readable medium associated with autonomous/semi-autonomous driving are disclosed herein. In embodiments, an apparatus for autonomous/semi-autonomous driving may comprise a management system to be disposed in an autonomous/semi-autonomous vehicle. The management system may include a reservation subsystem to receive, from a cloud server, a reservation of the autonomous or semi-autonomous vehicle for a passenger or a driver, and an access control subsystem to control access to the autonomous or semi-autonomous vehicle that includes a trust function to gain trust of the passenger or driver with respect to the passenger or driver's data privacy requirements will be met, when the passenger or driver attempts to exercise the reservation. Other embodiments may be disclosed or claimed.

Abstract: Techniques are provided for providing multi-factor authentication with Uniform Resource Locator (URL) validation (MFAUV). One of the multiple authentication factors used may include a unique, user-specific URL that is sent to the user within a message. In this way, the user may simply click on, or otherwise execute or select, the provided URL, directly from within the message in which the URL is provided.

Abstract: Aspects of the disclosure relate to authorizing an event by utilizing a high generation cellular network to authenticate a device associated with the event. A computing platform may receive, from a first device, a request to authorize an event. Subsequently, the computing platform may identify, based on an analysis of location data, that a second device is proximate to the first device. The computing platform may then prompt the second device to authenticate the first device. Then, the computing platform may receive, from the second device, an authentication token indicating whether the first device is authenticated. Based on the authentication token, the computing platform may respond to the request to authorize the event.

Abstract: A solution is proposed for managing containers isolating corresponding application environments from one or more shared operating systems in a computing system. One or more relevant groups are determined among one or more candidate groups (each comprising private data in common among a plurality of the containers); the candidate groups are determined according to corresponding access commands submitted by the containers and the relevant groups are determined according to one or more relevance policies. The private data of the relevant groups are consolidated into corresponding shared data.

Abstract: In one embodiment, a networking device at an edge of a network enrolls with a controller that supervises operation of the networking device. The networking device sends a publication request to a cloud-based messaging service. The networking device provides, to the cloud-based messaging service, identification information that indicates the controller that supervises operation of the networking device. The networking device receives, from the cloud-based messaging service, authorization to publish messages to the cloud-based messaging service. The cloud-based messaging service uses the identification information to confirm an identity of the networking device with the controller that supervises operation of the networking device. The networking device sends, after receiving authorization to publish messages to the cloud-based messaging service, a message for publication to the cloud-based messaging service. The message comprises data sourced from an endpoint in the network.

Abstract: A method to monitor integrity of webpages. The method includes obtaining rendered code generated using source code of a webpage from a server that hosts the webpage and using remotely called code referenced in the source code, the rendered code used to display the webpage. The method also includes determining a difference between the rendered code and previous rendered code of the webpage. The previous rendered code may be generated before obtaining the rendered code. The method further includes analyzing the difference between the rendered code and the previous rendered code to determine a change in integrity of security of the webpage and in response to a change in the integrity of security of the webpage, generating an alert regarding the integrity of security of the webpage that may indicate the integrity of the webpage may have changed.

Abstract: Row-level security (RLS) may provide fine-grained access control based on flexible, user-defined access policies to databases, tables, objects, and other data structures. A RLS policy may be an entity or object that defines rules for row access. A RLS policy may be decoupled or independent from any specific table. This allows more robust and flexible control. A RLS policy may then be attached to one or more tables. The RLS policy may include a Boolean-valued expression.

Abstract: The invention relates to a method for authenticating to a device, comprising receiving, by the device, from a chip, data; retrieving, by the device, based on the received data, a predetermined encrypted credential; sending, by the device, to the chip, a decryption request for decrypting the encrypted credential including or being accompanied with the encrypted credential to be decrypted; retrieving, by the chip, a secret key; decrypting, by the chip, the encrypted credential by using the secret key; sending, by the chip, to the device, as a decryption request response, the credential; verifying, by the device, whether the credential is or is not valid; and authenticating, by the device, only if the credential is valid, the chip.

Abstract: An apparatus for use in a digital messaging system includes a storage device and a processor coupled to the storage device. The storage device storing software instructions for controlling the processor that when executed by the processor configured the processor to: generate a first message comprising a payload portion; encrypt the payload portion of the message; derive a first session key from a domain-specific key; and sign the message using the first session key.

Abstract: An access control system is provided and includes a control device disposed to restrict access to a secured resource and a networked device disposed in signal communication with the control device. The networked device requests authentication of a user from a trusted device responsive to a presentation of credentials to the control device in a request for access to the secured resource, the credentials are associated with access rights of the user, the networked device is receptive of the authentication, and the control device permits a level of access to the secured resource in accordance with the access rights upon the reception of the authentication.

Abstract: A method of performing a security mode control procedure by a user equipment (UE), and an apparatus therefor are disclosed. The method includes performing, over a 3rd generation partnership project (3GPP) access, a first authentication procedure and a first key agreement procedure with an access and mobility management function (AMF), wherein a key set identifier (ngKSI) is changed during the first authentication procedure and the first key agreement procedure, receiving, from the AMF over the 3GPP access, a first security mode command message including the ngKSI, and receiving, from the AMF over a non-3GPP access, a second security mode command message including the ngKSI, wherein the UE is registered to the AMF and a same public land mobile network (PLMN) over both the 3GPP access and the non-3GPP access.

Abstract: In certain embodiments, resource allocation related to records may be facilitated by generating and using modified instances of such records. In some embodiments, a set of records associated with a user may be stored in a memory area, where each such record includes a record identifier. In response to obtaining one or more commands related to a resource transfer from a user device associated with the user, a new set of records associated with the user may be generated such that each record of the new set is (i) a modified instance of a corresponding record of the record set and (ii) includes a record identifier different from the record identifier of the corresponding record. In one use case, the new records and its data may then be utilized to perform operations related to the user commands. In another use case, the new records may replace its older corresponding records.

Abstract: A mobile device logs in to an authorization server, via a mobile device network communication interface, over a secondary network. The mobile device receives, via an image sensor, over a light communication band, a respective verification code. In response to logging in to the authorization server and receiving the respective verification code, the mobile device transmits, via the mobile device network communication interface over the secondary network, the respective verification code to the authorization server. In response to transmitting the respective verification code to the authorization server, the mobile device obtains, via the mobile device network communication interface over the secondary network, an authentication approval to control a plurality of RF nodes over a local wireless communication network.

Abstract: An information processing apparatus includes a processor configured to: obtain first authority information indicating possession of authority over a server, the first authority information being associated with user's identification information, and second authority information indicating possession of authority over the server that is different from authority indicated by the first authority information; accept a request for the server; in a case where the request is executable with authority based on the first authority information identified by the identification information, add the first authority information to the request and send the request with the first authority information to the server; and in a case where the request is not executable with authority based on the first authority information and is executable with authority based on the second authority information, add the second authority information to the request and send the request with the second authority information to the server.