Abstract: Systems and methods for cloud-based file sharing, where templates are provided for creating workflow instances which enable the sharing of managed objects. Reusable workflow templates are stored in the repository of a cloud-based file sharing system as objects that define components of the workflow, or placeholders for these components. A user instantiates a workflow instance from one of the templates and configures the workflow instance to identify content objects or forms, tasks related to the content objects, and users assigned to perform the tasks. The workflow instance is stored as an object in the repository. Users assigned to tasks are authorized through the workflow instance to access the content objects or forms to perform the tasks.

Abstract: A carrier network may detect and prevent completion of SIM swap frauds. For example, a carrier network may, based at least in part on a SIM swap request to replace a first SIM associated with a subscriber with a second SIM, store first information associated with the first SIM. Subsequent to the execution of a SIM swap to replace the first SIM with the second SIM, the carrier network may perform fraud detection on the SIM swap based at least in part on the first information associated with the first SIM stored based at least in part on the SIM swap request and based at least in part on second information associated with the second SIM and based at least in part on the SIM swap being detected as fraudulent by the fraud detection, cause the second SIM to be prohibited from operating with respect to the subscriber.

Abstract: Systems and methods enable secure service-based communications in networks that use a Services Communications Proxy (SCP). A Network Function (NF) producer receives a service request including an authorization token and a signed service request object, wherein the service request originates from an NF consumer of the wireless core network and is forwarded to the NF producer via the SCP. The NF producer verifies the signed service request object and generates, after the verifying, a service response. The service response includes a signed service response object. The NF producer sends, to the NF consumer and via the SCP, the service response with the signed service response object.

Abstract: A system and method for a distributed security model that may be used to achieve one or more of the following: authenticate system components; securely transport messages between system components; establish a secure communications channel over a constrained link; authenticate message content; authorize actions; and distribute authorizations and configuration data amongst users' system components in a device-as-a-key system.

Abstract: This invention pertains to a method for provisioning and implementing two-factor authentication (2FA) for enterprise services. The system securely establishes a trusted identity for a subscriber device using an immutable hardware key and public/private key sets. The device's identity is verified by an Original Equipment Manufacturer (OEM) cloud service. The method includes generating unique transaction nonces for each 2FA request, securing private keys within a Trusted Execution Environment (TEE), and employing a cloud wallet service to store keys. The subscriber device interacts with the system, decrypting and re-encrypting transaction nonces using corresponding keys. This process enables secure transaction from enterprise applications. The system also integrates user consent into the 2FA process, displaying a prompt to approve or deny authentication. This technology enhances security in enterprise services, prioritizing user consent and secure data transfer.

Abstract: A computerized method supporting SSL-based or TLS-based communications with multiple cryptographically protected transmissions is described. Responsive to a first transmission including a first content encrypted with a public key of an intended recipient and a first digital signature for use in detect tampering to the first content, a second transmission is received. The second transmission includes a combined result including the first content and a second content, which is encrypted with a public key of the sender. Recovery of the first content verifies to the sender that the second transmission originated from the intended recipient. Thereafter, a third transmission is sent. The third transmission has data including at least the second content, being the remaining data after extraction of the first content from the combined result, which is encrypted with the public key of the intended recipient and a third digital signature for use in verifying non-tampering of the data.

Abstract: The technology disclosed describes a network security system that is configured to configure a synthetic request with an object identifier, and to inject the synthetic request into an application session to transmit the synthetic request to a cloud application. The synthetic request is configured to retrieve object metadata about the object using the object identifier. The network security system is further configured to receive from the cloud application a response to the synthetic request. The response supplies the object metadata.

Abstract: A remote controlled battery cell monitoring and control system that utilizes empirical and theoretical data to compare performance, sensor data, stored patterns, historical usage, use intensity indexes over time and tracking information to provide a sophisticated data collection system for batteries. This tracking is designed to better the specifications, designs, training, preventative maintenance, and replacement and recycling of batteries.

Abstract: A method for signing data such as software images is provided that uses modules executable by a generic client to sign hashes of the software images rather than the images themselves. The method avoids both the requirement for new or updated client software and the uploading of full software images to the signing system. This approach uses a generic client that requests and downloads processing modules from the signing system to perform the pre-processing operations in signing software images, as well as optionally for post-processing operations.

Abstract: A computer-implemented method is disclosed.

Abstract: In some aspects, a computing system can control access of a user computing device to a resource. The computing system can obtain an access request submitted by a user computing device. The computing system can verify permission information in the access request to determine that the access request is valid. If the access request is valid, the computing system submits an authentication request to request an authentication system to authenticate the user and obtains authentication results generated by the authentication system. The computing system further provides, based on the authentication results, an access control decision for the access request.

Abstract: The present disclosure includes apparatuses, methods, and systems for validating an electronic control unit of a vehicle. An embodiment includes a memory, and circuitry configured to generate a run-time cryptographic hash based on an identification (ID) number of an electronic control unit of a vehicle and compare the run-time cryptographic hash with a cryptographic hash stored in a portion of the memory.

Abstract: Authentication of electronic document is based on multiple digital signatures incorporated into a blockchain. Structured data, metadata, and instructions may be hashed to generate the multiple digital signatures for distribution via the blockchain. Any peer receiving the blockchain may then verify an authenticity of an electronic document based on any one or more of the multiple digital signatures incorporated into the blockchain.

Abstract: Secure pairing of computing devices, such as a field tool and a battery-powered device (BPD), may include generating by the BPD a challenge message including a randomly-generated challenge, and receiving at the field tool a challenge message from the BPD via a Bluetooth low-energy (BLE) advertisement message. The challenge message can include a randomly-generated challenge and can be issued in a scannable undirected advertising message. The challenge key can be calculated via a secure hash algorithm (SHA) to obtain a response solution. The response solution can be sent by the field tool to the advertising device in response to the challenge message. The response solution can be verified by the BPD using a cryptographic message authentication code such as an HMAC, and the BPD sends a confirmation message to the field tool indicating that the response solution is verified as correct.

Abstract: A cloud-based security service that includes external evaluation for accessing a third-party application. The security service receives a request to access a third-party application from a client device. The security service enforces a set of one or more access policies configured for the third-party application including an external evaluation rule. As part of enforcing the external evaluation rule, the security service transmits an external evaluation request to an external endpoint defined in the external evaluation rule. The external evaluation request includes an identity of a user associated with the request. The security service receives the result of the external evaluation. If the external evaluation passed, the security service grants access to the third-party application based at least in part on its passing.

Abstract: A communication apparatus receives request regarding a wireless communication parameter setting from another apparatus that has obtained information regarding the communication apparatus by capturing an image indicating information regarding the communication apparatus, accepts a user input regarding whether the parameter setting is to be executed with the other apparatus in a case where the request has been received, and executes the parameter setting with the other apparatus in a case where the user input indicating that a parameter setting is to be executed with the other apparatus has been accepted.

Abstract: Embodiments disclosed are directed to a system that performs steps to perform enhanced device fingerprinting. The system at least at receives from an application, a plurality of device attributes identifying a client device on which the application is being used. The plurality of device attributes includes a push token provided by a push token service to the client device. The push token is uniquely paired to the client device. The system further transmits, to a device database, the plurality of device attributes for storage in a device profile. The system also transmits, to the application, a push notification based on the push token. The system receives, from the application, a deliverable status indicating whether the push notification was successfully transmitted to the client device, and transmits, to a notification database, the deliverable status for storage in a notification delivery profile. The system can use the information to authenticate a device.

Abstract: The present disclosure relates to a method for analysis on interim result data in a de-identification procedure, an apparatus for the same, a computer program for the same, and a recording medium storing computer program thereof. A method for de-identification according to an example of the present disclosure may include: generating a first interim result data by applying a first de-identification process to an initial data; generating a first analysis metric for the first interim result data; and generating a final result data based on the first interim result data, when the first analysis metric satisfies a first de-identification criterion.

Abstract: Systems and techniques for AI model and data camouflaging techniques for cloud edge are described herein. In an example, a neural network transformation system is adapted to receive, from a client, camouflaged input data, the camouflaged input data resulting from application of a first encoding transformation to raw input data. The neural network transformation system may be further adapted to use the camouflaged input data as input to a neural network model, the neural network model created using a training data set created by applying the first encoding transformation on training data. The neural network transformation system may be further adapted to receive a result from the neural network model and transmit output data to the client, the output data based on the result.

Abstract: Methods and systems for authenticating users based on user application activities are described herein. One or more questions and one or more answers may be generated and stored based on a history of user application activities associated with a user. The one or more questions and one or more answers may be generated randomly, and may relate to one or more other users. A request for access to a service may be received. Based on the request, a question associated with the history of user application activity may be selected and presented to the user. A candidate answer may be received from the user, and the user may be authenticated based on comparing the candidate answer to an answer associated with the question presented.