Abstract: A session user enters session user credential the session user credentials that are compared with stored user credentials to validate the session user credentials. The session user identifies a selected communications method from the at least one communications method presented to the session user, and an authentication message is sent to the session user using the selected communications method. The session user enters a handwritten session signature in response to the authentication message. The handwritten session signature entered by the session user is compared with the reference signature associated with the session user to validate the handwritten session signature. If the handwritten session signature is validated, the session user is authenticated. If the session user has been validated, the session user is allowed to access a set of user information that is associated with the session user and stored on the partner server.

Abstract: The present disclosure involves systems, software, and computer implemented methods for verifying encrypted data provider data on a public storage medium. One example method includes receiving a verification request to verify encrypted data provider data stored on a public storage medium. Public storage medium entries relevant to the verification request are identified and retrieved. A homomorphic cryptosystem is used to homomorphically calculate a first encrypted target function result based on encrypted data provider data. The homomorphic cryptosystem and a verifying entity cryptosystem are used to re-encrypt the first encrypted target function result to generate a second encrypted target function result that is encrypted under the verifying entity cryptosystem and not encrypted under the homomorphic cryptosystem.

Abstract: An in-vehicle computer generates a message authentication code about its own log using its own signature key and thereby transmits a log annotated with its message authentication code to a vehicle information collection device. The vehicle information collection device generates the signature key of the in-vehicle computer, verifies the message authentication code, which is included in the log annotated with its message authentication code received from the in-vehicle computer, using generated signature key, and thereby stores the log relating to the successfully verified message authentication code on storage media.

Abstract: An example operation may include one or more of receiving a request to store a data block on a hash-linked chain of data blocks, dynamically selecting a subset of non-consecutive data blocks which have been previously stored within the hash-linked chain of data blocks, generating a linking hash based on a hash value of the data block to be stored and an accumulation of hash values from the subset of non-consecutive data blocks, and adding the data block to the hash-linked chain of data blocks, wherein the added data block includes the linking hash stored therein.

Abstract: Techniques are disclosed relating to user authentication. In some embodiments, a computing system maintains an exception handler of a software development platform. The exception handler is executable to process a particular type of exception that causes an authentication of users of applications running on the software development platform. The computing system may receive, at the exception handler, an indication of the particular type of exception thrown by a particular application. In response to receiving the indication of the particular type of exception, the exception handler issues to a web browser interacting with the application, a request that the web browser redirect to an authentication server configured to perform an authentication of a user of the particular application. The computing system receives, from the authentication server, a result of the performed authentication and returns the result to the particular application.

Abstract: A user's session of a web application or a website in a web browser is recorded and replayed while protecting private and sensitive data from unauthorized access. All the captured data needed to re-create (replay) the user's session in the browser itself is recorded and exported on demand. The need to transmit potentially sensitive and private data continuously to external server(s) is eliminated while still guaranteeing availability of a record of user activity leading up to any point of interest during the user's session. By encrypting recording information and redacting all non-layout content (e.g. text nodes, images, inputs) from the browser DOM before capturing the DOM, the visual layout of the page is maintained and the probability of leaking the user's sensitive or private information is reduced. The replaying user is still able to derive meaningful information about the user's interaction with the web application or website without jeopardizing privacy.

Abstract: An encryption key distribution system includes: a key distribution ECU that transmits an encryption key; and a key reception ECU that receives the encryption key, the key distribution ECU: transmits the encryption key to the key reception ECU; and determines completion of transmission of the encryption key, based on a result of determination as to whether first verification data transmitted from the key reception ECU matches second verification data of the encryption key which is calculated from a common key stored in the key distribution ECU and an identifier of the key reception ECU, the key reception ECU: records the received encryption key in the key reception ECU; calculates the first verification data from the same common key as the common key stored in the key reception ECU and the identifier of the key reception ECU; and transmits the calculated first verification data to the key distribution ECU.

Abstract: Embodiments are described herein for document authentication certification using information stored on a distributed ledger such as a blockchain. A distributed ledger may securely store document data describing the document. Use of a distributed ledger may provide an immutable, readily auditable record of the history of the document. Each user participating in the system may be assigned a unique identifier to be used for conducting transactions on the distributed ledger network. A user may also be provided with a digital security token such as a cryptographic key that is useable to authenticate the user and enable access to the document data stored on the distributed ledger(s).

Abstract: A central authentication service is for authentication of a user operating a computing device requesting access to a service provider. The central authentication service stores a universal group that includes principals from different types of identity providers, with the user of the computing device included as one of the principals. An access token generated by an identity provider associated with the computing device is received by the central authentication service. The central authentication service generates a universal token that includes group membership information for the universal group, and exchanges the access token with the universal token. The universal token is provided to the service provider, with the group membership information on the universal token to allow the service provider to determine if the user of the computing device has permission to access desired services.

Abstract: Techniques are provided for visualizing user access data and for configuring and enforcing location-based access policies.

Abstract: The described technology is generally directed towards providing unified analytics and troubleshooting for enterprise software systems. According to an embodiment, a system can comprise a memory that can store computer executable components, and a processor that can execute the computer executable components stored in the memory. The computer executable components can comprise a remote service component that receives first information from an edge array installed in a second security zone, wherein the edge array employs an application programming interface of an application to generate the first information from the application on a server in the second security zone. The system can further comprise a processing component that processes the first information, resulting in second information. The system can further comprise a communication component that communicates the second information to the edge array.

Abstract: A computer-implemented method includes receiving, by an application, a request to copy application data of the application, where the application data includes sensitive data generated by the application. The application identifies each instance of the sensitive data in the application data. The application generates a clean copy of the application data, where generating the clean copy includes removing each instance of the sensitive data from the application data. The clean copy is returned responsive to the request to copy the application data.

Abstract: Example methods are provided for a network device to perform packet capture in a software-defined networking (SDN) environment. One example method may comprise detecting an egress packet that includes an inner header addressed from a first node to a second node; and identifying a security policy applicable to the egress packet by comparing one or more fields in the inner header with one or more match fields specified by the security policy. The method may further comprise: based on the security policy, capturing the egress packet in an unencrypted form; performing encryption on the egress packet to generate an encrypted packet that includes the egress packet in an encrypted form; and sending the encrypted packet to the second node.

Abstract: Embodiments include method, systems and computer program products for securing content. Aspects include accessing, by a first user device, content, wherein the content includes a security profile associated with the content. The content is displayed on a display for the first user device. An input is received by the first user device. The input is analyzed to determine that the input is in compliance with the security profile associated with the content and based at least in part on determining the input is not in compliance with the security profile associated with the content, a portion of the content is transmitted to a second user device.

Abstract: A random code generator includes an address Y decoder, an address X decoder, a PUF entropy pool, a processing circuit and an entropy key storage circuit. The address Y decoder includes plural Y control lines. The address Y decoder selectively activates the plural Y control lines according to a first address Y signal. The address X decoder includes plural X control lines. The address X decoder selectively activates the plural X control lines according to a first address X signal. The PUF entropy pool generates an output data according to the activated Y control lines and the activated X control lines. When the random code generator is in a normal working state, the processing circuit processes the output data into a random code according to at least one entropy key from the entropy key storage circuit.

Abstract: A communication device includes a directional antenna, and a control circuit. The directional antenna has a directional radiation pattern for directing greater power of a transmitted signal in a specific direction. The control circuit is coupled to the directional antenna and determines an angle and a distance to another device. Based on the determined distance and angle to the another device, the control circuit selects a security level from a plurality of security levels for communication between the device and the another device. In another embodiment, a method for transmitting data between the first and second devices is provided.

Abstract: An authentication device that uses biometric authentication includes an acquisition unit configured to acquire first biometric information of a user, a storage unit configured to store second biometric information which is preregistered, a processing unit configured to obtain an authentication determination value based on similarity between the first biometric information acquired by the acquisition unit and the second biometric information stored in the storage unit, and a decision unit configured to decide a service providable to the user based on the authentication determination value and a plurality of thresholds to which different services are respectively assigned.

Abstract: A method and apparatus for providing two-step authentication is provided herein. During operation, the two parts of authentication comprise (1) something a user knows, for example, a password; and (2) a push-to-talk (PTT) communication over a predetermined talkgroup.

Abstract: An identity profile of a user is tracked using previous message communications of the user. A message identified as potentially from the user is received. The identity profile of the user is identified and obtained. Information is extracted from a header of the received message. A security risk assessment of the received message is determined at least in part by comparing the extracted information with one or more corresponding entries of the identity profile of the user. A security action is performed based on the determined security risk assessment.

Abstract: A method includes generating a core record identification (ID) associated with an electronic document. A processor sets one or more access rules indicative of whether the electronic document may be edited after saving the document. The one or more access rules are associated with at least one administrator ID of an administrative user. The method further includes determining, based on a core record ID, whether or not to obtain the electronic consent of a consenting party. The processor evaluates whether the first consenting party ID must provide an electronic consent to the electronic document based on one or more organization consent rules indicative of i) whether consent is required for each access of the computing resource, and ii) whether per-user consent or organizational consent is required. The processor provides access to the computing resource based at least in part on the first consenting party and the core record ID.