Abstract: The present disclosure relates to a method and a device for authenticating a device using wireless LAN. A method of an access point in a wireless communication system, according to an embodiment of the present invention, comprises the steps of: receiving a request message for wireless LAN access of a second terminal from a first terminal; performing an authentication procedure for the second terminal based on identification information of the second terminal and authentication information of the first terminal included in the request message; and transmitting a response message including an authentication result for the second terminal to the first terminal.

Abstract: A technique is provided that integrates authentication from a mobile device (e.g., using biometrics, social informational data, questions and answers, and more) to allow login to laptops and desktops while they are disconnected from the Internet using a USB cable connection, Bluetooth or local wifi or any other similar protocol and/or connected to Internet without USB. The technique provides a cloud clearinghouse that ties a person's or entity's mobile device(s) to an identity that's used to authenticate a person (could be the same person) on a laptop, desktop, or similar computer system.

Abstract: Securely storing data includes encrypting the data using a random key to provide obfuscated data, scrambling the obfuscated data to provide scrambled obfuscated data, generating a scramble schema indicating how to unscramble the scrambled obfuscated data, encrypting the scrambled obfuscated data to provide encrypted scrambled obfuscated data, splitting the scramble schema, and distributing separate portions of the scramble schema and separate portions of the encrypted scrambled obfuscated data to separate entities. The data may be private key data. Securely storing data may also include concatenating the random key on to the obfuscated data prior to scrambling the obfuscated data, wherein the random key is scrambled together with the obfuscated data. Scrambling the obfuscated data may use a Fisher Yates Shuffle mechanism. Securely storing data may also include generating and distributing a symmetric authentication key that is used to authenticate a first entity to a second entity.

Abstract: A network isolation device includes an internal network interface to connect the network isolation device to one or more devices and an external network interface to connect the network isolation device to an external network. The network isolation device further includes an airgap device that operates to (i) close an air gap to connect the one or more devices to the external network, (ii) open the air gap to disconnect the one or more devices from the external network.

Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.

Abstract: Techniques are provided for access control of protected data using storage system-based multi-factor authentication. One method comprises obtaining, in a storage system, an input/output request for data; determining, by the storage system, whether a multi-factor authentication is required for the requested data; initiating, by the storage system, a multi-factor authentication of a user associated with the input/output request, in response to a result of the determining, to obtain a verification result; and processing, in the storage system, the input/output request for the data based at least in part on the verification result. The data may be marked as protected data using a manual process and/or an automated process that processes one or more smart tags associated with the data. The marking of the data as protected data may comprise marking a partition comprising the data, marking a protected folder comprising the data, and/or marking a protected file comprising the data.

Abstract: A method for connecting a field device to a first cloud based service platform includes reading-out a first ticket from the field device using the first service device, wherein the first ticket includes at least one piece of information identifying the field device. The first ticket is transmitted to a second cloud based service platform from the first service device. The method also includes mutual associating and verifying of the first ticket and a second ticket produced at the manufacturer and stored in the second service platform. In the case of successful verifying, the connecting information for the first cloud based service platform is transmitted from the second cloud based service platform to the first service device. A communication connection between the first service device and the first cloud based service platform is established based on the connecting information transmitted from the second service platform.

Abstract: Techniques are described herein that are capable of using graph enrichment to detect a potentially malicious access attempt. A graph that includes nodes and configuration-based links is generated. The nodes represent respective resources. Behavior-based links are added to the graph based at least in part on traffic logs associated with at least a subset of the resources. An attempt to create a new behavior-based link is identified. A probability of the new behavior-based link being created in the graph is determined. The probability is based at least in part on the configuration-based links and the behavior-based links. The new behavior-based link is identified as a potentially malicious link based at least in part on the probability being less than or equal to a threshold probability. A security action is performed based at least in part on the new behavior-based link being identified as a potentially malicious link.

Abstract: A client communications device and method for generating a user message comprising an assertion for verification by a remote server device is described. Payload data for the user message as generated by a secure application resident on the communications device is received. Biometric authentication of the user is performed as a first level security mechanism. If biometric authentication of the user is successful, a digital signature is generated based on the message payload as a second level security mechanism. The digital signature is generated using a private signature key stored in a secure element of the client device. A third level security mechanism is applied by authenticating the user message using a secure application-specific key. In implementations, the digital signature is generated in a secure environment of the client device which has sole access to the secure element after successful biometric authentication.

Abstract: Methods and systems describe linking mobile applications to website providers using an intermediary database that is populated based on mobile application metadata in order to provide secure communication of user data encrypted specifically for given website providers. The methods and systems accomplish this by receiving, at an intermediary database, a first communication from a background application implemented on a mobile device, wherein the first communication comprises a first access point address and is generated based on a request, by a first access point, for first user information for use by a first provider, wherein the first provider provides the first access point. However, as opposed to simply generating a random alternative content for the first communication, the system performs an additional step to ensure that the alternative content is specific to the provider and may be used across all access points for the provider.

Abstract: Provided herein are systems and methods for global data objects on a data platform where the global data objects are accessible at an organization level. In particular, an organization-level global data object provided by various embodiments can be used as a generic organization object that is owned by a specific organization, and can be managed (e.g., created, deleted, or modified) by use of a leader-based model.

Abstract: Embodiments of systems and methods to provide a firmware update to devices configured in a redundant configuration in an Information Handling System (IHS) are disclosed. In an illustrative, non-limiting embodiment, an IHS may include computer-executable instructions to receive a password comprising a first plurality of characters, concatenate a second plurality of characters to the hashed password to form a patched password, encrypt the patched password, and send the hashed patched password to a server IHS for authentication. The second characters are configured to continually change value over time.

Abstract: In one embodiment, a device of a data mesh generates a first metadata layer for the data mesh that comprises metadata regarding a dataset having a plurality of data sources. The device identifies user role-specific metadata associated with a particular user role and based at least in part on the metadata regarding the dataset. The device generates a second metadata layer for the data mesh that comprises the user role-specific metadata associated with the particular user role. The device provides the user role-specific metadata for presentation to a user associated with the particular user role.

Abstract: A communications system is provided. A network device controls the setting up of a device to device communication link, as sent between a device in the core network and the base station(s) servicing the relevant mobile devices, including disclosure of the common security information for two mobile devices to communicate securely over the direct device to device communications link.

Abstract: A non-transitory computer readable storage medium has instructions executed by a processor to host a digital verified credential exchange in network communication with different verified credential operating environments. The digital verified credential exchange has a verified credential exchange engine in network communication with user and system interfaces for interacting with a verified credential holder machine, a credential database, a verified credential operating environment operating attributes database, an exchanged verified credential database, and an exchanged verified credential status monitor. The digital verified credential exchange automatically forms a reissued digital verified credential from a first verified credential operating environment for execution in a second verified credential operating environment.

Abstract: Various embodiments of the present disclosure provide techniques for facilitating a credential-less exchange over a network using a plurality of identifier mapping and member interfaces. The techniques may include initiating the presentation of an enrollment user interface via a client device of a user and receiving selection data indicative of a selection of a service provider instrument from the enrollment user interface. The techniques include generating a matching code for authenticating the user, providing the matching code to a service provider platform, and receiving the matching code from a partner platform. In response to an authentication of the user based on the matching code, the techniques may include generating an UUEK for the user that may be used to replace persistent credentials.

Abstract: Systems and methods for authenticating an electronic transaction using a hosted authentication service. The systems and methods determine whether an authentication is required based on a first electronic message received from a first data system. Upon determining the authentication is required, the systems and methods transmit a dummy authentication request and a hosted authentication service uniform resource locator to the first data system. The systems and methods further determine or receive an indication whether a user authentication challenge is required based on a transaction risk analysis by a second data system. Upon determining the user authentication challenge is required, the systems and methods provide, at a user interface, an electronic form including a challenge request. The systems and methods transmit, to the first data system, another electronic form including a dummy authentication response generated based on a challenge result.

Abstract: The present invention, Revise Animation Control (TAC) Program, is an advanced AI-driven system that monitors, troubleshoots, and repairs computer systems using a suite of learning algorithms and a 3D avatar interface. The present invention includes robust security protocols, dynamic updates, and energy-efficient modes, ensuring continuous and autonomous system maintenance and optimization. With comprehensive antivirus protection and advanced authentication methods, the present invention safeguards the computer system and enhances the user experience.

Abstract: This disclosure describes techniques for performing enhanced authentication of a device based on physical proximity of the device to one or more other authenticated devices. An example method includes performing a first authentication of a first device or a first user and connecting the first device to a protected resource. Based on determining that the first device is within a threshold distance of a second, authenticated, device, a reauthentication interval is selected. Based on determining that the reauthentication interval has expired, a second authentication is initiated by transmitting, to the first device or a third device associated with the first user, a request for an authentication factor.

Abstract: A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secured software agent is provided for embedding within the abstraction layer forming the operating system. The secured software agent is configured to limit access to the abstraction layer by either blocking loadable kernel modules from loading, blocking writing to the system call table or blocking requests to attach debug utilities to certified applications or kernel components.