Abstract: Systems and methods include providing virtual certification number (VCN) authorizations to an external entity by receiving a plurality of secure entity global authorizations comprising global VCN authorizations and global primary account number (PAN) authorizations, identifying the global VCN authorizations, identifying a subset of the global VCN authorizations, each of the subset of the global VCN authorizations corresponding to an external entity authorization, comparing the subset of global VCN authorizations to previously provided VCN authorizations, to identify an unsent VCN authorization, storing a transmittable unsent VCN authorization based on the unsent VCN authorization, providing an unsent authorization indication to the external entity, receiving, from the external entity, a request for the unsent VCN authorization based on providing the unsent authorization indication to the external entity, and providing the transmittable unsent VCN authorization to the external entity, based on storing the tran

Abstract: User reputation regarding exposure of data objects in a cloud computing environment is determined. Behavioral information, which indicates behavior of a user for a cloud computing environment corresponding to one or more data objects in the cloud computing environment that are associated with the user, is analyzed. Based on analyzing the behavior information, a plurality of characteristics for the user that indicate exposure of the data object(s) associated with the user is determined. Each of the plurality of characteristics reflects the behavior of the user pertaining to the one or more data objects. Based on compliance of the plurality of characteristics with corresponding ones of a plurality of rules, a reputation of the user for exposing data objects in the cloud computing environment is determined. The reputation of the user is indicated to an entity with which the user is associated.

Abstract: Aspects of the present disclosure are drawn to client device for use with a network controller and an external server, the network controller being configured to manage a wireless network, to change a critical parameter of the wireless network, to transmit a request for a one time password (OTP). The external server being configured to generate the OTP in response to the request for the OTP, to provide a notification of the OTP and to transmit the OTP to the network controller. The network controller being configured to additionally receive the OTP from the external server. The client device including a memory having a data structure stored therein, the data structure including a list of configurable critical parameters of the wireless network, and including a processor configured to execute instructions stored on the memory to cause the client device to receive a request to configure a configurable parameter of the wireless network.

Abstract: Exemplary embodiments include a method for managing user authentication credentials in relation to different types of core networks, CNs. The exemplary methods can include receiving (1010) a request to authenticate a user for access via a first CN, and determining (1020) that user authentication credentials are unavailable in relation to the first CN. The exemplary methods can also include sending (1030), to a translator function associated with a second CN that is different than the first CN, a request to provide user authentication credentials associated with the first CN. The exemplary methods can also include receiving (1040) user authentication credentials associated with the first CN and, based on the received user authentication credentials, authenticating (1050) the user for access via the first CN. Embodiments also include data management nodes configured to perform the exemplary methods, as well as complementary methods and nodes configured to perform such methods.

Abstract: An information processing apparatus includes a processor configured to control a display unit in such a manner that a first message, a second message, and storage-location candidate information are displayed on a screen of the display unit. The first message has been input and confirmed by an apparatus user or at least one different user. The apparatus user uses a terminal apparatus having the display unit. The second message has been input by the apparatus user and has not been confirmed. The storage-location candidate information indicates a storage location candidate of a file related to the first message or the second message.

Abstract: Embodiments herein relate to the field of communications, and more particularly to key matching for extensible authentication protocol over local area network (EAPOL) handshaking using distributed computing. Other embodiments may be described and claimed.

Abstract: A method and apparatus for hard deletion of user data are described. The method may include receiving a request from a user computer system to delete user data. The method may also include determining a unique user identifier associated by a system with a user making the request. The method may also include determining whether a data partition, in which data generated by a job or subsystem of the computer system is stored, is predicted to contain a record having the unique user identifier. Then, the method may include searching, when the data partition is predicted to contain a record having the unique user identifier, data records stored in the data partition for a user data record based on the unique identifier, and performing a hard deletion of the user data record from the partition when found during the searching.

Abstract: A computer-implemented method includes assigning each access device of a plurality of access devices to at least one respective space of a plurality of spaces, including assigning a first access device to a first space of the plurality of spaces, based on the first access device controlling access to the first space. One or more access devices, from among the plurality of access devices, that are assigned to the first space are grouped together into a first group of devices. A boundary of the first space is generated based at least in part on access data generated by the first group of devices, where the access data describes access to the first space by way of the one or more access devices in the first group of devices.

Abstract: A communication system authorizes a User Equipment (UE) for a wireless data service and a media-conferencing service. A network core receives UE authentication data from the UE that is based on a secret key. The network core determines network authentication data for the UE that is also based on the secret key. The network core authorizes the UE for the wireless data service based on the UE authentication data and the network authentication data. The network core transfers the network authentication data for the UE to a media-conferencing server in response to the authorization of the UE for the wireless data service. The media-conferencing server receives other UE authentication data from the UE that is based on the secret key. The media-conferencing server authorizes the UE for the media-conferencing service based on the other UE authentication data from the UE and the network authentication data from the network core.

Abstract: A method for improving memory utilization of a Narrowband Internet of Things device (UE) is provided. The method includes: switching the modem to a provisioning mode and allocating a portion of the dedicated memory of the modem during provisioning of the iSIM on the modem chip of the UE; reusing, by the iSIM, the portion of the dedicated memory of the modem for processing provisioning data; securely cleaning up the allocated portion of the dedicated memory of the modem by a protection hardware block after leaving the provisioning mode; and allocating the portion of the dedicated memory of the modem shared with the iSIM back to the modem.

Abstract: One embodiment is a first computing system configured to control a second computing system, a software module configured to attempt to interact with the second computing system once the second computing system is brought to a first state by the first computing system, and an admittance mechanism configured to determine if the interaction is allowed to occur.

Abstract: A residential key may be programmed by a computer with access rights information. A lock device may receive the access rights information from the residential key. The lock device may store and utilize the access rights information if the lock determines that the residential key is authorized to update the lock device.

Abstract: A client device generates an artificial data packet that specifies, in the header, an artificial network address usable to indicate that the artificial data packet includes out-of-band data. The client device transmits the artificial data packet with other data packets over an encrypted data stream to a virtual private network server. The virtual private network server determines, based on the artificial network address, that the artificial data packet includes out-of-band data. The virtual private network server processes the out-of-band data from the artificial data packet while transmitting the other data packets to servers corresponding to destination network addresses specified in the headers of these other data packets.

Abstract: A trust chain having client system and a remote system in a secure connection, wherein an intermediary system associated with the network flow path serves as a signing entity to establish an end to end transitive trust. The intermediate system is a corroborative entity in the operations technology realm of the client system. The remote system serves as the host for a plurality of services in the information technology realm. A two way handshake during the initial secure exchange protocol between a local client application and a remote service is extended to a three way handshake that includes a nonce issued by the remote service on the remote system and a digital signature for the nonce issued by a signature service on an associated intermediate system. The nonce signature is verified authoritatively at the remote system based on the signing certificate of the intermediate system for explicit proof of association.

Abstract: A control device includes a storage unit that stores an authentication ledger, an authorization ledger, operation information, and operation recording target information. An authentication management unit, in a case of receiving authentication information from one information processing device, performs an authentication determination. An authorization unit determines whether to authorize the processing request of the one information processing device with the authorization ledger. An execution authorization unit, in a case in which the processing request authorized is a request for changing an operation state of the device, determines whether to authorize an execution of the processing request from the operation information, and, in a case of authorizing, causes the control execution unit to execute the processing request, and, in a case of not authorizing, transmits an error response to the one information processing device.

Abstract: The invention relates to a method and system for key distribution and encryption/decryption. An encryption key (Kenc) is derived in a terminal. The encryption key is applied by the terminal for encrypting at least a part of data included in an application message for an application server transmitted over a network. The terminal and the network both have access to a first key (K1). The terminal and the server both have access to a second key (K2). The encryption key is derived at the terminal using the first key and the second key. The first key or the derivative thereof is received at the server. The encryption key for decrypting the application message encrypted by the terminal is derived in the server using the shared second key and the received first key of the derivative thereof.

Abstract: A system in a vehicle includes one or more sensors configured to obtain occupant information from an occupant utilizing at least facial information of the occupant. The system also includes a controller in communication with the one or more sensors. The controller is configured to determine an application policy associated with one or more applications of the vehicle and execute the one or more applications in response to facial information exceeding a first authentication layer or second authentication layer associated with the application policy.

Abstract: Systems and methods are disclosed for online authentication of online attributes. One method includes receiving an authentication request from a rely party, the authentication request including identity information to be authenticated and credential information to be authenticated; determining whether a user account is associated with the received identity information by accessing an internal database; accessing user data of the user account determined to be associated with received identity information; determining authentication data to obtained from a user associated with the user account based on the user data of the user account and the credential information to be authenticated; transmitting a request for authentication data; receiving authentication data associated with the user; transmitting authentication data associated with the user; and receiving an authentication result from the verification data source server for the user associated with authentication data.

Abstract: Embodiments herein describe a pattern or syntax that can be used to convey or express the reason or purpose for a service provider to request user data in an identity federation. A service provider can request user data from the identity provider using an authentication process. If the authentication process is successful, the identity provider provides an authorization token to the service provider which it can use to retrieve the user data. The embodiments herein obtain user consent in the same authentication process used to provide the authorization token. In order to do so, the embodiments herein introduce a pattern or syntax that the service provider uses to convey the purpose for which it wants to use the user data to the identity provider.

Abstract: Methods, systems and computer program products for content management systems. The techniques of the methods, systems and/or computer program products automatically determine activity-based content object access permissions and/or make a recommendation of activity-based content object access permissions. A machine learning model is formed from observations of user interactions over a plurality of content objects. The model is continually updated based on ongoing observation and analysis of user interaction events. When a collaborative relationship is formed between an invitor and one or more invitees, the activity-based permissions model is accessed to determine a set of access permissions to assign to the collaborative relationship. A single collaborative relationship may cover many collaboration objects. In some cases, a set of access permissions are automatically assigned to the collaborative relationship. In other cases, a set of access permissions is presented to the invitor as a recommendation.