Abstract: Disclosed are various embodiments that related to rendering a data driven user interface used to configure device profiles in an enterprise device management environment. In some examples, the enterprise device management environment can include a platform messaging service and a platform specific adapter. In one example, a system can receive a request to generate a device profile for a platform. The system can render a data driven user interface for configuring the device profile based on a definition file. The system can also receive input of a value for a user interface element and retrieve the values from the other user interface elements. The system can generate the device profile based on a translation of the values and transmit a command to a platform messaging service to facilitate an installation of the device profile in a mobile device. Various delivery methods for installing the device profile are disclosed.

Abstract: This disclosure relates to techniques for performing Wi-Fi authentication in a wireless communication system. Public key cryptography may be used to enhance the confidentiality of the user's permanent identity in transit. In some embodiments, a RSA-OAEP (SHA-256) encryption scheme may be used to protect the permanent identity when the EAP client needs to send the user's permanent identity to the server in the absence of pseudonym or fast re-authentication identity. In some embodiments, a server certificate is used to authenticate a iWLAN tunnel to protect an IMSI during setup of a Wi-Fi call. Using the methods described herein on both or either of the EAP client and server side may offer improved privacy protection.

Abstract: An encrypted security system and associated methods for controlling physical access are described. The system includes a security server configured to receive a request for authentication from a mobile device, the request including information identifying the mobile device and a physical access control device. The security server forwards an encryption message including a plurality of unique identifiers to the physical access control device via the mobile device. The physical access control device is configured to authenticate the plurality of unique identifiers in the encryption message and operate an access control mechanism.

Abstract: Methods, systems, and devices for voice-activated medical assistance are described. The method may include receiving an indication of an audio request from a user and determining whether a response to the audio request includes medical information associated with a patient. After determining whether the response includes medical information, the medical assistance server may identify an access class of the medical information and a permission level associated with accessing the access class of the medical information. The method may further include determining whether the user is authorized to access the access class based on the permission level and transmitting an indication of the response to the audio request based on determining whether the user is authorized.

Abstract: Authentication is performed on a plurality of links of a computing environment. One node requests generation of a shared key by a key server coupled to the one node. The one node obtains the shared key and an identifier of the shared key and sends the identifier from the one node to another node. A message encrypted with the shared key is sent from the one node to the other node via one link of the plurality of links. The one node receives via the one link an indication that the other node decrypted the encrypted message using the shared key obtained by the other node. The sending the encrypted message and the receiving the indication that the other node decrypted the encrypted message are repeated on one or more other links of the plurality of links using the shared key previously obtained.

Abstract: Systems and methods are disclosed for providing a trusted computing environment that provides data security in commodity computing systems. Such systems and methods deploy a flexible architecture comprised of distributed trusted platform modules (TPMs) configured to establish a root-of-trust within a heterogeneous network environment comprised of non-TPM enabled IoT devices and legacy computing devices. A data traffic module is positioned between a local area network and one or more non-TPM enabled IoT devices and legacy computing devices, and is configured to control and monitor data communication among such IoT devices and legacy computing devices, and from such IoT devices and legacy computing devices to external computers. The data traffic module supports attestation of the IoT devices and legacy computing devices, supports secure boot operations of the IoT devices and legacy computing devices, and provides tamper resistance to such IoT devices and legacy computing devices.

Abstract: Techniques for access point name and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for access point name (e.g., APN) and application identity (e.g., application identifier) based security enforcement in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify an access point name for a new session; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the access point name and the application identifier.

Abstract: A processing system having at least one processor may obtain domain name system (DNS) traffic records of a DNS platform, the DNS traffic records associated with a source device having a first status and that is submitting DNS queries, where a first-tier DNS authoritative server of the DNS platform is configured to forward the DNS queries from the source device to at least a first second-tier DNS authoritative server of the DNS platform designated for the first status. The processing system may further detect anomalous DNS traffic records from the DNS traffic records, identify a change of the source device from a first status to a second status, based upon the detecting the anomalous DNS traffic records, and reconfigure the first-tier DNS authoritative server to redirect the DNS queries from the source device to at least a second second-tier DNS authoritative server designated for the second status.

Abstract: A method for automatically enrolling a smart-home device in a demand-response program includes receiving an identification of a user account that is sent from a utility provider computer system based on an agreement that the smart-home device will be enrolled in the demand-response program. The identification of the user account is also sent to indicate to the device management server that the smart-home device should be sent to a location associated with the user account. The method also includes causing the smart-home device to be sent to the location associated with the user account. The method additionally includes receiving an indication from the smart-home device that the smart-home device has been installed at the location associated with the user account, and enrolling the smart-home device in the demand-response program.

Abstract: An information processing apparatus is communicably connected to a server and performs authentication without inconvenience to a user. An information processing system includes an information processing terminal, a server, and an information processing apparatus. The information processing terminal is defined as a central device, and the server and the information processing apparatus are defined as peripheral devices in the information processing system. The information processing terminal and the server are connected to each other, and the information processing terminal and the information processing apparatus are connected to each other. The information processing terminal performs authentication of the information processing apparatus with the server.

Abstract: A system and method are provided for the destruction of electronically stored information and/or components that incorporated sensitive technology or that contain sensitive information upon the occurrence of one or more predetermined events. The system and method of the present invention is particularly suited for the safeguarding of electronically stored information and/or classified technology in systems deployed in an operational environment. The system and method of the present invention be incorporated into drones, full size aircraft, any type of vehicle, mines, missiles, torpedos, bombs, phones, cameras, robots, satellites or other spacecraft, computers, hard drives, thumb drives, switches, routers, bugs, brief cases, safes, and generally any device that utilizes components on which sensitive data is stored or components that utilize technology that should only be accessed by authorized personnel.

Abstract: A method and system for remote viewing of multimedia content using a multimedia content distribution network (MCDN) is configured to duplicate multimedia content displayed on a first MCDN terminal device and route the duplicate multimedia content to a second MCDN terminal device. The MCDN terminal devices may be coupled to a local network at an MCDN client premises. The MCDN terminal devices may also include wireless telephony devices for mobile remote viewing functionality. The method may include transcoding of the multimedia content into a format suitable for the second MCDN terminal device.

Abstract: An approval request for a recurring workflow instance is received, that requests the execution of an instance of a recurring workflow. An authorization token is generated based upon the content of the particular workflow to be executed, the location where the workflow is to be executed, and a time period during which the workflow is to be executed. The authorization token is sent, along with a representation of a workflow to be executed, to a target machine for authorization and execution.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for registering subscribable states in blockchain are provided. One of the methods includes: obtaining a request for registering a workflow comprising one or more states; generating a blockchain contract comprising the workflow; and deploying the blockchain contract in a blockchain, wherein the deployed blockchain contract is executable to update a current state of the workflow among the one or more states.

Abstract: The disclosed computer-implemented method for detecting unauthorized data shares may include (1) providing a user of an anonymized inbox with an email alias to use for a particular online entity, (2) identifying one or more emails sent to the email alias from one or more different entities that are different from the particular online entity, (3) determining, based on the one or more emails having been sent by the different entities, that the particular online entity has shared the user's email alias with other entities, and (4) creating a privacy score for the particular online entity based at least in part on the determination that the particular online entity has shared the user's email alias with other entities. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Access between a plurality of nodes of the computing environment is controlled by a key server. The key server receives from one node of the plurality of nodes, a request for a shared key, in which the shared key is created for a selected node pair. A determination is made by the key server as to whether the one node is a node of the selected node pair. In one example, the determining checks an alternate name of the one node to determine whether it matches an alternate name associated with the shared key. Based on determining the one node is a node of the selected node pair, the key server provides the shared key to the one node.

Abstract: A data processing apparatus and a data processing method thereof for an Internet of Things (IoT) system are provided. The data processing apparatus generates a plurality of diagnosis rule data, diagnoses each of the device data received from at least one IoT apparatus to generate a plurality of diagnosis log data, packages the device data, the diagnosis log data and the diagnosis rule data respectively based on a preset data amount to generate a plurality of device files, a plurality of diagnosis log files and a plurality of diagnosis rule files individually, stores each device file, each diagnosis log file and each diagnosis rule file in an interplanetary file system individually, and stores hash values of each device file, each diagnosis log file and each diagnosis rule file in a blockchain system individually.

Abstract: Embodiments described herein are directed to the registration of the same domain with different cloud services networks. For example, systems and methods described herein enable registering a domain in a cloud services network wherein the same domain is also concurrently registered in another cloud services network. Systems and methods described herein further enable selecting one of a plurality of cloud-based identity providers to process a request to authenticate a user associated with a domain that is registered in more than one cloud services network and generating an authentication response in accordance with the selection. Systems and methods described herein also enable the federation of user authentication requests from different cloud services networks to the same enterprise identity provider.

Abstract: Methods and systems for securing communications with an enterprise from a remote computing system are disclosed. The enterprise is included within a community of interest. One method includes authenticating a bridge appliance with an authentication server associated with an enterprise having secure communications, and receiving a packet at the bridge appliance. The method also includes decrypting the packet to provide a decrypted packet in a case where the packet is encrypted according to a cryptographic key associated with the enterprise, and forwarding the decrypted packet to a remote computing device in communication with the bridge appliance. The method additionally includes, in a case where the packet is received from the remote computing device, encrypting the packet according to a cryptographic key associated with the enterprise, to provide an encrypted packet, and forwarding the encrypted packet to an endpoint within the enterprise.

Abstract: An electronic device and a program management method therefor are provided. The electronic device includes a communication interface, a memory, at least one processor, and a secure circuitry. The secure circuitry is configured to provide a first public key stored in the secure circuitry to the at least one processor. The at least one processor is configured to transmit the first public key to an external device and receive an encrypted secure program encrypted based on the first public key and a second public key generated by the external device, from the external device. The at least one processor is further configured to transmit the second public key and the encrypted secure program to the secure circuitry. The secure circuitry is configured to decrypt the encrypted secure program based on the second public key and a first private key which is symmetrical to the first public key.