Abstract: A secure authentication between a network server and a network client. The secure authentication being achieved using server and client table objects only known to the server and client. The server and client table objects maintain equivalency. The server and client table objects have a table label for identifying working server and client table. The server and client table objects contain a label group, a data group, and a time group. The server and client contain a duplicate set of arithmetic formulas. The formulas use data from the table objects to send a solution to a receiving node. The receiving node arithmetically reverses the solution to verify sending node. The receiving node then responds using a different formula and different data from the table objects to verify itself to the original sending node. Once a server and client trust are established additional formula are then used to encrypt data.

Abstract: An image matching method includes extracting, from a first image of an object, a landmark patch including a landmark point of the object, extracting, from a second image of the object, a target patch corresponding to the landmark patch; and determining a target point in the second image corresponding to the landmark point based on a matching between the landmark patch and the target patch.

Abstract: Systems and methods for secure user authentication are described. In certain embodiments, a client device such as a smartphone may be provisioned with a secure key and/or other secret information. The client device may be used to generate unique secure tokens and/or other credentials used in connection with an authentication process. A user may provide the generated tokens and/or other credentials to a service provider in connection with a request to access a managed service. The validity of the generated tokens and/or other credentials may be verified by an authentication service in communication with the service provider.

Abstract: A system and methods for providing and reclaiming a single use imaging device for sterile environments is disclosed and described. The system may include a single use high definition camera used for general purpose surgical procedures including, but not limited to: arthroscopic, laparoscopic, gynecologic, and urologic procedures, may comprise an imaging device that is a sterile and designed to ensure single use. The imaging device may have a single imaging sensor, either CCD or CMOS, encased in a housing.

Abstract: Various approaches for providing scalable network access processing. In some cases, approaches discussed relate to systems and methods for providing scalable zero trust network access control.

Abstract: Disclosed herein are techniques for protecting web applications from untrusted endpoints using remote browser isolation. In an example scenario, a browser isolation system receives a request from a client browser executing on a client device to connect with a remote application accessible via a private network. A surrogate browser is provided to facilitate communications between the client browser and the remote application. A security policy is enforced against the communications.

Abstract: A method including configuring, by an infrastructure device, a virtual private network (VPN) server to receive, while executing an initial operating system, a primary VPN operating system; configuring, by the infrastructure device, the VPN server to receive, while executing the primary VPN operating system, custom parameters associated with the VPN server providing VPN services; configuring, by the infrastructure device, the VPN server to determine a VPN operating system based at least in part on configuring the primary VPN operating system with the custom parameters; and configuring, by the infrastructure device, the VPN server to execute the VPN operating system to provide the VPN services. Various other aspects are contemplated.

Abstract: A Third Generation Partnership Project (3GPP) based network, such as an enterprise private 3GPP network, is operative to provide a guest onboarding of a device using a realm-based discovery of an identity provider and a mutual authentication of identity federation peers. A secure connection may be established between the peers so that the device may be authenticated based on credentials associated with a Subscriber Identity Module (SIM) provided by its Mobile Network Operator (MNO). Credentials may be extended to those associated with embedded SIMs (eSIMs), digital certificates from private enterprises, login and passwords, and identities from a wide range of identity providers. After device authentication, the 3GPP-based network is operative to select and enforce access policies according to an identity or other attribute of the device.

Abstract: A method including configuring, by an infrastructure device, a virtual private network (VPN) server to install an initial operating system on a volatile memory associated with the VPN server; configuring, by the infrastructure device, the VPN server to execute the initial operating system from the volatile memory to receive a VPN operating system; configuring, by the infrastructure device, the VPN server to install the VPN operating system on the volatile memory; and configuring, by the infrastructure device, the VPN server to execute the VPN operating system from the volatile memory to provide VPN services. Various other aspects are contemplated.

Abstract: Examples disclosed herein relate to source entities of security indicators. Some examples disclosed herein enable identifying, in a security information sharing platform, a security indicator that is originated from a source entity where the security indicator comprises an observable. Some examples further enable determining a reliability level of the source entity based on at least one of: security events, sightings of the observable, a first set of user feedback information that is submitted for the security indicator by users of the security information sharing platform, or a second set of user feedback information that is collected from external resources that are external to the security information sharing platform.

Abstract: An access manager determines whether access will be granted to a guarded species or space utilizing a controller including a digital processor with a memory for storing an ID library and a transducer block coupled with the processor for accessing a plurality of different ID types and an access control block coupled with the processor for granting or denying access.

Abstract: An electronic control unit is connected to a network in an in-vehicle network system. The electronic control unit includes a first control circuit and a second control circuit. The first control circuit is connected to the network via the second control circuit. The second control circuit performs a first determination process on a frame to determine conformity of the frame with a first rule. Upon determining that the frame conforms to the first rule, the second control circuit transmits the frame to the first control circuit. The first control circuit performs a second determination process on the frame to determine conformity of the frame with a second rule. The second rule is different from the first rule.

Abstract: A method for authenticating by a network server a communication apparatus, the communication apparatus contains a tamper resistant area adapted to memorize a first secret, by receiving from the communication apparatus a request message including a subscriber identifier; providing, by consulting a database accessible by the network server, a device identifier associated to the received subscriber identifier allowing to identify the communication apparatus; identifying in a secure distributed ledger a record published by a manufacturer of at least a portion of the communication apparatus, the record including a second secret attributed to the identified communication apparatus; generating a challenge message including a random number and sending it to the communication apparatus for it to generate a first result; receiving from the communication apparatus a response message including the first result, the communication apparatus being authenticated by the network server if the first result is equal to a second

Abstract: At given user equipment in a communication system, a unified subscription identifier data structure is constructed. The unified subscription identifier data structure includes a plurality of fields that specify information for a selected one of two or more subscription identifier types and selectable parameters associated with the selected subscription identifier type, and wherein the information in the unified subscription identifier data structure is useable by the given user equipment to access one or more networks associated with the communication system based on an authentication scenario corresponding to the selected subscription identifier type. For example, during different authentication scenarios, the given user equipment utilizes the unified subscription identifier data structure to provide the appropriate subscription identifier (e.g., SUPI, SUCI or IMSI) and associated parameters for the given authentication scenario.

Abstract: A method for signing an electronic document is disclosed. The method includes: receiving, from a first client device: a first electronic document in a first state, the first electronic document containing first data in the first state; a first indication of approval for the first electronic document in the first state; and a selection of one or more second client devices; sending, to each of the one or more second client devices, an invite to access the first electronic document in the first state, each invite including a link to access the first electronic document; receiving, from at least one of the one or more second client devices, a second indication of approval for the first electronic document in the first state; validating the second indications of approval; in response to the validating, submitting a locked form version of the first electronic document to a virtual document signing ceremony.

Abstract: In one embodiment, a management service for a network that is executed by one or more devices establishes a trust relationship with an entity associated with an endpoint in the network. The management service receives, via a Manufacturer Usage Description (MUD) file for the endpoint, an indication that the entity desires remote access to the endpoint in the network. The management service configures, based on the indication, the network to provide a remote access connection between the entity and the endpoint in the network. The management service provides, to the entity, credentials to the entity for the remote access connection.

Abstract: A computerized method for establishing a secure channel between a virtual private network (VPN) client processing on a network device for a user and a network gateway is disclosed. The computerized method includes operations of the controller of transmitting an authentication request to an identity provider based on receipt of a resource request from the VPN client, receiving an authentication response from the identity provider, generating an authentication token based on the authentication response and transmitting the authentication token to the VPN client, wherein the controller further stores the authentication token.

Abstract: A system for utilizing behavioral features to authenticate a user entering login credentials. The system includes an electronic processor configured to receive a request to access a user account and compare behavioral features included in the request to behavioral features included in a user behavior profile associated with the user account. The electronic processor is also configured to, based on the comparison, generate one or more scores. The electronic processor is further configured to, for each of the one or more scores, compare the score to a predetermined threshold and, based on the comparison of the score to the predetermined threshold, adjust a match value. The electronic processor is also configured to compare the match value to one or more predetermined thresholds to determine whether the behavioral features included in the request to access the user account authenticates the user, does not authenticate the user, or is inconclusive.

Abstract: A method for storing data on a storage entity (SE) includes: computing a file identifier for a file to be stored on the SE; checking if the file has already been stored using the file identifier; generating a user-specific private and public identifier, wherein generating the user-specific private identifier is based on using an oblivious key generation protocol between the client and a trusted entity, and wherein the user-specific private identifier is a deterministic private identifier; updating or computing tags of the file by the client such that the updating or computing is homomorphic in the user-specific private identifier and in parts of the file; and providing the user-specific public identifier, the updated tags and a proof of possession of the secret identifier to the SE to enable the SE to store information associated with the file.

Abstract: Disclosed are various approaches for providing authentication of a user and a client device. A user's credentials can be authenticated by an identity provider. In addition, a device posture assessment that analyzes the device from which the authentication request originates is also performed. An authentication request can be authenticated based upon whether the device posture assessment reveals that device to be a managed device that is in compliance with compliance rules.