Abstract: A method, by an authentication unit of a wireless access network, allows anchoring of a data packet session of a user entity connected to the wireless access network to a packet core network of a mobile communications network. The user entity uses an access identifier for its identification in the wireless access network. The access identifier is not used in the mobile communications network to identify a subscriber. A request message is received in which access to the wireless access network is requested. The request message contains an MAC address of the requesting user entity. The MAC address is converted into a sequence of digits used as a mobile subscriber identifier with which the user entity is identified in the mobile communications network and a response message is transmitted accepting the access to the packet core network. The response message includes the sequence of digits used as mobile subscriber identifier.

Abstract: A hardware processor may execute instructions to execute at least one request from a plurality of profiles with corresponding credentials used to access inputs from at least one source of input, and the credential corresponds to a placeholder tag corresponding to a particular task of the workflow. In some examples, the source of input may be adjusted based on the requests and the association corresponding to the respective profiles.

Abstract: Systems and methods for performing a secure transaction provided. In one embodiment, the method includes: reading data on a command token, reading data on a token; encrypting the token data with a key; encrypting an authentication data with a clear text token data; and transmitting the encrypted authentication data with the encrypted token data to a remote device.

Abstract: In one embodiment, a method includes initiating at a client application at a client device, a single sign-on authentication with a security device, receiving at the client application, a session identifier and location of a web portal for the single sign-on authentication from the security device, and passing the session identifier and location of the web portal from the client application to a browser installed at the client device, for use by the browser in performing the single sign-on authentication at the client device. An apparatus and logic are also disclosed herein.

Abstract: The present invention is directed towards systems and methods for sharing licenses across resources via a multi-core intermediary device. A device intermediary to a plurality of clients and a server may grant a license for a virtual private network (VPN) session established by a first core of a plurality of cores of the device with a client. A second core of the plurality of cores may receive a first request from the client to establish an application connection between an application and a server via the VPN session. The second core may send a second request to the first core to share the license of the VPN session responsive to determining that the first core owns the VPN session. The second core may establish the application connection responsive to receiving from the first core a response accepting the second request to share the license of the VPN session.

Abstract: Systems, methods, and apparatuses are described wherein a block chain or block chain network can be created and the mining of new blocks can be limited to certain actors holding a specific set of private keys and verified by the corresponding public keys accessible to consumers interested in validating the block chain. These keys are stored in software or on specific hardware devices designed to not reveal the private key. Only blocks mined using those keys are acceptable on the block chain. The signing of the blocks in the particular block chain is integrated in such a fashion as to be integral to the proof of work for the block chain.

Abstract: Disclosed is an apparatus for controlling access to a security content using near field network communication of mobile devices. A policy issuance provider registration unit requests a content security policy for a first content, a security content, to a service server, receives the content security policy for the first content, requests to the service server for a first mobile device to be registered as a content security policy issuance provider, and receives a result of registration and a provider policy from the service server. A policy issuance provider converting unit converts the first mobile device to the content security policy issuance provider when receiving a request for access for browsing the first content through near-field network communication from another mobile device in which a DRM client application is being executed.

Abstract: Methods and systems for verifying authenticity of a physical object and/or for verifying possession of the object by an individual are described. In one embodiment, the object is registered with a remote processing system. Data representing at least one characteristic of the object is obtained and stored in the remote system and the identity of the individual or entity possessing the object is authenticated. After authenticating the individual, an identifier is collocated (or an existing mechanism is activated or modified to replicate the identifier) with the object, where the identifier uniquely identifies the object and the individual possessing the object. The object and the identity of the individual possessing the object can be authenticated at a future time by sensing the collocated identifier and sending the sensed identifier to the remote system. The remote system can send instructions to an entity wishing to authenticate the object and its association with the individual possessing the object.

Abstract: A method and system for verifying integrity of computing devices. The method includes providing a first integrity associated with a server executing on a computing device to a management service, and receiving, in response to providing the first integrity measurement, a first mutual attestation value from the management service. The method further includes providing a second integrity associated with a network adaptor executing on a computing device to a management service, and receiving, in response to providing the second integrity measurement, a second mutual attestation value from the management service. The method further includes performing a mutual attestation between the server and the network adaptor using the first mutual attestation value and the second mutual attestation value, and notifying the management service that the mutual attestation has been successfully completed.

Abstract: In an approach to multi-user authentication, one or more computer processors receive a first user login. The one or more computer processors determine whether at least one additional user login is received. The one or more computer processors receive an access request from the first user. The one or more computer processors receive an access request from the at least one additional user. In response to receiving the access request from the first user and the access request from the at least one additional user, the one or more computer processors determine whether the access request from the first user and the access request from the at least one additional user meet pre-defined criteria. In response to determining the access requests meet pre-defined criteria, the one or more computer processors authorize the access request of the first user and the access request of the at least one additional user.

Abstract: A hardware-assisted technique may protect a system log from attackers, regardless of an attacker's acquired privileges at the host system. In some embodiments, the technique may employ specialized hardware, e.g., in the form of an add-on peripheral card. The hardware may be connected to a commodity server through a standard bus. Said hardware may stores log files from a host system while permitting only read and append operations from the host system. Thus, even if the attacker obtains root privileges at the host system, removal through the host system of logs may be prevented because the asymmetric interface does not support such commands from the host system. In some embodiments, an existing log file storage path at the host system may be maintained, reducing the required change to implement the disclosed techniques within existing server setups. Further, any performance degradation due to the techniques may be small to negligible.

Abstract: Methods, systems, apparatus, and non-transitory computer readable media are described for identifying users who are likely to have unauthorized access to secure data files in an organizational network. Various aspects may include presenting the identified users on a display for a system administrator and/or security analyst to resolve. For example, the display may include a graph data structure with users represented as nodes and connections between users represented as edges. Each connection may be a pair of users belonging to a same security group. Nodes of the graph data structure may be clustered according to a clustering coefficient. Moreover, the graph data structure display may be organized and color coded in such a manner, that a system administrator and/or security analyst may quickly and easily view the users who are most likely to have unauthorized access to secure data files. The authorized access may then be remedied or taken away.

Abstract: The claimed subject matter provides systems and/or methods that facilitate describing, communicating, utilizing, etc. a frame dependency structure in connection with real time video communication. For example, a protocol can be employed to communicate the dependency structure from a sender to a receiver. Moreover, a mechanism on a receiver side can detect frame(s) that will be rendered with artifacts if displayed due to previous frame loss; this mechanism can leverage receiver side knowledge concerning the dependency structure of the of the frames.

Abstract: In some embodiments, an apparatus includes a memory, storing processor-executable instructions, blacklist terms, and credential dump records, and a processor. The processor receives repository data from targeted remote repositories and stores the repository data as a potential credential dump in the memory when the repository data includes a credential dump attribute. The processor stores the potential credential dump as a probable credential dump when the potential credential dump does not include a blacklist term, in which case the processor also detects a format and delimiter of the probable credential dump. Based on the format and delimiter, pairs of usernames and associated passwords are identified and hashed. If a percentage of the hashes not associated with the credential dump records exceeds a predetermined threshold, the probable credential dump is deemed authentic.

Abstract: A system may obtain identification information for a user for obtaining a form of access using universal enrollment. The system may obtain a digital certificate associated with the identification information, the digital certificate including a public key of a public key, private key pair and the public key and the private key of the public key, private key pair being generated using first biometric information of the user obtained during the universal enrollment. The system may obtain second biometric information. The system may generate a second private key using the second biometric information. The system may determine whether the second private key matches the public key included in the digital certificate. The system may provide the form of access based on the second private key matching the public key included in the digital certificate.

Abstract: A method comprising using at least one hardware processor for: obtaining haptic data comprising multiple data channels representing multiple characteristics of the haptic data; analyzing the haptic data to identify sensitive portions of the haptic data to which haptic masking rules apply; and masking the haptic data by applying the haptic masking rules to the sensitive portions of the haptic data in one or more data channels of the multiple data channels.

Abstract: A method and apparatus is shown for provision of a secure connection via a public network. In a particular implementation, a communication session may be established between an apparatus and a client device to enable the client device to receive access to one or more portions of a public network via one or more communication links. In response to receipt of a request message received from the client device, access may be established to the one or more portions of the public network using one or more identifiers from the client device to emulate the client device on the one or more portions of the public network. In response to detection of the established access to the one or more portions of the public network, an encrypted virtual private network (VPN) communication session may be established to one or more remote devices via the one or more portions of the public network.

Abstract: A method and apparatus for protecting a network communication security. In one embodiment, there is provided a method for protecting network communication security at a server. The method comprises: in response to a request from a client, determining whether a token from the client is included in a valid token queue, the valid token queue being a First-In-First-Out queue; in response to the token being included in the valid token queue, managing the valid token queue based on a position of the token in the valid token queue; and sending a response to the client based on the managing of the valid token queue. There is further disclosed a corresponding method and apparatuses at client side.

Abstract: A method for performing authentication in a portable electronic device is provided. The method includes identifying whether a peripheral electronic device is located within a certain distance from the portable electronic device, receiving biometrics information from the peripheral electronic device when the peripheral electronic device is located within the certain distance from the portable electronic device, identifying whether the biometrics information received from the peripheral electronic device is identical to biometrics information stored in the portable electronic device, and releasing security set to the portable electronic device when the biometrics information received from the peripheral electronic device is identical to the biometrics information stored in the portable electronic device.

Abstract: In an resource-on-demand environment, dynamically created server instances are allowed to boot from encrypted boot volumes. Access keys to the boot volumes are provided from a key provider that authenticates new instances based on possession of a security token that has been previously shared between the key provider and the new instance through an out-of-band communication.