Abstract: Methods, systems, and apparatus for authenticating and authorizing users using quantum key distribution through segmented quantum computing environments. In one aspect, a method includes receiving a first and second plaintext data input from a first party and from a second party, respectively; applying a quantum computation translation operation to the first and second plaintext data inputs to generate a corresponding first sequence of quantum computations and a second sequence of quantum computations; implementing the first and second sequence of quantum computations in a first and second segmented quantum computing environment, respectively, to obtain a first and second sequence of measurement results; generating a first and second encryption key using the first and second sequence of measurement results, respectively, and an encrypted authorization token using the second encryption key; and sending the first encryption key to the first party, and the encrypted authorization token to the second party.

Abstract: Disclosed herein are systems and methods to ensure that data collected from remote sensors sent to cloud-based storage, as well as commands sent to remote actuators from cloud-based control systems remain in a highly encrypted, redundant and resilient form at all times other than in volatile memory (e.g., while in use). Device to device automated sensing and control is also considered and addressed by this focus. Data from industrial sensors requires validation in both the “root of trust” within the sensor/actuator itself to ensure that the data is being transmitted or received from a valid device as well as ensuring that the data has not been manipulated or altered or viewed while in transit.

Abstract: A system for granting access to an account at an access device includes a computer server having a hardware processor and a memory storing a software code. The hardware processor executes the software code to receive a login request from the access device through a first communications socket, open a second communications socket between the access device and the computer server, transmit a verification request message including a required call-to-action to a verification device through a third communications socket, and receive a verification response message verifying that the required call-to-action has been completed at the verification device. Upon receiving the verification response message, the software code sends an access token for accessing the account to the access device through the second communications socket, receives the access token from the access device, and grants the access device access to the account.

Abstract: A computer-implemented method for generating a first set of longest common sequences from a plurality of known malicious webpages, the first set of longest common sequences representing input data from which a human generates a set of regular expressions for detecting phishing webpages. There is included obtaining HTML source strings from the plurality of known malicious webpages and transforming the HTML source strings to reduce the number of at least one of stop words and repeated tags, thereby obtaining a set of transformed source strings. There is further included performing string alignment on the set of transformed source strings, thereby obtaining at least a scoring matrix. There is additionally included obtaining a second set of longest common sequences responsive to the performing the string alignment. There is further included filtering the second set of longest common sequences, thereby obtaining the first set of longest common sequences.

Abstract: Embodiments of the present invention provide a system for authenticating and tracking resource distributions of secondary users. The system is configured for receiving a registration request from a primary user, wherein the registration request is associated with registration of one or more secondary users, in response to receiving the request, generating user credentials for each of the one or more secondary users, associating the user credentials with a primary user identification of the primary user, receiving a resource distribution request from a secondary user of the one or more secondary users, authenticating the secondary user, and processing the resource distribution request based on authenticating the secondary user.

Abstract: A computing support system is configured to programmatically manage support access to a computing system via a support technician console across multiple levels of support access. The system receives a request to authenticate a user requesting support for the computing system, issues one or more authentication challenges to the user to authenticate the identity of the user, receives one or more corresponding authentication challenge responses from the user based on the authentication challenge, and verifies a level of authentication based on the authentication challenge response, the level of authentication being selected from multiple levels of authentication. The system also determines a level of support access to the computing system based on the verified level of authentication and the identity of the user and programmatically enforces limits on the support access to the computing system via the support technician console based on the determined level of support access.

Abstract: The technology disclosed relates to streamlined analysis of security posture of a cloud environment. In particular, the disclosed technology relates to a system that analyzes data posture in a cloud environment database using a snapshot of the database. A computer-implemented method includes receiving a request to access a database in the cloud environment, wherein the database includes a first authentication requirement. The method includes identifying a snapshot of the database, wherein the snapshot includes a second authentication requirement that is different than the first authentication requirement. The method includes accessing the snapshot using the second authentication requirement, generating a representation of the database using the snapshot, and generating a data posture analysis result indicative of a data posture of the database based on scanning the representation of the database.

Abstract: A system is described for authenticating a user on a client device using the user's mobile device and utilizing the audio channel. An authentication server receives a request from the client to initiate a session for the user, creates the session, and sends a session token back to the client along with a request for authentication. The client broadcasts an audio transmission containing the token to the mobile device over an audio channel using data-over-sound transmission. The mobile device receives the transmission via a microphone, obtains the token and the server identity from the transmission, and sends user credentials that are stored on the mobile device along with the token identifying the session directly to the authentication server. The server verifies the received credentials, confirms the token, and logs the user into the session.

Abstract: A vehicle includes: a plurality of seats; an authentication executing processor configured to perform authentication on a user; and a controller configured to provide a connected car service based on whether the authentication is completed, wherein the controller controls the authentication executing processor to distinguish a seat on which the user sits and to perform the authentication based on the distinguished seat.

Abstract: A technique includes providing a security monitor to at least detect a penetration attack on a circuit assembly that contains the security monitor. The technique includes inhibiting success of the penetration attack, including flexibly mounting the security monitor to the circuit assembly to allow the security monitor to move in response to the security monitor being contacted during the penetration attack.

Abstract: An approach to allow cloud-based positioning systems to use their own identity provider. An extra field is included in a token that is used to look up the identity provider for token verification for each user. Each access claim of the access token is checked for invalidity. If no invalid claims are found, accepting the authorization request. If an invalid claim is found, rejecting the authorization request.

Abstract: A device for a secure data connection of at least one manufacturing machine (104) has an information-processing system (114), which is subdivided into individual zones (108, 110, 112) interconnected by data diodes (120) such that data originating from the machine control (118) of the manufacturing machine (104) in a data flow can be transferred to other zones (108, 110, 112) without the possibility of a data return flow. The individual zones (110, 112) are ordered hierarchically. Each individual zone has a lower level of data security than the upstream individual zone (108, 110) in relation to the data flow. Every individual zone (108, 110, 112) is formed as an independent computer in the manner of an isolated application. In addition, a manufacturing machine and a production plant includes the device for secure data connection.

Abstract: A computer stores, within a single user account, multiple supervised computing resources and multiple additional computing resources. The multiple supervised computing resources are associated with a security policy. The computer executes a first instance of a specified application that lacks read access and lacks write access to any and all of the multiple supervised computing resources. The computer executes, simultaneously with the first instance, a second instance of the specified application that accesses at least a portion of the multiple supervised computing resources. The computer applies rules from the security policy to the second instance of the specified application while foregoing applying the rules from the security policy to the first instance of the specified application.

Abstract: Systems and methods for authenticating a user to access a public terminal are described. Disclosed embodiments may include reading, using the physical credential reader, a user identifier from the physical credential device. Disclosed embodiments may also include transmitting the public terminal identifier and the user identifier to a secure server. Further, disclosed embodiments may include receiving, after completing the transmission, a unique code from the secure server. Disclose embodiments may additionally include displaying the unique code on the display device. Disclosed embodiments may include receiving, after displaying the unique code, an authentication message from the secure server. Disclosed embodiments may further include, responsive to receiving the authentication message, authorizing the user to use a terminal command at the public terminal.

Abstract: The present disclosure generally relates to Blockchain-based systems configured to process access rights to resources in a computationally efficient manner. Certain embodiments of the present disclosure generally relate to systems and methods that generate distributed applications to represent digital access rights to resources. Additionally, certain embodiments of the present disclosure generally relate to systems and methods that enhance the processing of assigning access rights using a Blockchain-based system using metadata.

Abstract: The present invention relates to data rights management and more particularly to a secured system and methodology and production system and methodology related thereto and to apparatus and methodology for production side systems and are consumer side systems for securely utilizing protected electronic data files of content (protected content), and further relates to controlled distribution, and regulating usage of the respective content on a recipient device (computing system) to be limited strictly to defined permitted uses, in accordance with usage rights (associated with the respective content to control usage of that respective content), on specifically restricted to a specific one particular recipient device (for a plurality of specific particular recipient devices), or usage on some or any authorized recipient device without restriction to any one in specific, to control use of the respective content as an application software program, exporting, modifying, executing as an application program, viewing,

Abstract: An authorization policy defines permissions that are exposed by a microservice. When a call is made to the microservice, it includes an access token. An application identifier uniquely identifying the calling application is extracted from the token. An access pattern, used by the calling application to obtain the access token and make the call to the microservice, is identified. Permissions that may be granted to the calling application are identified in the authorization policy based upon the application identifier and the access pattern that is identified. An authorization decision is made as to whether to authorize the call, based upon the granted permissions.

Abstract: The invention introduces an apparatus for encrypting and decrypting user data, including a memory, a bypass-flag writing circuit and a flash interface controller. The bypass-flag writing circuit writes a bypass flag in a remaining bit of space of the memory that is originally allocated for storing an End-to-End Data Path Protection (E2E DPP), where the bypass flag indicates whether user data has been encrypted. The flash interface controller reads the user data, the E2E DPP and the bypass flag from the memory and programs the user data, the E2E DPP and the bypass flag into the flash device.

Abstract: An exemplary access control system controls access to a computing system such as a data storage system. For example, the exemplary access control system includes a cloud storage platform that authorizes a user to access the cloud storage platform. After access to the cloud storage platform is authorized, the cloud storage platform receives, from the user, a request to access, through the cloud storage platform, an application executing on a remote storage device. The cloud storage platform obtains an access token in response to receiving the request from the user. The cloud storage platform transmits the access token to the storage device for use by the storage device to validate the user and grant the user access, through the cloud storage platform, to the application executing on the storage device.

Abstract: Techniques are disclosed relating to authentication token refresh. In various embodiments, a first of a plurality of instances of an application executing on the server system receives a request to provide content to a browser of a client device. The first application instance determines that an authentication token useable to provide the content has expired. The authentication token is maintained in a storage accessible to the plurality of application instances. The first application instance sends a refresh request for the authentication token to an authentication service. In response to the authentication service denying the refresh request, the first application instance waits for a particular period of time before checking the storage to determine whether another instance of the plurality of instances of the application has refreshed the authentication token.