Abstract: Described is a system for maintaining dual-party authentication requirements for data retention compliance in systems with remote access components. When administering a data retention policy, an operating system component may require a dual-party authentication mechanism to prevent data deletion, while a different authentication mechanism may control access to the remote access controller. Access to the remote access controller by a single privileged user, however, may enable overriding or compromising the retention lock compliance implemented by the operating system. Accordingly, the system may tie the dual-party authentication requirement to the remote access controller authentication mechanism.

Abstract: A method for controlling third-party access of a protected resource is disclosed.

Abstract: The present disclosure includes apparatuses, methods, and systems for securing sensor communication. An embodiment includes a memory having instructions executable by the processing resource, and a sensor coupled to the processing resource and the memory. Wherein, the sensor is configured to collect sensor data and generate and provide a sensor public key, a sensor public identification, and a sensor identification certificate to a sensor fusion unit.

Abstract: A fraud prevention system that includes a server. The server is operable to receive a first attribute of a client device from the client device and associated with a first transaction, receive a second attribute of the client device from the client device and associated with the first transaction, receive a third attribute related to the client device and associated with the first transaction, and generate a persistent device identification (“PDI”) record including the first attribute, the second attribute, and the third attribute, store the PDI record in a memory, receive the third attribute related to the client device and associated with a second transaction, and identify the client device using the PDI record based on the third attribute without receiving, in association with the second transaction, the first attribute of the client device and the second attribute of the client device.

Abstract: Systems and techniques are disclosed for trust based access to records via encrypted protocol communications with an authentication system. An example system is configured to authorize and provide selective and secured access to sensitive medical information according to one or more trusted relationships. The system is configured to receive a request for access to a patient's health record from an outside entity. Authentication information associated with the outside entity is determined. Whether the outside entity is authorized to access the requested data is determined. The determination is based on existence of a trust relationship being established between the outside entity and the patient, the trust relationship established by an action of the patient or a patient's representative. Access to the patient's health record is enabled based on a positive determination.

Abstract: The present disclosure includes apparatuses, methods, and systems for validating an electronic control unit of a vehicle. An embodiment includes a memory, and circuitry configured to generate a run-time cryptographic hash based on an identification (ID) number of an electronic control unit of a vehicle and compare the run-time cryptographic hash with a cryptographic hash stored in a portion of the memory.

Abstract: Protocol-agnostic configuration of an identity claim policy that is to be implemented in one or more applications according to one of multiple identity authentication protocols and verification of the protocol-agnostic claims configuration. First, one or more protocol-agnostic identity claim policies are generated and applied to one or more applications. Each of the one or more applications implement one of the multiple identity authentication protocols. For each of the one or more applications, the implemented identity authentication policy is determined. Based on the determined identity authentication protocol, one or more identity claims of the corresponding application that corresponds to the at least one identity claim policy is then construed.

Abstract: A system and process for applying access groups for controlling data access, by a processor device. The process receives from a user a request to access data associated with a person from a file system, whereby the request invokes at least one software method. Next method interception is performed by matching the at least one software method. Group membership of the user and at least one group membership of the person is accessed. Determining if each of the following conditions of i) the user is a member of a specific group and ii) the specific group contains the person are verified. In response to the conditions being verified, the process sends the data to a user device to display to the user, otherwise denying the request to access data. Each group can have one or more criteria, which add patients to that group based on the conditions of those criteria.

Abstract: A secure access method performed by an authentication server includes receiving a first message from a non-3GPP access device. The method also includes performing fast re-authentication with the terminal when determining that fast re-authentication is allowed. The method further includes sending a second message to a home subscriber server. The second message carries a registration type identifier, an identifier of the terminal, and an address of the authentication server. The registration type identifier is used to indicate that current secure access of the terminal is secure access using a fast re-authentication procedure. The method additionally includes receiving a registration success indication from the home subscriber server. The method also includes sending an access success indication to the terminal based on the registration success indication.

Abstract: A processor-implemented method for improving computer identification comprising transmitting a browser fingerprinting test to one or more computing devices and receiving test data from the one more computing devices that includes at least an elapsed processing time and a hash code. The method includes determining an average elapsed processing time and determining a uniqueness level for the browser fingerprinting test by comparing the hash codes for each computing device with one another.

Abstract: Methods and systems are provided for blockchain-based credential vault system (CVS). In one novel aspect, the CVS identifies a set of credential of a trustor, verifies each credential, and stores the verified credentials to a CVS blockchain database such that the authorized beneficiary can obtain the trustor credentials from the CVS. In one embodiment, the CVS authenticates a trustor request from a trustor, wherein a trustor record in the CVS is uniquely identified by a trustor identification in a blockchain-based database of the CVS, processes submission from the authenticated trustor to generate a set of canonical credentials using a recurrent neural network (RNN) model, performs credential verification for each generated canonical credential in the authenticated trustor submission, and appends each verified canonical credential to the trustor record in the blockchain-based database of the CVS.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for data storage. One of the methods includes: receiving data for storage from a service platform, wherein the data includes mutable data, immutable data, and index data identified by the service platform; storing the mutable data in a cache storage, wherein the mutable data is to be executed by a smart contract; initiating, a consensus algorithm to record the immutable data on a blockchain; in response to successfully performing the consensus algorithm, recording, based on invoking the smart contract, the immutable data on the blockchain, wherein the blockchain is stored in a database that has lower storage cost than the cache storage; and linking, based on invoking the smart contract, the mutable data and the immutable data based on the index data.

Abstract: A blockchain consensus method includes receiving, by a second consensus node of a blockchain, a consensus proposal initiated by a first consensus node of the blockchain, wherein the consensus proposal comprises a first proposal digest, and the first proposal digest is based on a transaction set that needs to be proposed and a first newest block hash maintained by the first consensus node; generating, by the second consensus node of the blockchain in response to the consensus proposal, a second proposal digest based on a second newest block hash maintained by the second consensus node and the transaction set; determining, by the second consensus node, whether the first proposal digest matches the second proposal digest.

Abstract: The present disclosure relates to a method for user administration of a field device of process automation technology, comprising the steps of connecting a transport medium, such as a smartphone, to a user database, synchronizing user data from the user database with the transport medium, and connecting the transport medium to the field device. The method also includes transmitting the user data from the transport medium to the field device, checking of the user data by the field device, and granting access to the field device on the basis of verified valid user data.

Abstract: Cloud service security management in cloud computer environment uses a first computer cloud entity with first security capabilities and under security management coordinated by a first security management service point in compliance with predefined first security requirements. Security management of a second computer cloud entity is coordinated by a second security management service point in compliance with predefined second security requirements. In the managing of the security of the cloud service in the cloud computer environment: a trusted relationship is established between the first and second security management service points, general security requirements for the cloud service are obtained; and a first security policy is defined for the first security management service point, based on the general security requirements for the cloud service, the first security capabilities and the first security requirements, for the running of the cloud service by the first computer cloud entity.

Abstract: Techniques for connecting computing devices to a network are described. For example, a network access device (NAD) connects to a first network that includes a first access point (AP). The NAD receives, from a computing device, first data identifying a second network to be established for the computing device and sends the first data to a server. The NAD receives back a first credential associated with access to the second network and sets up a second AP to the second network. The second AP is associated with the first credential. The NAD sends, to the computing device, second data indicating that access to the second network is available, generates a second credential associated with access to the first network via the first AP, and sends the second credential to the computing device via the second AP.

Abstract: Methods, systems, and apparatuses for detecting a presence of a malicious application are disclosed. In an example, a method includes determining a prediction for human user interaction with webpage content of a website by identifying webpage elements in the webpage content, where the webpage elements are for human user interaction, and determining at least one of spatial density of cursor movements or cursor velocity vectors relative to the webpage elements that are indicative of human user interaction with the webpage content. The method further includes using the prediction for human user interaction with the webpage content to determine if received webpage interaction information from a client device is indicative of a presence of a malicious application. The method provides an indication of the presence of the malicious application if the received interaction information is indicative of the presence of a malicious application.

Abstract: A lightweight, fast, and reliable authentication mechanism compatible with the 5G D2D ProSe standard mechanisms is provided. A distributed authentication with a delegation-based scheme avoids repeated access to the 5G core network key management functions. Hence, a legitimate user equipment device (e.g., a drone) is authorized by the cellular network (e.g., 5G cellular network) via offering a proxy signature to authenticate itself to other drones. Test results demonstrate that the protocol is lightweight and reliable.

Abstract: A resource server verifies a first token received from a client terminal, performs processing to provide a second token used to access a stream reception system in accordance with a verification result, and obtains data held by a stream reception system and to perform processing using the data, and the client terminal transmits a request for the second token to the resource server by using the first token, and transmits data to be held by the stream reception system by using the second token obtained as a response to the request, and the client terminal transmits the data by including the first token in the data when the data is to be transmitted, and the resource server specifies the client terminal based on the information associated with the first token included in the data.

Abstract: At an object storage service, one or more security rules to be implemented for a request directed to an unstructured object are identified, including a content query-based rule. The query-based rule indicates a query predicate and a security enforcement action. A value of an attribute is extracted from the unstructured object using a rule obtained via a programmatic interface, and used to verify that the predicate is satisfied. The security enforcement action is then implemented.