Abstract: A lightweight, fast, and reliable authentication mechanism compatible with the 5G D2D ProSe standard mechanisms is provided. A distributed authentication with a delegation-based scheme avoids repeated access to the 5G core network key management functions. Hence, a legitimate user equipment device (e.g., a drone) is authorized by the cellular network (e.g., 5G cellular network) via offering a proxy signature to authenticate itself to other drones. Test results demonstrate that the protocol is lightweight and reliable.

Abstract: A resource server verifies a first token received from a client terminal, performs processing to provide a second token used to access a stream reception system in accordance with a verification result, and obtains data held by a stream reception system and to perform processing using the data, and the client terminal transmits a request for the second token to the resource server by using the first token, and transmits data to be held by the stream reception system by using the second token obtained as a response to the request, and the client terminal transmits the data by including the first token in the data when the data is to be transmitted, and the resource server specifies the client terminal based on the information associated with the first token included in the data.

Abstract: At an object storage service, one or more security rules to be implemented for a request directed to an unstructured object are identified, including a content query-based rule. The query-based rule indicates a query predicate and a security enforcement action. A value of an attribute is extracted from the unstructured object using a rule obtained via a programmatic interface, and used to verify that the predicate is satisfied. The security enforcement action is then implemented.

Abstract: A method for validating a message recipient includes: storing, in a memory of a processing server, a device profile, wherein the device profile is related to a mobile computing device and includes at least a device identifier, and token validation data; receiving, by a receiver of the processing server, a data signal from an external system that is encoded with a message packet, wherein the message packet includes at least the device identifier, a device token, and a content message; validating, by a processing device of the processing server, the device token using at least the token validation data; and electronically transmitting, by a transmitter of the processing server, the content message to the mobile computing device.

Abstract: The technology disclosed describes a system. The system comprises a network security system interposed between clients and cloud applications. The network security system is configured to receive, during an application session, an incoming request from a client. The incoming request is directed towards a cloud application and includes an object identifier of an object. The network security system is further configured to analyze the incoming request and detect the object identifier. The network security system is further configured to configure a synthetic request with the object identifier and inject the synthetic request into the application session to transmit the synthetic request to the cloud application. The synthetic request is configured to retrieve object metadata about the object using the object identifier. The network security system is further configured to receive a response to the synthetic request from the cloud application. The response supplies the object metadata.

Abstract: Managing anonymous network connections. In one aspect managing anonymous network connections by providing anonymous authentication credentials to a plurality of devices in a hierarchical network, registering a first set of devices at a first data aggregator, determining that the first set of devices at the first aggregator numbers less than a first threshold value, registering the first set of devices with a second aggregator upstream in the hierarchy from the first aggregator, causing data from the first set of devices to be received at the second aggregator.

Abstract: A computing device may receive a request to establish a virtualized environment to support a session for a client device in communication with the computing device over a network. The computing device may instantiate the virtualized environment in a trusted execution environment of the computing device, wherein the trusted execution environment may include one or more hardware resources that isolate the virtualized environment from a rich execution environment associated with the computing device. The computing device may cause a hardware security module associated with the computing device to obtain one or more cryptographic keys by communicating with a secure element of the client device, and the computing device may secure communication between a local operating system executing on the client device and the virtualized environment instantiated in the trusted execution environment using the one or more cryptographic keys.

Abstract: Systems and methods for cloud-based file sharing, where templates are provided for creating workflow instances which enable the sharing of managed objects. Reusable workflow templates are stored in the repository of a cloud-based file sharing system as objects that define components of the workflow, or placeholders for these components. A user instantiates a workflow instance from one of the templates and configures the workflow instance to identify content objects or forms, tasks related to the content objects, and users assigned to perform the tasks. The workflow instance is stored as an object in the repository. Users assigned to tasks are authorized through the workflow instance to access the content objects or forms to perform the tasks.

Abstract: The invention relates to a computer-implemented system and method for automating the secure deployment of application identity manager (AIM) security agents to ensure integrity of identity assertion during the security sensitive agent installation process, while providing significant cost and time savings in the deployment process. The invention also relates to a command line interface (CLI) to representational state transfer (REST) web services proxy, which provides a standards-based REST web service that interfaces with a Microsoft .NET MVC framework to enable cross platform automation and integration with vault management functions. The invention also relates to a multi-vault management platform comprising a graphical user interface-based portal to manage vault functions across a number of vaults with advanced error handling and process integration.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for performing a map iteration by a network node of a blockchain network. One of the methods includes receiving a request to obtain a number of keys included in a map by the network node, the map storing a number of key-value pairs that include the number of keys and a number of values corresponding to the number of keys. The network node maintains data representing a forest that stores the number of keys that are stored in the map. The forest includes a number of trees, each tree includes up to a respective number of storage nodes, and each storage node stores a subset of the number of keys. The network node traverses the forest to retrieve the number of keys stored in the forest, and return the number of keys.

Abstract: In some embodiments, a method can include identifying detection coverage of a set of adversarial techniques based on telemetry data and a detection instance of an environment. The method can further include determining a subset of detection coverage that has a metric value below a metric value threshold and among the detection coverage for the set of adversarial techniques. The method may further include identifying at least one detection instance associated with the subset of detection coverage. The method can further include presenting, via a graphical user interface, a representation of at least one of the subset of detection coverage or the at least one detection instance associated with the subset of detection coverage. The method can further include updating the subset of detection coverage based on the telemetry data, the detection instance, or the at least one detection instance to improve the metric value.

Abstract: An authentication/authorization tool authenticates entity data received from an official third party and authorizes the distribution of the authenticated data based on an authorization token provided by a mobile device of the entity. The tool determines, based on the entity data and an entity preferences database, different portions of the entity data that are of different data types and data repositories that are authorized to receive each data type. The tool receives an authorization token from a mobile device of the entity and uses the authorization token to determine whether data distribution is authorized. Responsive to determining, based on the data authorization token, that distribution of the data is authorized, the tool automatically transmits the data portions to the entity's data repositories to update information stored therein, according to preferences of the entity.

Abstract: A system and method for validating an entity and sending secret shared public key for securely communicating data that may include providing first and second entities with an identical sequence of bits; encrypting data, by the first entity, using bits in a first portion of the identical sequence as an encryption key, to produce encrypted data; XORing the encrypted data based on bits in a second portion of the sequence to produce encrypted and XORed data; sending the encrypted and XORed data to the second entity; and using the sequence of bits, by the second entity, to un-XOR and decrypt the encrypted and XORed data.

Abstract: In one embodiment, an apparatus comprises an antenna to receive one or more radio signals, wherein the antenna is associated with a proximity-based access portal. The apparatus further comprises a processor to: detect, based on the one or more radio signals, an access request from a first device, wherein the access request comprises a request to access the proximity-based access portal using an access token associated with an authorized device; determine, based on the one or more radio signals, that the first device is within a particular proximity of the proximity-based access portal; obtain a first motion history associated with movement detected near the proximity-based access portal; obtain a second motion history associated with movement detected by the authorized device; and determine, based on the first motion history and the second motion history, whether the movement detected near the proximity-based access portal matches the movement detected by the authorized device.

Abstract: A method includes identifying a first validation parameter of a first network node and a second validation parameter of a second network node. The method includes creating an authentication node based on the first and second validation parameters. The method also includes receiving a request to access a microservice that utilizes the first network node and the second network node. The authentication node analyzes the request to make a validation determination indicative of whether the request satisfies the first and second validation parameters and controls access to the microservice based on the validation determination.

Abstract: The disclosure provides an approach for authenticating the contents of a control message sent between data centers. The data centers are located in a computing system comprising multiple data centers. The computing system has a controller, and each data center has a local controller. The message contents comprise a tree of data objects. The tree is converted to a hash tree, and the root hash of the hash tree is stored on a distributed blockchain. Storage on the distributed blockchain ensures that the root hash is not tampered with by an attacker. The receiver of the message then authenticates that the hash tree has not been modified by comparing various hash values, as described herein.

Abstract: The present disclosure relates to a method for ensuring the authenticity of a field device. The method includes a step of assigning a unique authentic identification feature to the field device or providing the field device with a unique authentic identification feature. The method also includes steps of transmitting ACTUAL identification data to a participant node which transmits the ACTUAL identification data to the other participant nodes in a transaction, validating the transaction by the participant nodes, and creating a data block containing the transaction, wherein the data block is transmitted to each of the participant nodes. The method also includes verifying the data block by all participant nodes, storing the validated data block in the databases, comparing the ACTUAL identification data with corresponding TARGET identification data or original identification data from an authentication point, and generating a response containing the result of the comparison.

Abstract: An improved information processing apparatus, an authentication method and non-transitory recording medium are provided. The information processing apparatus authenticates a user based on first authentication information input by a user to generate an authentication result based on the first authentication information, receives an authentication request generated by first application software, authenticates the first application software based on second authentication information to generate an authentication result based on the second authentication information when the authentication request includes the second authentication information, acquires the authentication result of the user based on the first authentication information when the authentication request does not include the second authentication information, and executes processing based on one of the authentication result based on the first authentication information and the authentication result based on the second authentication information.

Abstract: Disclosed are an apparatus and method of verifying an application installation procedure. One example method of operation may include receiving an application at a computer device and initiating the installation of the application on the computer device. The method may also provide executing the application during the installation procedure and creating a hash value corresponding to the executed application data. The method may further provide storing the hash value in memory and comparing the hash value to a pre-stored hash value to determine whether to continue the installation of the application.

Abstract: A method of multi-factor authentication is performed by an access control device. In response to detecting a voice command, the access control device sends a query to a location server for a current location of a user equipment (UE) included in a list of trusted UEs. The access control device may then receive an indication of the current location from the location server and in response thereto, the access control device may determine whether the current location of the UE is within a threshold distance of the access control device. If so, the access control device may generate an access signal that indicates that a user associated with the UE is authorized to access a protected resource.