Abstract: Disclosed are various embodiments for a multi-tenant authentication framework. In one embodiment, a particular user class to which a client device belongs is determined based at least in part on location-identifying information of the client device, and the client device is authenticated for access to a network resource using a particular authentication service corresponding to the particular user class.

Abstract: Systems, devices, and/or computer-implemented methods for secure offline data storage are provided herein. More particularly, a system is provided that permits access to a data storage device when offline from various components of the system. Furthermore, the disclosed system may permit the re-setting of authentication passwords/PINs for the data storage devices, even when such data storage devices are offline from other components of the system.

Abstract: A computing system may receive a request of the user for a first action of the user with an entity. In connection with granting the request of the user, the computing system may configure a token for use by the user and the entity such that (i) the entity is added as an approved entity, and (ii) the token is configured with a resource amount of the first action as a usage threshold of the token. The computing system may receive a request of the entity to use the token. The computing system may determine whether granting the request of the entity would cumulatively exceed the usage threshold of the token. Based on a determination that granting the request of the entity would not cumulatively exceed the resource usage of the token, the computing system may grant the request of the entity to use the token.

Abstract: A multi-tenant computer system implements a platform for providing data protection scopes to shared infrastructure services according to a nested tenant model that permits a hierarchy having a plurality of levels. The multi-tenant computer system provisions data protection scopes for cloud products, service products, cloud product tenants, service products operating in the context of cloud products, service products operating in the context of cloud product tenants, and combinations of the foregoing.

Abstract: Devices, methods, use user equipment (UE), core network devices, evolved node B (eNB), and storage media for UE provisioning are described. In one embodiment, processing circuitry of a mobility management entity (MME) decodes a non-access stratum (NAS) message comprising a detach request associated with a first user equipment (UE) and determines that the detach request is received from the UE without integrity protection. The MME then analyzes one or more additional criteria associated with the detach request in response to confirmation that the detach request message is received from the UE without the integrity protection, and manages an evolved packet system (EPS) mobility management (EMM) registration state for the first UE based on analysis of the one or more additional criteria. Various different criteria and associated EMM registration state management operations are described. Additional corresponding UE operations are also described.

Abstract: Systems and methods for authenticating a user via a customized image-based challenge are disclosed. In embodiments, a computer-implemented method comprises: receiving an access request from a user requesting access to content; generating a list of items recommended for the user based on computer-based user behavior data; selecting from the list of recommended items: a first set of items and a second set of items, wherein the first set of items are associated with a characteristic and the second set of items are not associated with the characteristic; generating an image-based challenge comprising a test question to be answered by the user and a plurality of selectable images including images of each of the first set of items and images of each of the second set of items; and providing the image-based challenge to a user computer device of the user.

Abstract: Techniques for providing hybrid access control in a cloud-services computing environment are provided. In one embodiment, a method for providing hybrid access control is provided at a host computing device. The method includes obtaining access control settings including at least a first user's role-based access settings with respect to a first sub-system of a hierarchical computing-resource system. The method further includes propagating the access control settings from the first sub-system to a second sub-system; obtaining user group domains assigned to a plurality of sub-systems; and obtaining a group membership associated with the first user. The method further includes determining, based on the obtained user group domains and the obtained group membership associated with the first user, whether the first user's role-based access settings propagated to the second sub-system are to be adjusted; and making adjustments accordingly.

Abstract: A system and method for participating in and operating a distributed computing pool are disclosed. Computing pools combine computational resources from a plurality of computing devices over a network by splitting jobs into smaller jobs and distributing those smaller jobs to the computing devices so that they can be solved in parallel with little or no overlap in the work performed. The computing devices attempt to find solutions to the smaller jobs. Solutions found are signed and submitted back to the pool. The pool uses the signature to confirm the true origin of the solution and that the solution has not been tampered with.

Abstract: A security configuration file is received from a first application, the security configuration file including information of an authority. The first application assigns the authority to a second application to enable the second application to trigger jobs at the first application, and the second application provides shared services to a plurality of applications including the first application. A query is received from the second application and in response the authority is sent to the second application. A request for a token is received from the second application, the request including the authority. A token including the authority is sent to the second application. The second application sends the token to the first application when the second application triggers jobs at the first application.

Abstract: Systems and methods detect a potential hacking attack by monitoring the number and timing of DELBA (Delete Block Acknowledgement) action frames. When the number and timing of the DELBA action frames correspond to an unauthorized access pattern, an unauthorized access is detected. The potential unauthorized access may be detected by an access point (AP) or by the AP and a backend system. When a potential unauthorized access is detected, the AP may remain in silent mode for a longer period of time and limit access to the network to only trusted devices. In addition, an alarm or other notification of the potential unauthorized access may be provided to a user or other designated contact.

Abstract: A method and a system for aggregating users' consents for use of automotive data by data services are provided herein. The method may include the following steps: obtaining, from a plurality of data sources, a plurality of automotive data records associated with connected vehicles having respective users; determining for each request for automotive data made by said data services, which of the data records require consent; aggregating consent data for each data records, responsive to an indication that the respective user have been authenticated by the data sources; and providing the data services with access to automotive data based on the aggregated consent data. The system may implement the aforementioned steps in a form of a server on a computer network.

Abstract: Methods are provided for minting and distributing quantities of cryptographically generated data based on the quality of received biological datasets. Computer readable media, computing apparatuses, and systems are also provided.

Abstract: The system and method disclosed performs entity authentication through identification proofing. A relying party such as a corporation or other type of entity having a secure website, computer network and secure facility working a risk engine can determine the authenticity, validation and verification during registration of a user entity. The identification proofing is integrated with a risk engine. The risk engine is capable of using bio-behavior based information which may be continuously monitored.

Abstract: System and method for secure time synchronization in an industrial facility, wherein a synchronization request of a facility component is transmitted to a registration service of a certificate management of the facility and the synchronization request is examined by the registration service, where the synchronization request includes a signature of the requesting facility component, and where depending on an outcome of the examination, a synchronization response is then transmitted to the requesting facility component a system time of the facility component is matched to a system time of the registration service based on the synchronization response.

Abstract: A relay device includes a communicator configured to transmit and receive a message to and from the communication device, and a processor configures to acquire a public key of a communication device that is a transmission source of the message from the node and authenticates a signature included in the message with the acquired public key, wherein the processor causes, when receiving a communication message including communication data to be transmitted to a second communication device by a first communication device, the processor to perform authentication on the communication message, and the communicator transmits the communication message to the second communication device when the authentication is successful.

Abstract: Migration of a pairing of wearable device to a new companion electronic device is disclosed. In one embodiment, pairing migration is performed by syncing and verifying a migration key in the wearable and new companion device. Pairing migration includes moving settings and pairing data of the wearable to the new companion device in response to detecting the wearable is associated with the migration key, wherein the migration key establishes a validation of trust of the wearable relative to the companion device. The settings and pairing data can include configuration and protected data and one or more keys to establish a trust relationship between the wearable and new companion device. The settings and pairing data can also include device data such that the wearable can be discoverable by the new companion device.

Abstract: A given policy file is obtained at a publishing node of a decentralized system of nodes, wherein the given policy file defines a policy that applies to at least a subset of nodes in the decentralized system of nodes. The given policy file is sent to a decentralized storage network for storage therein. Storage metadata is received from the decentralized storage network, wherein the storage metadata represents address information associated with storage of the given policy file in the decentralized storage network. The publishing node generates policy file retrieval metadata based on the storage metadata received from the decentralized storage system. The policy file retrieval metadata is sent to a blockchain network for storage therein. One or more querying nodes of the decentralized system of nodes access the blockchain network to obtain the policy file retrieval metadata in order to then retrieve the policy file from the decentralized storage network.

Abstract: A system includes a control module and a local server. The server is programmed to transmit a command to perform an operation to a plurality of vehicles including a vehicle including the control module. The command including a digital signature that is common across the vehicles. The control module is programmed to receive a temporary value; receive the command; decrypt the digital signature in the command with the temporary value; upon verifying the decrypted digital signature, perform the operation; and upon a metric incrementing to a threshold value, prevent decryption of the digital signature with the temporary value.

Abstract: A communication device includes circuitry configured to acquire a digital certificate including information associated with a first attribute from a first device coupled to any of a plurality of devices sharing a distributed ledger having recorded therein a correspondence between an attribute of user information included in the digital certificate and a definition of the attribute, receive a request for information associated with a second attribute from a second device coupled to any of the plurality of devices, acquire a first definition associated with the first attribute, and a second definition associated with the second attribute, from any of the plurality of devices, and transmit a digital certificate including information associated with the first attribute to the second device together with a message notifying that the first attribute and the second attribute have the same definition, when the first definition and the second definition match.

Abstract: A DNS server receives, from a client device, a DNS query for a resource record type at a domain name. The DNS server determines that the resource record type does not exist at the domain name and generates an answer that indicates that the queried resource record type does not exist at the domain name and also indicates that a plurality of other resource record types exist at the domain name regardless of whether those plurality of other resource record types actually exist at the domain name. The DNS server transmits the generated answer to the client device.