Abstract: Embodiments of systems and methods for platform framework authentication are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: receive, via an authentication provider registered with a platform framework via an Application Programming Interface (API), an authentication credential; and send the authentication credential to a plurality of applications registered with the platform framework.

Abstract: The present invention discloses a method, a system and a computer-readable medium so that a user, by using a mobile device containing an interface, can perform the signature of documents by a digital handwritten signature, this signature states that full legal value and documentation can be signed from Fin Tech companies, banks, insurers, customs and foreign trade agencies, marketers, lessors, and companies with legal certainty needs in mobile and virtual environments, where the mobile device through the interface notifies at least one user that they have a document to sign, document signature processing is performed by verifying the identity of the user by an identification document, and finally processes the signature and verifies the user's identity to the check, by facial biometry, a photo obtained by the mobile device with the photograph of the user identification document.

Abstract: A method, apparatus and computer program product to defend learning models that are vulnerable to adversarial example attack. It is assumed that data (a “dataset”) is available in multiple modalities (e.g., text and images, audio and images in video, etc.). The defense approach herein is premised on the recognition that the correlations between the different modalities for the same entity can be exploited to defend against such attacks, as it is not realistic for an adversary to attack multiple modalities. To this end, according to this technique, adversarial samples are identified and rejected if the features from one (the attacked) modality are determined to be sufficiently far away from those of another un-attacked modality for the same entity. In other words, the approach herein leverages the consistency between multiple modalities in the data to defend against adversarial attacks on one modality.

Abstract: An asynchronous system for managing medical file protection and distribution. The system controls the distribution of sensitive patient records between different healthcare entities. The system includes a registration process for the healthcare institutions which creates a secure gateway between the system and the healthcare institution. Once registered, the system creates a content queue on the server for content designated to be sent to the institution. The client device of the healthcare institution will poll the queue and download the medical file content as it becomes available.

Abstract: A trust rule between a first service and a second service in a plurality of services deployed in a distributed system is received; the trust rule defines whether the first service is allowed to access the second service. A trust tree is obtained for the distributed system, and the trust tree comprises a plurality of certificates for accessing the plurality of services. A first group of certificates is selected for the first service based on the trust rule and the trust tree, and the first group of certificates enables the first service to access the second service.

Abstract: Disclosed is a system and method for providing secure access control to an electronic network or device. By limiting the ability of a single administrator to act unilaterally without the agreement and/or notification of further system administrators, the data integrity and security of stored data, such as email accounts, may be enhanced and risk of compromise ameliorated. By permitting multiple administrators acting in a concert of action to access stored data, such as without notification of the email account holder, potential misconduct by email account holders may be audited.

Abstract: Various embodiments include network computing devices and methods for managing Domain Name Service (DNS) over Hypertext Transfer Protocol Secure (DoH). A processor of a network computing device may receive from a client computing device a DoH request comprising a public certificate associated with a client identifier. The processor may generate a fingerprint of the public certificate. The processor may obtain a client-specific DoH policy based on an association between the fingerprint of the public certificate and the client-specific DoH policy. The processor may apply the DoH policy to the DoH request to formulate a response to the DoH request.

Abstract: Arrangements for controlling access to a protected entity include receiving a redirected client request to access the protected entity that includes a public key of the client; granting, in response to the received redirected request, access tokens of a first type to a client using the public key of the client; identifying a conversion transaction identifying a request to convert the first type of access tokens with access tokens of a second type, the transaction designating the protected entity; determining a conversion value for converting the first-type access tokens into second-type access tokens based on at least one access parameter; converting, using the conversion value, a first sum of the first-type access tokens into a second sum of second-type access tokens; and granting the client access to the protected entity when the sum of second-type of access tokens is received as a payment from the protected entity.

Abstract: A router includes processing circuitry configured to send a request to a web server to access a website hosted by the web server. Additionally, the processing circuitry is configured identify a pathway between a client device and the web server as well as determine whether the pathway is encrypted or unencrypted. In response to determining that the pathway is unencrypted, the processing circuitry is configured to determine whether an alternative pathway between the client device and the web server via a web host of the web server is available and, in response to determining that the alternative pathway is available, cause the alternative pathway to be established in lieu of the pathway.

Abstract: A solution is proposed for reviewing a control of access in an information technology system. A corresponding method comprises retrieving an indication of granted accesses to objects, being granted to subjects according to policies based on attributes. Virtual roles (each defined by one or more of the attributes) are determined according to a correlation among access types of the granted accesses and the attributes of the subjects being granted them. A computer program and a computer program product for performing the method are also proposed. Moreover, a system for implementing the method is proposed.

Abstract: An encryption key management method includes: receiving a data registration request from a supplier terminal, determining a data identifier associated with the content data, encrypting a master key with a public key of the supplier terminal, and providing the supplier terminal with the master key encrypted with the public key of the supplier terminal, the data identifier, and a key update count value; receiving a subscription application related to the data identifier from a first subscriber terminal, encrypting the master key with a public key of the first subscriber terminal, and providing the first subscriber terminal with the master key encrypted with the public key of the first subscriber terminal and the key update count value; receiving encrypted content data encrypted with the symmetric key and a hash for the content data from the supplier terminal; and transmitting the encrypted content data and the hash to the first subscriber terminal.

Abstract: One embodiment provides a method, including: receiving, from a user at a collaboration platform, a request to perform a computation; generating a workflow comprising a sequence of steps for performing the computation; identifying potential data sources comprising the type of data and able to assist in performing at least one of the sequence of steps of the workflow; selecting computation data sources that collaborate to perform the computation, wherein the selecting is performed dynamically and based upon characteristics of a network created by the collaboration platform and between the computation data sources; and facilitating performance of the computation by the computation data sources using data of the computation data sources, wherein during performance of the computation the computation data sources collaborate within the network to perform the workflow while maintaining individual privacy of the data of the computation data sources and providing proof verifying a trustworthiness of the computation.

Abstract: A system and apparatus for enhancing the functionality and utility of an authentication process for web applications is disclosed.

Abstract: Embodiments as disclosed provide systems and methods that use a local authenticator within a domain to provide a credential to access a resource of the domain to a non-local requestor. When a request is received from a non-local requestor at the domain the non-local requestor can be authenticated based on the request. The local authenticator can then be accessed to obtain a credential. This credential may be the same type of credential provided to members of the domain when they authenticate using the local authenticator. The credential is provided to the non-local requestor so the non-local requestor can access the resource of the domain using the credential and authentication of the non-local requestor with respect to these accesses can be accomplished using the local domain authenticator and the credential.

Abstract: Improved computer-implemented methods for evidencing the existence of a digital document, anonymously evidencing the existence of a digital document, database management for systems for evidencing the existence of a digital document, and verifying the data integrity of a digital document provide increased reliability, security and enhance trust from users and third parties.

Abstract: In one embodiment, a traffic inspection service executed by an intermediary device obtains, from a monitoring agent executed by an endpoint device, keying information for an encrypted traffic session between the endpoint device and a remote entity. The traffic inspection service provides a notification to the monitoring agent that acknowledges receipt of the keying information. The traffic inspection service uses the keying information to decrypt encrypted traffic from the encrypted traffic session. The traffic inspection service applies a policy to the encrypted traffic session between the endpoint device and the remote entity, based on the decrypted traffic from the session.

Abstract: Device scanning aspects are described. In certain aspects, the method includes configuring a port forwarding policy on a first device based on a network session information, performing a scan of a second device based on a port forwarding policy.

Abstract: A method for dynamic immutable security personalization for enterprise products. Specifically, the disclosed method describes how a computer processor (e.g., baseboard management controller) of an enterprise product can personalize security requirements in trusted facilities, along the supply chain route of the enterprise product, so that trusted assumptions concerning the enterprise product can be made. Further, through dynamic immutable security personalization, these trusted assumptions are allowed to change over time (e.g., from being less restrictive to more restrictive) as changing enterprise product configuration states are captured while the enterprise product traverses the supply chain route.

Abstract: Disclosed are a method and device for determining a security algorithm, and a computer storage medium. The method comprises: a first base station configures an RAN notification area for a terminal, wherein all base stations in the RAN notification area at least support a first security algorithm; the first base station configures the terminal for the first security algorithm.

Abstract: Various embodiments of the present technology generally relate to authentication. More specifically, some embodiments relate to systems and methods for mobile application infrastructure and framework for application authentication. Currently, methods and systems for authentication are not flexible or dynamic and over-authentication has become a solution because it is cheap and easy. In contrast, in accordance with some embodiments of this application, the methods and systems can analyze authentication challenges and non-authentication challenges received from a server over a network in a client side infrastructure. The client side infrastructure can determine a customized, flexible, and dynamic plan for responding to authentication challenges in manner that avoids over-authentication on the client side.