Abstract: A system and method for a credentials agent that automatically rotates and stores security credentials to be used at least in part to authenticate calling applications with a computing resource service provider. Upon determining that a first set of credentials are due to be rotated, the credentials agent may obtain a second set of credentials and store the second set of credentials in a data store. The credentials agent may give notice to a calling application that the first set of credentials is due to be rotated, whereupon the calling application may obtain the second set of credentials and be authenticated to access a resource of the computing resource service provider at least in part by providing the second set of credentials. The authorization system provides visualizations and alerts to administrators of unexpected states that may be caused by misconfigured applications or malicious users.

Abstract: An authentication method includes receiving a single electronic file of member data elements from multiple member data sources. The method can include extracting the member data elements from the single electronic file, populating an authentication database with the member data elements, and periodically receiving an update of the member data elements. The update can be used to refresh the authentication database. The method can include receiving non-member data elements from multiple non-member data sources, and updating the authentication database with the non-member data elements. The method can further include receiving a request for authentication for one or more queried data elements corresponding to a supplied identification data element. The method can include determining an authentication response for each of the queried data elements based on the authentication database.

Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for determining optimal fix locations for security vulnerabilities in computer-readable code. Implementations include actions of identifying data flows from respective sources to respective sinks in computer-executable code based on information associated with the computer-executable code, determining vulnerability information of the sources, the sinks, and the data flows based on information of vulnerable sources and sinks stored in a database, and providing a graph representation of the code for display, the graph representation depicting the data flows from the respective sources to the respective sinks with the vulnerability information.

Abstract: The present disclosure relates generally to tokenization of a co-network account. A co-network account, as used herein, refers to an account associated with a first transaction processing network for processing transactions initiated using the account and a second transaction processing network for processing transactions initiated using the account. During provisioning of a co-network account onto a user device, a first token is generated for use with the first transaction processing network and a second token is generated for use with the second transaction processing network. Embodiments use the authentication result generated during the provisioning of the first token for the provisioning of the second token. Embodiments automatically provision multiple payment tokens on the user device upon determining that the account is associated with more than one transaction processing networks (e.g. the account is a co-network account).

Abstract: A credential management system is described. The credential management system allows a user to identify peers and obtain additional information regarding the peers through the credential management system. The credential management system may perform user analytics and provide the requested additional information to the user. The credential management system may associate the discovered peers with a group or credential, and share information and data with one or more of the discovered peers associated with a particular group or credential in a convenient manner. The credential management system may also implement a hierarchical menu and/or conditions to determine which users of the credential management system may be able to view other users' information and to determine a type of information or data that is transmitted between users.

Abstract: A multi-node cluster is configured for credential management. A method commences by retrieving a super-user credential from a credential record stored in a location accessible to the cluster, then propagating the super-user credential to a set of nodes in the multi-node cluster. A credential creating processes is invoked on at least some of the set of nodes. Application-level credential access can be implemented in a multi-cluster environment by carrying-out an exchange that passes credentials between a first cluster and a second cluster over a secure channel. A protocol is observed whereby one or more applications running on the first cluster receive new credentials for accessing the second cluster from the credential serving process after the credential creating process creates the new credential.

Abstract: Disclosed herein is an apparatus and method for authenticating a process. According to the method for authenticating a process, a neighboring node transmits adjacent authentication data to an execution node, the execution node authenticates a process to be executed by comparing local authentication data with the adjacent authentication data, and the execution node executes the corresponding process.

Abstract: A technique is provided for extending a handshake communication between a communication device and an application server. The application server receives at least two messages from the communication device, each message comprising a handshake index and triggering a handshake session so that the application server negotiates with the communication device a set of cryptographic parameters. For each received message, the application server stores a negotiated set of cryptographic parameters in correspondence with a connection state index depending on the handshake index. The application server activates one of the stored sets of cryptographic parameters to establish a secured connection with the communication device.

Abstract: A system and method are described for performing asset and user tracking.

Abstract: A computing device may parse a file into a plurality of nodes. The computing device may associate, based on the parsing, at least a first encryption policy with a first node of the plurality of nodes. The computing device may associate, based on the parsing, at least a second encryption policy with a second node of the plurality of nodes. Data may be encrypted, based on the associating at least the first encryption policy with a first node, within at least the first node. Data may be encrypted, based on the associating at least a second encryption policy with a second node, within at least the second node.

Abstract: A system and method are described for provisioning an IoT device using an association ID code. For example, one embodiment of a method comprises: generating an association between a new Internet of Things (IoT) device identification (ID) code and an association ID code; storing the association in an IoT device database of an IoT service; retrieving the association ID code from the new IoT device; transmitting the association ID code to the IoT service, the IoT service performing a lookup in the IoT device database using the association ID code to determine the device ID code; and provisioning the IoT device to communicate with the IoT service using the device ID code.