Abstract: To provision a client application on a client device, a user may be provided with a QR code, a one-time password, or a manual entry page for starting a credential provisioning process via a credential provisioning service provided by a credential provisioning server in a secure network. The client application may include information on trusted servers operating in the secure network. The credential provisioning server may operate to perform a sequence of actions to verify user credentials and determine, based on rules applicable to the user, the client device, or a combination thereof, whether the client application is to be provisioned on a client device. If so, the credential provisioning server may operate to generate a key pair, obtain a signed certificate, encrypt them, and send them to the client device such that the client application can use them to establish a mutual secure connection with a trusted server.

Abstract: A method and system for providing secure delivery, transport, modification, exchange of digital design and build files that have been bundled into a digital asset within a complex digital supply chain. The system also provides for quality standards when the digital asset is used to manufacture a physical part, and provides for secure feedback to stakeholders for the purpose of digital logistics, data analytics, or liability. The system includes, but is not limited to, manufacturing, licensing, modification and delegation policy, generating authorization certificates, authenticating manufacturing devices and provide qualitative and quantitative file consumption data.

Abstract: Approaches provide for securing an electronic environment. A threat analysis service can obtain data for devices, users, and threats from disparate sources and can correlate users to devices and threats to build an understanding of an electronic environment's operational, organizational, and security concerns in order to provide customized security strategies and remediations. Additionally, the threat analysis service can develop a model of an electronic environment's behavior by monitoring and analyzing various the data from the data sources. The model can be updated such that the threat analysis service can tailor its orchestration to complement existing operational processes.

Abstract: A plurality of clients including a platform (200) and at least one client (100) communicate with each other in accordance with a publish-subscribe model. A topic common key manager (260) of the platform (200) provides, to the client (100), a topic common key associated with a topic and being for encryption and decryption of a message directed to the topic. A message manager (270) transmits the message encrypted with the topic common key associated with the topic, and decrypts a received message with the topic common key associated with the topic. A topic common key storage (150) of the client (100) stores the topic common key provided from the platform (200) in association with identification information of the topic. A message manager (170) transmits the message encrypted with the topic common key, and decrypts a received message with the topic common key.

Abstract: Methods for applying hop-by-hop security in IAB networks. Integrity protection is applied at a layer below the IP layer for each link in a transmission route. Integrity is verified at the receiving node of each link of a route through an IAB network and if that verification fails the received traffic is discarded.

Abstract: Groups of devices may be prevented from accessing content by encrypting the content. A plurality of secrets associated with a decryption key may be generated using a secret sharing algorithm. The plurality of secrets may be sent to one or more groups of devices to derive the decryption key. A non-restricted subset of the groups of devices may receive one or more secrets. Devices within the non-restricted subset of the groups may be able to use one or more secrets to determine the decryption key for the content. Groups that do not receive one or more secrets may be unable to determine the decryption key for the content.

Abstract: Systems and methods for using micro accelerations as a biometric factor for multi-factor authentication, the method including receiving, filtering, and determining an identifying pattern from micro acceleration data representative of the user, storing the identifying pattern for later use in authenticating the identity of the user, and using the identifying pattern as one factor in a multi factor authentication.

Abstract: Methods, systems, and devices for secure endpoint authentication credential control are described. An endpoint agent may receive an indication from an operating system of an endpoint device that the operating has received authentication credentials from a user. The endpoint agent may be housed in the endpoint device, and may detect a change between the received set of authentication credentials and a previous version of authentication credentials. Based on this detection, the endpoint agent may transmit the received authentication credentials to a central server. The central server may transmit the authentication credentials to an information technology (IT) resource which requires user authentication prior to granting access to a user.

Abstract: A method including transmitting, by a device, encrypted content to an endpoint capable of managing access to the encrypted content; determining, by the device, a sharing link including a static portion and a dynamic portion, the static portion being associated with the endpoint and the dynamic portion including a unique identifier associated with the encrypted content; and transmitting, by the device, the dynamic portion of the sharing link to the endpoint to enable the endpoint to provide another device with access to the encrypted content. Various other aspects are contemplated.

Abstract: When a user attempts to access a first application installed on a user device, it can send an authentication request to an authentication server. The authentication server can assign a unique request token to the request and load a script to a component of the operating system executing on the user device that displays content within the first application. The script can cause a portal application to launch on the user device. The portal application can send a request to the authentication server on behalf of the user, including the unique request token and an access token stored by, or accessible to, the portal application. The authentication server can receive the request from the portal application and validate the request based on the unique request token and the access token. Upon validating the request, the authentication server can authenticate the user at the first application.

Abstract: A system for one-click two-factor includes a processor and a non-transitory, tangible, computer-readable storage medium having instructions stored thereon that, in response to execution by the processor, cause the processor to perform operations including: (i) receiving an access request from a user, the access request including a first authentication factor; (ii) generating a second authentication factor and a hyperlink that includes the second authentication factor; (iii) providing the hyperlink that includes the second authentication factor to a client device associated with the user; (iv) automatically receiving the second authentication factor in response to selection of the hyperlink by the user; and (v) verifying the first authentication factor and the second authentication factor to authenticate the identity of the user.

Abstract: The present disclosure relates a communication method and system for converging a 5th-Generation (5G) communication system for supporting higher data rates beyond a 4th-Generation (4G) system with a technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services.

Abstract: Aspects of the present disclosure relate to computer system security. A machine accesses a set of records corresponding to a set of users having access to a computer system. The machine stores, for each user in the set of users, a baseline profile representing baseline activity of the user with respect to a set of data sources of the computer system. The machine monitors activity of the set of users with respect to the set of data sources. The machine determines, based on monitoring the activity of the set of users, that a user action of a specified user, with respect to one or more data sources from the set of data sources, is anomalous relative to the baseline profile of the specified user. The machine provides a digital transmission representing the anomalous user action.

Abstract: The present invention relates a method, the method comprising: based on a data element (50), generating M data element shares (52), wherein M is an integer greater than 1; providing each of M encryption keys (42) to a first data processing unit (10); the first data processing unit (10) encrypting each of the M data element shares (52) with an encryption key (42), respectively, and thus generating M encrypted data element shares (55), wherein each of the encryption keys (42) corresponds to a decryption key (45), respectively. The present invention also relates to a determining method to determine the data element. The present invention also relates to corresponding computer programs, data processing units and systems.

Abstract: A provisioning control apparatus is configured for coupling to a provisioning equipment server electrically connectable with an electronic device(s) for provisioning the electronic device(s) with a program code. The apparatus comprises: a communication interface configured to receive an electronic provisioning token including a provisioning counter indicating a total of transmissions of the program code towards the provisioning equipment server; and a processor configured to retrieve the provisioning counter from the received token. The interface can transmit the program code towards server; the processor can update a value of the counter for each transmission of the program code towards the server for an updated counter. The processor prohibits transmission of the program code towards the server if the updated counter indicates a total number of transmissions has been reached.

Abstract: Systems and methods for performing cryptographic data processing operations in a manner resistant to external monitoring attacks. An example method may comprise: executing, by a processing device, a first data manipulation instruction, the first data manipulation instruction affecting a state of the processing device; executing a second data manipulation instruction, the second data manipulation instruction interacting with said internal state; and breaking a detectable interaction of the first data manipulation instruction and the second data manipulation instruction by executing a third data manipulation instruction utilizing an unpredictable data item.

Abstract: A device attempts to access a resource that requires a multi-factor authentication (MFA), and receives, from an MFA server device, a challenge form. The device performs natural language processing on the challenge form to determine a first location of an input for a security code and a second location of a verify button. The device provides, to an email server device, a request to access emails associated with a user of the device, and receives access to multiple emails associated with the user. The device processes the multiple emails to identify an MFA email in the multiple emails, and identifies a security code in the MFA email. The device provides the security code at the first location, and selects the verify button at the second location. The device provides the security code to the MFA server device, and receives information indicating whether the device is authenticated.

Abstract: Disclosed is a method for validating a digital request in which cooperating entities are able to use security processors loaded with an application for processing the request, each processor issuing, on request, a digital certificate of integrity; wherein said method includes: an application integrity verification process such that, based on the issued certificates, each entity ensures that each of the other entities implements an application identical to its own; a process by which entities create a common secret and thus form a group of Creative entities; and a process by which entities of the group of Creative entities designate the signatory entities, thus forming a group of cooperating signatory entities, so that, as such, the group has access to the common secret; in order for the request to be validated if and only if entities of the group of signatory entities implement the application by means of the common secret.

Abstract: A system and techniques are described herein for providing authentication. The technique includes registering user authentication data such as biometrics data with a communication device. The authentication data is linked to an account or service provider, and is used to verify the identity of the user when accessing the account. The communication device may obtain a public/private key pair, for which the pubic key may be stored on a secure remote server. When the user attempts to access the account or service provider, the user may provide the authentication data to authenticate the user to the communication device. Thereafter, the communication device may sign an authentication indicator using the private key and send the authentication indicator to the secure remote server. Upon verification of the signature using the public key, the secure remote server may grant access to the user, for example, by releasing a token.

Abstract: The invention is a security system providing domain name authentication for intrusion and malware prevention. The system is configured to analyze domain names, specifically analyze network metadata associated with said domain names, and further identify domain names attempting to impersonate or spoof domain names associated with a trusted entity or party.