Abstract: A system and a method are disclosed for context-based verification flows for digital identity verification. A context-based verification system provides flexible identification procedures for various enterprises that adapted to the enterprises' services, the enterprises' customers, and these customers' needs. For example, the context-based verification system determines a first and second verification flows associated with a first enterprise and a third verification flow associated with a second enterprise. These verification flows include context parameters and verification parameters. The context-based verification system determines context parameters of a request, or “request context parameters,” when a user requests to interact with the first enterprise and determines a verification flow associated with context parameters that substantially match these request context parameters.

Abstract: Systems and methods are provided herein for transitioning a supplicant from one virtual local area network (VLAN) to another using a change of authorization (COA) message. This may be accomplished by an authentication server notifying a network device that a host should be granted access to the network, wherein the authentication server authenticates the host using MAC based authentication. Based on this notification and the MAC address of the host, the network device assigns the host to a first VLAN. If the authentication server determines that the host needs to change from the first VLAN to a second VLAN the authentication server generates a COA message, associated with the host, wherein the COA message comprises a VLAN identifier related to the second VLAN. The authentication server transmits the COA message to the network device causing the network device to route traffic to and from the host using the second VLAN.

Abstract: Systems and methods for configuration vulnerability checking and remediation are provided. The systems provided herein identify risk based upon service indications of a particular configuration, such that automated risk analysis may be facilitated.

Abstract: Techniques for applying context-based security over interfaces in O-RAN environments in mobile networks are disclosed. In some embodiments, a system/process/computer program product for applying context-based security over interfaces in O-RAN environments in mobile networks includes monitoring network traffic on a mobile network at a security platform to identify a GTP-U tunnel session setup message associated with a new session; extracting a plurality of parameters from the GTP-U tunnel session setup message and from F1AP traffic to extract contextual information at the security platform; and enforcing a security policy at the security platform on the new session based on one or more of the plurality of parameters to apply context-based security to the network traffic transported between O-RAN Distributed Unit (O-DU) and O-RAN Centralized Unit Control Plane (O-CU-CP) nodes in an O-RAN environment in the mobile network.

Abstract: In some examples, a system is to receive, from a client device, a query comprising a representation of blockchain information of an entity associated with an electronic device that advertised the representation. The system is to further determine whether a client entity associated with the client device has a privilege to access response information that is responsive to the query, and in response to determining that the client entity has the privilege to access the response information, send, to a blockchain network, a request containing the blockchain information to obtain the response information.

Abstract: Various embodiments relate generally to computer science, data science, application architecture, and computer data security. More specifically, techniques for credential and authentication management in scalable data networks is described, including, but not limited to, multiplexed data exchanges in a scalable data network. For example, a method may include receiving a subset of requests to access a data network. The requests each may originate from an associated computing device having a source identifier. The method also may include data to cause modification of data representing presentation of a hosted page via the data network, monitoring data traffic from the data network and managing actions initiated via a request based on the data traffic. Optionally, data traffic received via an aggregation port may be filtered to origination of a request associated with a source identifier.

Abstract: Cloud delivered access may be provided. A network device may provide a client device with a pre-authentication virtual network and a pre-authentication address. Next, a policy may be received in response to the client device authenticating. The client device may then be moved to a post-authentication virtual network based on the policy. A post-authentication address may then be obtained for the client device in response to moving the client device to a post-authentication virtual network. Traffic for the client device may then be translated to the post-authentication address.

Abstract: A protocol that is managed by a coordinating network element or third-party intermediary or peer network elements and utilizes tokens prohibits any subset of a union of the coordinating network element or third-party intermediary, if any, and a proper subset of the processors involved in token generation from substantively accessing underlying data. By one approach, processors utilize uniquely-held secrets. By one approach, an audit capability involves a plurality of processors. By one approach, the protocol enables data transference and/or corroboration. By one approach, transferred data is hosted independently of the coordinating network element. By one approach, the coordinating network element or third-party intermediary or a second requesting network element is at least partially blinded from access to tokens submitted by a first requesting network element. By one approach, a third-party intermediary uses a single- or consortium-sourced database.

Abstract: Techniques are described that enable an IT and security operations application to prioritize the processing of selected events for a defined period of time. Data is obtained reflecting activity within an IT environment, wherein the data includes a plurality of events each representing an occurrence of activity within the IT environment. A severity level is assigned to each event of the plurality of events, where the events are processed by the IT and security operations application in an order that is based at least in part on the severity level assigned to each event. Input is received identifying at least one event of the plurality of events for expedited processing to obtain a set of expedited events, and the identified events are processed by the IT and security operations application before processing events that are not in the set of expedited events.

Abstract: A method, non-transitory computer readable medium, and policy rating server device that receives a request from a client computing device for one or more privacy ratings. The request identifies at least one application, such as an application installed on the client computing device for example. A policy associated with the identified application is obtained. The obtained policy is analyzed to identify a plurality of key words or phrases associated with use by the at least one application of functionality of, or personal information stored on, the client computing device. One or more privacy ratings are generated based on numerical values assigned to each of the identified key words or phrases, the generated one or more privacy ratings are output to the client computing device in response to the request.

Abstract: An embedded system and method, comprising a processor adapted to execute an instruction of an application program, where the instruction includes an access instruction for a hardware device; a memory adapted to store the instruction of the application program; and a physical memory protection apparatus coupled to the processor and the memory, where the access instruction accesses the hardware device through the physical memory protection apparatus.

Abstract: The disclosed system implements techniques to secure communications for injecting a workload (e.g., a container) into a virtual network hosted by a cloud-based platform. Based on a delegation instruction received from a tenant, a virtual network of the tenant can connect to and execute a workload via a virtual machine that is part of a virtual network that belongs to a resource provider. To secure calls and authorize access to the tenant's virtual network, authentication information provided with a call from the virtual network of the resource provider may need to match authorization information made available via a publication service of the cloud-based platform. Additionally or alternatively, an identifier of a NIC used to make a call may need to correspond to a registered name of the resource provider for the call to be authorized. These checks provide increased security by preventing unauthorized calls to the tenant's virtual network.

Abstract: A system for telemedicine diagnostics through remote sensing includes a computing device configured to initiate a communication interface between the computing device and a client device operated by a human subject, wherein the secure communication interface includes an audiovisual streaming protocol, receive, from at least a remote sensor at the human subject, a plurality of current physiological data, generate a clinical measurement approximation as a function of the change of a first discrete and a second discrete set of current physiological data, wherein generating further comprises receiving approximation training data correlating physiological data with clinical measurement data, training a measurement approximation model as a function of the training data and a machine-learning process, and generating the clinical measurement approximation as a function of the current physiological data and the measurement approximation model, and presenting the clinical measurement approximation to a user of the comp

Abstract: Computer-implemented systems and methods for providing secure exchange of confidential data including: a user database including a user profile that includes user identification data including user biometric data; a verification module that compares biometric data received from a computing device being used by a user attempting to access the system against the stored user biometric data to verify the user's identity; a legal database including data useable according to requirements of a specific legal jurisdiction; a geographical engine that uses geographical location data associated with the computing device being used by the user to tag the user as being associated with the specific legal jurisdiction; and a compiler that, in response to an inquiry received from the computing device being used by the user, compiles a legal document compatible according to specific legal standards of the legal jurisdiction associated with the user and sends the legal document to the user.

Abstract: A method and an apparatus are provided for deploying a security access control policy in the field of network security. The method, executed by a cloud management platform, includes: determining, according to an application creation instruction, an application template used for an application that needs to be created and a security profile corresponding to the application template; instructing a virtualization platform to create, according to the application template, a corresponding virtual machine for each application component in the application, and obtaining an IP address of each virtual machine created by the virtualization platform; generating a group of security access control policies corresponding to the application according to the IP address of each virtual machine and by using the security profile; and delivering the group of security access control policies to a corresponding firewall. Therefore, a security access control policy is automatically deployed.

Abstract: Disclosed herein are system, method, and computer program product embodiments for preemptively evaluating whether roles are over-privileged within an (IAM) identity and access management system. Roles may be over-privileged when they are granted permissions to perform certain actions outside the scope granted to those roles. The evaluation occurs without submitting the certain actions to the IAM system and allows roles to be evaluated on a preemptive basis so that corrective actions may be taken to prevent unauthorized access to resources. Roles may be associated with policies which may each define different permissions for accessing resources. The evaluation may involve generating an effective policy from the policies associated with a role to provide a comprehensive view of all permissions associated with the role.

Abstract: A method for maintaining state and event information for all of a user's devices associated in a common location using a blockchain where each block includes an event block and a device block within it, where each event and device block refers to an earlier block of the respective type, resulting in a blockchain-in-a-blockchain architecture. The device and event blocks store data regarding each device associated with a user and events related to the devices/user, respectively. Any time a new event occurs, or a device is registered or removed, a new set of blocks is created, where submissions regarding device changes or events can be made by any participant due to the decentralized and public nature of a blockchain. The result is a system where all data regarding a user's registered devices and events is kept in a common location in a manner that is auditable and verifiable.

Abstract: In general, this disclosure describes techniques for using virtual domains. In one example, a method comprises receiving, by a computing device, configuration data defining: an external virtual domain for a network function, the external virtual domain connected to a public network and managed by a provider for the computing device; a virtual domain for the network function, the virtual domain separate from the external virtual domain, configured with a secure tunnel interface, connected to a customer network, and managed by a customer of the provider for the computing device; forwarding, by the external virtual domain implementing a route-based virtual private network, encrypted network traffic, received from the public network via a secure tunnel, to the secure tunnel interface configured in the virtual domain; decrypting, by the virtual domain, the encrypted network traffic to generate network traffic; and forwarding, by the virtual domain, the network traffic to the customer network.

Abstract: Systems and methods for utilizing an image capture device to scan facial features of a user, responsive to recognition of a plurality of beam projection points on the face of the user. The first data captured from scanning the facial features may be authenticated against a facial depth map stored as a data structure in a data storage medium. In response to successful authentication, the facial features of the user may be continually scanned to detect facial movements indicative of the user's liveness. Access may be granted to the user, in response to verifying the user's liveness.

Abstract: Aspects of the disclosure relate to a transmission logic for selecting an authorized signatory as a recipient for an electronic document for signature. The transmission logic forms a part of a communications platform. The platform, including a first electronic communications pathway and a second electronic communications pathway, conducts and supports communication between a first entity and a second entity. The logic may generate an electronic document together with a request for an electronic signature, flag the document and transmit the document along the first electronic communications pathway to an authorized signatory at the second entity. The logic may also select a signatory according to a predetermined protocol, determine the availability of the selected signatory, confirm the selection, and transmit the electronic document to the authorized signatory for signature. Upon notification of the electronic signature, the logic may transmit, along the second pathway, the document to the first entity.