Abstract: A method includes receiving, from a client device, a request to initiate an action on a target system. The method further includes determining, in view of a container registry, that the action is permissive. The method further includes receiving an authorized container corresponding to the action. The method further includes performing, by a processing device, the action in view of the container.

Abstract: The technology disclosed herein enables a processor to receive, at a distribution unit, a first content request from a distribution electronic control unit (ECU) associated with a vehicle, wherein the first content request reflects one or more filtering criteria, determine whether a content item that satisfies the filtering criteria is stored on a storage device of the distribution unit, responsive to determining that the content item that satisfies the filtering criteria is not stored on the storage device of the distribution unit: send, to a managed content delivery service, a second content request, wherein the second content request includes the filtering criteria, and receive, from the managed content delivery service, the content item that satisfies the filtering criteria, and send the content item that satisfies the filtering criteria to the distribution ECU associated with the vehicle.

Abstract: The technology disclosed herein enables a computing device to use a trusted execution environment in an untrusted device to distribute executable image data (e.g., network bootable image) to a set of one or more computing devices. An example method may include: establishing, by a processor, the trusted execution environment in a first computing device, wherein the trusted execution environment comprises an encrypted memory area; loading executable code into the trusted execution environment, wherein the executable code controls access to protected content and wherein the protected content comprises executable image data; and causing the executable code to execute in the trusted execution environment to analyze data of a second computing device and to provide the second computing device access to the protected content.

Abstract: The technology disclosed herein enables a processor to receive, at a distribution unit, a first content request from a distribution electronic control unit (ECU) associated with a vehicle, wherein the first content request reflects one or more filtering criteria, determine whether a content item that satisfies the filtering criteria is stored on a storage device of the distribution unit, responsive to determining that the content item that satisfies the filtering criteria is not stored on the storage device of the distribution unit: send, to a managed content delivery service, a second content request, wherein the second content request includes the filtering criteria, and receive, from the managed content delivery service, the content item that satisfies the filtering criteria, and send the content item that satisfies the filtering criteria to the distribution ECU associated with the vehicle.

Abstract: A method includes receiving, from a client device, a request to initiate an action on a target system. The method further includes determining, in view of a container registry, that the action is permissive. The method further includes receiving an authorized container corresponding to the action. The method further includes performing, by a processing device, the action in view of the container.

Abstract: The technology disclosed herein enables a computing device to use a trusted execution environment in an untrusted device to distribute executable image data (e.g., network bootable image) to a set of one or more computing devices. An example method may include: establishing, by a processor, the trusted execution environment in a first computing device, wherein the trusted execution environment comprises an encrypted memory area; loading executable code into the trusted execution environment, wherein the executable code controls access to protected content and wherein the protected content comprises executable image data; and causing the executable code to execute in the trusted execution environment to analyze data of a second computing device and to provide the second computing device access to the protected content.

Abstract: A method for user authentication for accessing protected applications by computing devices includes receiving, by a processor of a mobile computing device, a first authentication token. The method further includes transmitting an authentication request using the first authentication token. The method further includes receiving, in response to the authentication request, a second authentication token. The method further includes transmitting a resource access token request using the second authentication token. The method further includes receiving, in response to the resource access token request, a resource access token. The method further includes transmitting a computing resource access request using the resource access token.

Abstract: Systems and methods for strong user authentication for accessing protected networks. An example method may include: transmitting, by a processing device, an authentication request to an authentication server; receiving an access granting token from the authentication server; transmitting, to a nonce server, a nonce request using the access granting token; receiving a cryptographic nonce from the nonce server; and transmitting, to a virtual private network (VPN) server, a VPN connection request using the cryptographic nonce.

Abstract: Storing a key to an encrypted file in a kernel memory is disclosed. Authentication data may be received and authentication credentials of the authentication data may be stored in a file. The file may be encrypted and a key to the encrypted file may be generated. The encrypted file may be stored in a user space and the key may be stored in a kernel space. The key may be retrieved from the kernel space and applied to the encrypted file in the user space to decode the encrypted file and subsequently access the authentication credentials stored in the encrypted file.

Abstract: A method for user authentication for accessing protected applications by computing devices includes receiving, by a processor of a mobile computing device, a first authentication token. The method further includes transmitting an authentication request using the first authentication token. The method further includes receiving, in response to the authentication request, a second authentication token. The method further includes transmitting a resource access token request using the second authentication token. The method further includes receiving, in response to the resource access token request, a resource access token. The method further includes transmitting a computing resource access request using the resource access token.

Abstract: Systems and methods for strong user authentication for accessing protected applications by mobile computing devices. An example method may comprise: receiving, by a mobile computing device, a cryptographic nonce via a first communication interface; transmitting, via a second communication interface, an authentication request using the cryptographic nonce, to an authentication server via an HTTP proxy server; receiving a resource access token from the authentication server; and transmitting a computing resource access request using the resource access token.

Abstract: Storing a key to an encrypted file in a kernel memory is disclosed. Authentication data may be received and authentication credentials of the authentication data may be stored in a file. The file may be encrypted and a key to the encrypted file may be generated. The encrypted file may be stored in a user space and the key may be stored in a kernel space. The key may be retrieved from the kernel space and applied to the encrypted file in the user space to decode the encrypted file and subsequently access the authentication credentials stored in the encrypted file.

Abstract: Systems and methods for strong user authentication for accessing protected applications by mobile computing devices. An example method may comprise: receiving, by a mobile computing device, a cryptographic nonce via a first communication interface; transmitting, via a second communication interface, an authentication request using the cryptographic nonce, to an authentication server via an HTTP proxy server; receiving a resource access token from the authentication server; and transmitting a computing resource access request using the resource access token.

Abstract: Systems and methods for strong user authentication for accessing protected networks. An example method may comprise: transmitting, by a processing device, an authentication request to an authentication server; receiving an access granting token from the authentication server; transmitting, to a nonce server, a nonce request using the access granting token; receiving a cryptographic nonce from the nonce server; and transmitting, to a virtual private network (VPN) server, a VPN connection request using the cryptographic nonce.

Abstract: In a system for disconnected authentication, verification records corresponding to given authentication token outputs over a predetermined period of time, sequence of events, and/or set of challenges are downloaded to a verifier. The records include encrypted or hashed information for the given authentication token outputs. In one embodiment using time intervals, for each time interval, token output data, a salt value, and a pepper value, are hashed and compared with the verification record for the time interval. After a successful comparison, a user can access the computer. A PIN value can also be provided as an input the hash function. A portion of the hash function output can be used as a key to decrypt an encrypted (Windows) password, or other sensitive information.

Abstract: In one embodiment, a mechanism for providing a trusted environment for provisioning a virtual machine is disclosed. In one embodiment, a method includes beginning an initialization process of a virtual machine (VM) hosted by a VM host server, obtaining by the VM as part of the initialization process a one-time password from the VM host server, the one-time password provided to the VM host server from a management server that created the one-time password, and authenticating the VM with an identity server using the one-time password.

Abstract: In one embodiment, a mechanism for providing a trusted environment for provisioning a virtual machine is disclosed. In one embodiment, a method includes beginning an initialization process of a virtual machine (VM) hosted by a VM host server, obtaining by the VM as part of the initialization process a one-time password from the VM host server, the one-time password provided to the VM host server from a management server that created the one-time password, and authenticating the VM with an identity server using the one-time password.

Abstract: In a system for disconnected authentication, verification records corresponding to given authentication token outputs over a predetermined period of time, sequence of events, and/or set of challenges are downloaded to a verifier. The records include encrypted or hashed information for the given authentication token outputs. In one embodiment using time intervals, for each time interval, token output data, a salt value, and a pepper value, are hashed and compared with the verification record for the time interval. After a successful comparison, a user can access the computer. A PIN value can also be provided as an input the hash function. A portion of the hash function output can be used as a key to decrypt an encrypted (Windows) password, or other sensitive information.