Abstract: Authentication data for providing access to a resource to a user is received from a requester. The authentication data encapsulates data required by both a first authentication solution and a second authentication procedure both for providing access to a resource. The first and second authentication solutions can differ in authentication modality with the second authentication solution utilizing at least one machine learning model. Thereafter, using the received authentication data, both of the first and second authentication solutions are initiated. Authentication results are received from both of the first and second authentication solutions. The requester is provided with access to the resource if the both of the received authentication results indicate that authentication of the user was successful. Related apparatus, systems, techniques and articles are also described.

Abstract: Authentication data for providing access to a resource to a user is received from a requester. The authentication data encapsulates data required by both a first authentication solution and a second authentication procedure both for providing access to a resource. The first and second authentication solutions can differ in authentication modality with the second authentication solution utilizing at least one machine learning model. Thereafter, using the received authentication data, both of the first and second authentication solutions are initiated. Authentication results are received from both of the first and second authentication solutions. The requester is provided with access to the resource if the both of the received authentication results indicate that authentication of the user was successful. Related apparatus, systems, techniques and articles are also described.

Abstract: Data is received that characterizes a software system. Thereafter, a threat model is generated, using at least one machine learning model, that optimally characterizes cybersecurity threats associated with the software system and provides security measures to counter such threats. The at least one machine learning model is trained using a plurality of historically generated threat models for a plurality of differing software systems. Subsequently, data can be provided that includes or otherwise characterizes the generated threat model.

Abstract: Data is received that characterizes a software system. Thereafter, a threat model is generated, using at least one machine learning model, that optimally characterizes cybersecurity threats associated with the software system and provides security measures to counter such threats. The at least one machine learning model is trained using a plurality of historically generated threat models for a plurality of differing software systems. Subsequently, data can be provided that includes or otherwise characterizes the generated threat model.

Abstract: The disclosure relates to a telecommunication method for authenticating a user with respect to a computer system, the computer system comprising an authentication system including a user interface and an interface for connecting the computer system to a digital, cellular telecommunication network, the authentication being carried out by way of a mobile telecommunication terminal, the mobile telecommunication terminal comprising an interface for the communication network, the computer system comprising a memory in which a communication address for the telecommunication terminal is stored, comprises: the user identifies himself or herself with respect to the authentication system of the computer system by entering login information via the user interface; after successful identification of the user on the authentication system, the authentication system accesses the communication address stored in the memory and transmits an activation request via the communication network to the mobile telecommunication termin

Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for receiving a support request from a requester, and obtaining a policy for evaluating administrative privileges required for fulfilling the request where the policy is based on a history of actions of the requester. Receiving a system access request for access to digital content, where the system access request is associated with the support request, and providing an access control decision based on the policy.

Abstract: A protocol controller may execute a spoofing protection protocol for verifying a message received over a network from a network-connected thing, in the presence of a spoofed message transmitted from a spoofed thing illicitly representing the network-connected thing. The protocol controller may include a message handler configured to implement the spoofing protection protocol, including receiving a message identified as originating from the network-connected thing, executing a verification of a transmission characteristic of the message against an expected transmission characteristic previously stored with respect to the network-connected thing within a transmission characteristic repository, and determining whether the message originated from the network-connected thing, based on the verification.

Abstract: An encryption manager may encrypt mobile data associated with a mobile application executing on a mobile device, where the mobile application is configured to interact with a remote application executing on a remote server, and the mobile data is encrypted using a mobile password. A mobile password recovery manager may encrypt the mobile password, using a remote password used to access the remote application executing on the remote server, and may recover the mobile data, in case of loss of the mobile password, including decrypting the encrypted mobile password using the remote password.

Abstract: A protocol controller may execute a spoofing protection protocol for verifying a message received over a network from a network-connected thing, in the presence of a spoofed message transmitted from a spoofed thing illicitly representing the network-connected thing. The protocol controller may include a message handler configured to implement the spoofing protection protocol, including receiving a message identified as originating from the network-connected thing, executing a verification of a transmission characteristic of the message against an expected transmission characteristic previously stored with respect to the network-connected thing within a transmission characteristic repository, and determining whether the message originated from the network-connected thing, based on the verification.

Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for receiving a support request from a requester, and obtaining a policy for evaluating administrative privileges required for fulfilling the request where the policy is based on a history of actions of the requester. Receiving a system access request for access to digital content, where the system access request is associated with the support request, and providing an access control decision based on the policy.

Abstract: The disclosure relates to a telecommunication method for authenticating a user with respect to a computer system, the computer system comprising an authentication system including a user interface and an interface for connecting the computer system to a digital, cellular telecommunication network, the authentication being carried out by way of a mobile telecommunication terminal, the mobile telecommunication terminal comprising an interface for the communication network, the computer system comprising a memory in which a communication address for the telecommunication terminal is stored, comprises: the user identifies himself or herself with respect to the authentication system of the computer system by entering login information via the user interface; after successful identification of the user on the authentication system, the authentication system accesses the communication address stored in the memory and transmits an activation request via the communication network to the mobile telecommunication termin

Abstract: Secure configuration of a mobile application (“app”) includes sending the required configuration data for the app to the user's mobile computing device in a communication, for example an email with an attachment. A verification value is included in the attachment to protect the authenticity and integrity of the configuration data. A challenge code is issued to the user (or group of users). The challenge code is used to verify the configuration data.

Abstract: The disclosure generally describes computer-implemented methods, software, and systems for modeling and deploying decision services. One computer-implemented method includes encrypting, by operation of a computer, personally-identifiable information (PII) data using a first cryptographic key, wherein the PII data is associated with non-encrypted associated data, encrypting the encrypted first cryptographic key with a second cryptographic key, determining that the occurrence of a PII data disassociation event associated with the second cryptographic key has occurred, and rendering the PII data inaccessible by disassociating the second cryptographic key from the encrypted first cryptographic key.

Abstract: An encryption manager may encrypt mobile data associated with a mobile application executing on a mobile device, where the mobile application is configured to interact with a remote application executing on a remote server, and the mobile data is encrypted using a mobile password. A mobile password recovery manager may encrypt the mobile password, using a remote password used to access the remote application executing on the remote server, and may recover the mobile data, in case of loss of the mobile password, including decrypting the encrypted mobile password using the remote password.

Abstract: Secure configuration of a mobile application (“app”) includes sending the required configuration data for the app to the user's mobile computing device in a communication, for example an email with an attachment. A verification value is included in the attachment to protect the authenticity and integrity of the configuration data. A challenge code is issued to the user (or group of users). The challenge code is used to verify the configuration data.

Abstract: Methods, computer-readable media, and systems for enhancing useability of mobile devices that securely store data. An input to transfer a computer software application executing on a mobile device from a foreground state of the mobile device to a background state of the mobile device is received. In response, noise data based on application data associated with the application is generated. Both the application data and the noise data are encrypted using the same encryption mechanism, but using different keys. When another input to transfer the application from the background state to the foreground state is received, then the encryption mechanism is executed on the application data and the noise data using a key requested in response to the other input. The application is transferred to the foreground state if the received key matches the key with which the application data was previously encrypted. Other items of data are discarded.

Abstract: Secure configuration of a mobile application (“app”) includes sending the required configuration data for the app to the user's mobile computing device in a communication, for example an email with an attachment. A verification value is included in the attachment to protect the authenticity and integrity of the configuration data. A challenge code is issued to the user (or group of users). The challenge code is used to verify the configuration data.

Abstract: Methods, computer-readable media, and systems for enhancing useability of mobile devices that securely store data. An input to transfer a computer software application executing on a mobile device from a foreground state of the mobile device to a background state of the mobile device is received. In response, noise data based on application data associated with the application is generated. Both the application data and the noise data are encrypted using the same encryption mechanism, but using different keys. When another input to transfer the application from the background state to the foreground state is received, then the encryption mechanism is executed on the application data and the noise data using a key requested in response to the other input. The application is transferred to the foreground state if the received key matches the key with which the application data was previously encrypted. Other items of data are discarded.

Abstract: The disclosure generally describes computer-implemented methods, software, and systems for modeling and deploying decision services. One computer-implemented method includes encrypting, by operation of a computer, personally-identifiable information (PII) data using a first cryptographic key, wherein the PII data is associated with non-encrypted associated data, encrypting the encrypted first cryptographic key with a second cryptographic key, determining that the occurrence of a PII data disassociation event associated with the second cryptographic key has occurred, and rendering the PII data inaccessible by disassociating the second cryptographic key from the encrypted first cryptographic key.

Abstract: The present description refers in particular to a computer-implemented method, a computer system, and a computer program product. The method may comprise providing authentication enforcement at resource level by specifying at design time at least one authentication key for at least one data storage unit of a resource. A request may be received at a server from a requester through a client to access the resource. Authentication of the requester may be enforced through the at least one authentication key at the at least one data storage unit of the resource.