Abstract: A method, a non-transitory computer readable medium, and a personal computer for mapping a virtual smart card to a plurality of users. The method includes hosting, on a personal computer, an identity and access management (IAM) client, the IAM client configured to store a master virtual smart card for the plurality of users on the personal computer; authenticating, on the personal computer, a first user of the plurality of users; injecting, by the IAM client on the personal computer, an identity of the first user of the plurality of users and a personal identification number of the virtual smart card into a Kerberos communication application programming interface (API) with an Active Directory (AD), the Active Directory (AD) including the plurality of users; and mapping, on the personal computer, the master virtual smart card to the first user of the plurality of users.

Abstract: A method, a non-transitory computer readable medium, and multifunction printer for accessing a resource hosted on one or more cloud servers from a cloud ready application on the multifunction printer are disclosed.

Abstract: A method, a non-transitory computer readable medium, and a personal computer for mapping a virtual smart card to a plurality of users. The method includes hosting, on a personal computer, an identity and access management (IAM) client, the IAM client configured to store a master virtual smart card for the plurality of users on the personal computer; authenticating, on the personal computer, a first user of the plurality of users; injecting, by the IAM client on the personal computer, an identity of the first user of the plurality of users and a personal identification number of the virtual smart card into a Kerberos communication application programming interface (API) with an Active Directory (AD), the Active Directory (AD) including the plurality of users; and mapping, on the personal computer, the master virtual smart card to the first user of the plurality of users.

Abstract: A method, a non-transitory computer readable medium, and a system are disclosed for user registration with mirrored identities to achieve federation without on-premises identities. The method including: forwarding, from a computer processor, a password-based authentication request for a user to an active directory for access to cloud services; receiving, on the computer processor, a cloud authentication from the active directory for the user; piggybacking, on the computer processor, the cloud authentication for the user from the active directory with a FIDO2 registration to an authentication server; requesting, by the computer processor, an application or service from a cloud provider with the cloud authentication for the user from the FIDO2 registration; and receiving, on the computer processor, the application or service from the cloud provider.

Abstract: A method, a non-transitory computer readable medium, and a system are disclosed for a single sign-on for services. The method includes: receiving, on a computer processor, user identification captured by a biometric device of a user; forwarding, by the computer processor, the user identification to an authentication server; receiving, on the computer processor, a user JSON Web Token (user-JWT), user principle name, active directory domain name, and user domain name password, upon authentication of the user by the authentication server; performing, by the computer processor, an active directory join operation with an active directory using the user principle name, the active directory domain name, and the user domain name password; launching, on the computer processor, a browser that communicates with the authentication server; and receiving, on the computer processor, an HTML page constructed with JavaScript code with clickable icons for provisioned services from the authentication server.

Abstract: A method, a non-transitory computer readable medium, and a mobile device are disclosed for accessing a resource hosted on a relying party server from a mobile device. The method includes: hosting a native application on the mobile device, the native mobile device having a user agent for pre-authenticated users; receiving a redirection request from an authentication server for an authentication token for a pre-authenticated user in response to a request for the resource hosted on the relying party server; sending the authentication token for the pre-authenticated user from the user agent of the mobile device to the authentication server in response to the redirection request form the authentication server; and authenticating the authentication token from the user agent on the authentication server and generating an authentication cookie for the authenticated user to access the resource on the relying party server.

Abstract: A method, a non-transitory computer readable medium, and a system are disclosed for a single sign-on for services. The method includes: receiving, on a computer processor, user identification captured by a biometric device of a user; forwarding, by the computer processor, the user identification to an authentication server; receiving, on the computer processor, a user JSON Web Token (user-JWT), user principle name, active directory domain name, and user domain name password, upon authentication of the user by the authentication server; performing, by the computer processor, an active directory join operation with an active directory using the user principle name, the active directory domain name, and the user domain name password; launching, on the computer processor, a browser that communicates with the authentication server; and receiving, on the computer processor, an HTML page constructed with JavaScript code with clickable icons for provisioned services from the authentication server.

Abstract: A method, a non-transitory computer readable medium, and a system are disclosed for user registration with mirrored identities to achieve federation without on-premises identities. The method including: forwarding, from a computer processor, a password-based authentication request for a user to an active directory for access to cloud services; receiving, on the computer processor, a cloud authentication from the active directory for the user; piggybacking, on the computer processor, the cloud authentication for the user from the active directory with a FIDO2 registration to an authentication server; requesting, by the computer processor, an application or service from a cloud provider with the cloud authentication for the user from the FIDO2 registration; and receiving, on the computer processor, the application or service from the cloud provider.

Abstract: A method, a non-transitory computer readable medium, and a system are disclosed for avoidance of user re-registration. The method includes: registering a user and a biometric device on a computing device; sending a registration digital artifact for the user and the biometric device to an authentication server; registering a mobile device configured to support Public Key Infrastructure (PKI) as a roaming authenticator, the mobile device being registered or tied to information related to the user; and provisioning the user and the mobile device with roaming authentication, the roaming authentication being accessed through the mobile device and configured to provide the user and the mobile device access to computing devices in which the user and the mobile device have not previously been used for authentication.

Abstract: A method, a non-transitory computer readable medium, and a system are disclosed for client-less user registration of biometric devices for client-server authentication systems. The method includes: embedding a registration URL address of a solution provider server on a computing device; hosting a generic registration proxy dispatcher service and a solution specific registration handler on the solution provider server, the generic registration proxy dispatcher configured to interact directly or indirectly with a biometric software application on the computing device, and wherein the solution specific registration handler is configured to handle one or more vendors of services; directing a registration of a user and a biometric device to the solution provider server via a browser on the computing device using the registration URL address; and registering the user and the biometric device in a vendor database.

Abstract: A method, a non-transitory computer readable medium, and a mobile device are disclosed for resource enforcement. The method includes: hosting a database of resource enforcement parameters for one or more users on an authentication server; receiving authentication credentials from a user from a mobile client on the authentication server; authenticating the user upon the receipt of authentication credentials from the mobile device; and issuing a digital certificate for the user with resource enforcement parameters to the user from the database of resource enforcement parameters for one or more users on the authentication server.

Abstract: A modified mining algorithm of the conventional bitcoin system adopts, during some periods of time, a lower difficulty for proof-of-work (PoW) than the default difficulty of the conventional bitcoin system, while implementing a malicious fork detection mechanism to monitor the bitcoin blockchain during periods of reduced difficulty. The malicious fork detection mechanism detects and removes malicious forks, the malicious forks being recognizes where every block on a forked branch was generated by the same miner. If a malicious fork is found, the mining difficulty is increased back to the default value for a period of time. The default difficulty corresponds to 2016 blocks every 14 days, while the reduced difficulty corresponds to 2016 blocks every 10 days. A miners' blockchain is implemented to allow the miners to reach consensus regarding the detection of malicious forks.

Abstract: A method, a non-transitory computer readable medium, and a mobile device are disclosed for accessing a resource hosted on a relying party server from a mobile device. The method includes: hosting a native application on the mobile device, the native mobile device having a user agent for pre-authenticated users; receiving a redirection request from an authentication server for an authentication token for a pre-authenticated user in response to a request for the resource hosted on the relying party server; sending the authentication token for the pre-authenticated user from the user agent of the mobile device to the authentication server in response to the redirection request form the authentication server; and authenticating the authentication token from the user agent on the authentication server and generating an authentication cookie for the authenticated user to access the resource on the relying party server.

Abstract: A method, non-transitory computer readable medium, and a primary server are disclosed for transferring data over a communication network from an Internet of Things (IoT) device. The method include receiving a data packet from the IoT device on an application running on a primary server, the data packet having a stateless autoconfiguration IPv6 address, which is configured at least partially based on a device identifier assigned to the IoT device; modifying the stateless autoconfiguration IPv6 address associated with the IoT device identifier to generate a global IP address with the application running on the primary server; and sending the data packet with the global IP address from the primary server to one or more secondary servers over the communication network.

Abstract: A method and non-transitory computer readable medium for SAML service provider-initiated single sign-on flow. The method including authenticating a client on an authentication server via a single sign-on method; issuing the client a set of access tokens, the set of access tokens containing a list of claims describing an authenticated user; sending a request for a resource hosted on a SAML-SP server to the authentication server, the request including a domain and uniform resource locator of the authentication server and the set of access tokens; receiving a resource request on the SAML-SP server to access the resource; redirecting the resource request from the SAML-SP server to the authentication server to obtain an authentication of the user using an authentication request protocol message; receiving a SAML SSO request on the authentication server from the SAML-SP server; issuing a SAML SSO response to the SAML-SP server with assertions about the authenticated user.

Abstract: A method is disclosed for prioritizing network delivery of Internet Protocol (IP) packets, the method comprising: hosting a database of users on a server, each of the users having a network delivery priority attribute for at least one application layer protocol; receiving the network delivery priority attribute from the database on the server upon authentication of a user; and creating an application protocol data unit (APDU) packet for a job, the APDU including an APDU header and a APDU payload, the APDU header including a protocol header with the network delivery priority attribute of the user for the job.

Abstract: A modified mining algorithm of the conventional bitcoin system adopts, during some periods of time, a lower difficulty for proof-of-work (PoW) than the default difficulty of the conventional bitcoin system, while implementing a malicious fork detection mechanism to monitor the bitcoin blockchain during periods of reduced difficulty. The malicious fork detection mechanism detects and removes malicious forks, the malicious forks being recognizes where every block on a forked branch was generated by the same miner. If a malicious fork is found, the mining difficulty is increased back to the default value for a period of time. The default difficulty corresponds to 2016 blocks every 14 days, while the reduced difficulty corresponds to 2016 blocks every 10 days. A miners' blockchain is implemented to allow the miners to reach consensus regarding the detection of malicious forks.

Abstract: A method, non-transitory computer readable medium, and a primary server are disclosed for transferring data over a communication network from an Internet of Things (IoT) device. The method include receiving a data packet from the IoT device on an application running on a primary server, the data packet having a stateless autoconfiguration IPv6 address, which is configured at least partially based on a device identifier assigned to the IoT device; modifying the stateless autoconfiguration IPv6 address associated with the IoT device identifier to generate a global IP address with the application running on the primary server; and sending the data packet with the global IP address from the primary server to one or more secondary servers over the communication network.