In an embodiment, a method of securing remote technical support includes monitoring a computing environment for at least one indicator of remote-control software in the computing environment in accordance with stored authentication settings. The method also includes, responsive to the monitoring, detecting the at least one indicator of remote-control software in the computing environment. The method also includes, responsive to the detection, identifying an authentication profile in the stored authentication settings that is applicable to the at least one indicator of remote-control software. The method also includes executing an authentication workflow in accordance with the authentication profile. Other embodiments of this aspect include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform the actions of the methods.

Provided is a processing apparatus that authenticates a requestor in response to a request for performing predetermined processing. The processing apparatus executes the predetermined processing upon the authentication succeeding. Whether or not authentication is performed is set individually for each of the processing apparatus and an external apparatus of the processing apparatus that serve as the requestor. The authentication is performed in the case where authentication is set to be performed on the requestor that made the request.

An embodiment may include transmitting a manufacturer security certificate to a provisioning server device, and establishing, with the provisioning server device, a secure connection based on the manufacturer security certificate. The embodiment may also involve transmitting, over the secure connection, device data that characterizes the client device, and receiving, over the secure connection, a server security certificate. The embodiment may further include obtaining a unique client device identifier. The embodiment may additionally include, possibly based on the server security certificate and the unique client device identifier, accessing protected information available to a particular pre-validated server device.

A secure, remote support platform allows secure, remote device support with an edge device (101) and a trusted intermediary server resource (“trusted server”). The trusted server (113) is an endpoint for secure connections with a support application used by a remote technician and with the edge device. The secure connections carry messages with inputs, data requests, and feedback. Messages between the trusted server and support edge device are secured in a manner that allows each endpoint to validate the messages. The remote technician controls the edge device to assesses a target device connected to the edge device. The edge device presents emulated peripheral devices to the target device while capturing the target device desktop with a camera or presents remotely controlled peripherals and returns screen captures or updates of the desktop from the target device.

A method and apparatus for sharing content by selecting a device with which the content is to be shared and performing authentication by using a device which is being called. The method of sharing content of a first device includes: performing authentication of a remote access service for sharing the content with a second device based on a call connection state between the first device and the second device; remotely accessing the second device according to a result of the authentication; and sharing the content based on the remote access.

When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The verified command request is sent to the target machine. An authentication worker on the target machine accesses a set of policies, local to the target machine, to identify a least privileged execution environment in which the requested command can be performed. The authentication worker on the target machine launches the requested command within the identified least privileged execution environment on the target machine.

A computer-implemented method for remotely verifying an identity of a user is presented. The method comprises a first data processing device (120) receiving a live video stream (102) of the user from a second data processing device (140) via a video data connection (108) having a video bandwidth. Establishing a separate data connection (110) between the first (120) and second (140) data processing devices, the data connection (110) having a data bandwidth. The first data processing device (120) receiving, via the data connection (110), identifying data (104) captured from an identifying means from the second data processing device (140), or another data processing device. The first data processing device (120) determining first biometric data based on the identifying data (104) and comparing to second biometric data based on the live video stream (102). The first data processing device (120) then verifying an identity of the user based on a correspondence between the first biometric data and the second biometric data.

Techniques for projection via a device are described. According to various implementations, techniques described herein enable a locked host device to output data projected from another device while the host device remains in a locked state. In at least some implementations, device context for a host device (locked or unlocked) can be considered in determining whether to broadcast availability to receive projected content.

A system and method of executing a script includes receiving, by a service user account module, a user script from a first user account. The method includes issuing, by a management system, execution data including the user script and validation parameters. The method includes signing, by the management system, the execution data with a private key. Responsive to signing the execution data, the execution data further includes a digital signature. The method further includes authorizing, by the management system, communication to a remote execution tool, where authorization requires the digital signature. The method further includes sending, to the remote execution tool, the execution data including the digital signature. The method further includes confirming, by the remote execution tool, the validation parameters. The method further includes, responsive to confirming the validation parameters, executing, by the remote execution tool, the user script on a remote system for the first user account.

An opportunity for a computing device to participate in a secure session with a particular domain is identified. A secured microcontroller of the computing device is used to identify a secured, persistent seed corresponding to the particular domain and stored in secured memory of the computing device. A secure identifier is derived based on the seed and sent for use by the particular domain in authenticating the computing device to the particular domain for the secure session. The particular domain can further apply security policies to transactions involving the computing device and particular domain based at least in part on the secure identifier.