Disclosed are various embodiments for controlling access to resources in a network environment. Methods may include installing a profile on the device and installing a certificate included in or otherwise associated with the profile on the device. A request to execute an application, and/or access a resource using a particular application, is received and determination is made as to whether the certificate is installed on the device based on an identification of the certificate by the application. If the certificate is installed on the device, then execution of the application and/or access to the resource is allowed. If the certificate is not installed on the device, then the request for execution and/or access is refused.

An administered authentication system can authenticate an artificial reality device using an authorization record between a user account and an artificial reality device. In some implementations, the authorization record is created in response to activation of a user account-specific key sent to a user-supplied contact, where an artificial reality device identifier was provided with the user-supplied contact. In other implementations, the authorization record is created in response to activation of a user account-specific key provided to the artificial reality device as a code, where activation of the key includes adding an artificial reality device identifier to a key activation message. In yet other implementations, the authorization record is created in response to an application associated with a user account activating an artificial reality device-specific key, with an artificial reality device identifier, that is provided via the artificial reality device.

An administered authentication system can authenticate an artificial reality device using an authorization record between a user account and an artificial reality device. In some implementations, the authorization record is created in response to activation of a user account-specific key sent to a user-supplied contact, where an artificial reality device identifier was provided with the user-supplied contact. In other implementations, the authorization record is created in response to activation of a user account-specific key provided to the artificial reality device as a code, where activation of the key includes adding an artificial reality device identifier to a key activation message. In yet other implementations, the authorization record is created in response to an application associated with a user account activating an artificial reality device-specific key, with an artificial reality device identifier, that is provided via the artificial reality device.

Visually enrolling a camera using an optical code and a picture file, including: receiving the picture file and the optical code from the camera, wherein the optical code includes a public key of the camera; generating a visual challenge using a nonce created by a random number generator; transmitting the visual challenge to a user of the camera to capture the visual challenge; receiving the captured visual challenge from the camera; extracting a response from the captured visual challenge; comparing the response to the nonce to verify a signature of the captured visual challenge using the public key of the camera and to convert the optical code received from the camera into a valid certificate; and enrolling the camera and adding the valid certificate to a key store.

Aspects of the disclosure relate to extending single-sign-on to relying parties for federated logon providers. An enterprise identity provider server may receive a first authentication token previously issued to an enterprise server by the enterprise identity provider server. Subsequently, the enterprise identity provider server may retrieve, from a token store, a second authentication token associated with a federated identity service provided by a federated identity provider server. The enterprise identity provider server may refresh the second authentication token with the federated identity service provided by the federated identity provider server to obtain a refreshed authentication token. Finally, the enterprise identity provider server may send the refreshed authentication token to the enterprise server, which may enable user devices managed by the enterprise server to access one or more resources provided by a third party system using the federated identity service.

Systems and methods for managing a compromised autonomous vehicle server are described herein. A processor may obtain an indication of a first server configured to control an autonomous vehicle being compromised. The autonomous vehicle may have previously been provisioned with a first public key. The first public key may be paired with a first private key. A processor may compile command information. The command information may include a command for the autonomous vehicle and a digital certificate of a second server configured to control the autonomous vehicle in the event of the first server being compromised. The digital certificate may include a second public key and may be signed with the first private key. The command may be signed with a second private key associated with the second server. The second private key may be paired with the second public key.

A computing system and method has a pre-boot operating system stored in an encrypted form according to a first key on a first portion of a non-volatile data storage drive and a main operating system stored in an encrypted form according to a second key on a second portion of the non-volatile data storage drive. A system built in operating system (BIOS) chip is configured to initiate a first authentication process, obtain the first key after successful completion of the first authentication process, load and decrypt the pre-boot operating system into dynamic memory, and cause the pre-boot operating system to run. The pre-boot operating system is configured to initiate a second authentication process, obtain the second key after successful completion of the second authentication process, load and decrypt the main operating system into dynamic memory, and cause the main operating system to run.

A computing system and method has a pre-boot operating system stored in an encrypted form according to a first key on a first portion of a non-volatile data storage drive and a main operating system stored in an encrypted form according to a second key on a second portion of the non-volatile data storage drive. A system built in operating system (BIOS) chip is configured to initiate a first authentication process, obtain the first key after successful completion of the first authentication process, load and decrypt the pre-boot operating system into dynamic memory, and cause the pre-boot operating system to run. The pre-boot operating system is configured to initiate a second authentication process, obtain the second key after successful completion of the second authentication process, load and decrypt the main operating system into dynamic memory, and cause the main operating system to run.

Embodiments of systems and methods for automatically evicting an owner of a security processor are described. In some embodiments, a security processor may include: a core and a memory coupled to the core, the memory having program instructions stored thereon that, upon execution by the core, cause the security processor to: determine that a secure boot public key last used by a first entity to bootstrap an Information Handling System (IHS) fails to bootstrap the IHS; in response to the determination, identify another secure boot public key usable by a second entity to bootstrap the IHS; and in response to the security processor being in a factory environment, increment a counter associated with the first entity to evict the first entity in favor of the second entity.

Embodiments of systems and methods for automatically evicting an owner of a security processor are described. In some embodiments, a security processor may include: a core and a memory coupled to the core, the memory having program instructions stored thereon that, upon execution by the core, cause the security processor to: determine that a secure boot public key last used by a first entity to bootstrap an Information Handling System (IHS) fails to bootstrap the IHS; in response to the determination, identify another secure boot public key usable by a second entity to bootstrap the IHS; and in response to the security processor being in a factory environment, increment a counter associated with the first entity to evict the first entity in favor of the second entity.