As part of a factory provisioning of an Information Handling System (IHS), a configuration certificate is stored that identifies a pre-boot configuration of the IHS resulting from the factory provisioning. Upon a transfer of control or ownership of the IHS, a pre-boot configuration of the IHS is identified and the configuration certificate is utilized to validate that the identified pre-boot configuration is the same as the pre-boot configuration of the IHS resulting from the factory provisioning. A security processor of the IHS may support boot code operations for generating additional configuration certificates that can be used to validate the integrity of any changes the IHS configuration, such as upon its next power cycle.

A method for authenticating and updating an eUICC firmware version includes: receiving first information from a terminal device, where the first information includes a target identifier; searching a currently stored event record for a target event record, where a group event identifier in the target event record matches the target identifier in the first information; sending the target event record to the terminal device, where the target event record is used to enable the terminal device to download an eUICC firmware version update package; and updating a firmware version of an eUICC of the terminal device based on the eUICC firmware version update package.

A method for authenticating and updating an eUICC firmware version includes: receiving first information from a terminal device, where the first information includes a target identifier; searching a currently stored event record for a target event record, where a group event identifier in the target event record matches the target identifier in the first information; sending the target event record to the terminal device, where the target event record is used to enable the terminal device to download an eUICC firmware version update package; and updating a firmware version of an eUICC of the terminal device based on the eUICC firmware version update package.

Disclosed are hybrid authentication systems and methods that enable users to seamlessly sign-on between cloud-based services and on-premises systems. A cloud-based authentication service receives login credentials from a user and delegates authentication to an on-premises authentication service proxy. The login credentials can be passed by the cloud-based authentication service to the on-premises authentication service proxy, for instance, as an access token in an authentication header. The access token can be a JavaScript Object Notation (JSON) Web Token (JWT) token that is digitally signed using JSON Web Signature. Some embodiments utilize a tunnel connection through which the cloud-based authentication service communicates with the on-premises authentication service proxy. Some embodiments leverage an on-premises identity management system for user management and authentication. In this way, there is no need for a cloud-based system to separately maintain and manage a user identity management system and/or having to sync with an on-premises identity management system.

A first user device can transmit an interaction request to a remote computer via a long range communication channel. The first user device can receive an authentication request message from the remote computer and can then transmit the authentication request message to a second user device via a short range communication channel. The first user device can then receive an authentication response message comprising a response value from the second user device via the short range communication channel. The first user device can then transmit the authentication response message to the remote computer causing the remote computer to verify the response value and perform further processing if the response value is verified.

A first user device can transmit an interaction request to a remote computer via a long range communication channel. The first user device can receive an authentication request message from the remote computer and can then transmit the authentication request message to a second user device via a short range communication channel. The first user device can then receive an authentication response message comprising a response value from the second user device via the short range communication channel. The first user device can then transmit the authentication response message to the remote computer causing the remote computer to verify the response value and perform further processing if the response value is verified.

Generating a private key recovery seed based on random words extracted from an input memory of a user and using the recovery seed to recover the private key. An input that is related to a specific memory of a user is received. The specific memory was previously entered and used to generate random words that are related to each other by being included in the specific memory. The random words are extracted from the received input. The random words are associated with a first private key recovery mechanism for recovering a private key. The random words are input into the first private key recovery mechanism to generate a recovery seed. The recovery seed is input into a second private key recovery mechanism. The second private key recovery mechanism generates a recovered private key upon performing a recovery operation on the private key recovery seed.

Generating a private key recovery seed based on random words extracted from an input memory of a user and using the recovery seed to recover the private key. An input that is related to a specific memory of a user is received. The specific memory was previously entered and used to generate random words that are related to each other by being included in the specific memory. The random words are extracted from the received input. The random words are associated with a first private key recovery mechanism for recovering a private key. The random words are input into the first private key recovery mechanism to generate a recovery seed. The recovery seed is input into a second private key recovery mechanism. The second private key recovery mechanism generates a recovered private key upon performing a recovery operation on the private key recovery seed.

Systems, apparatuses, methods, and computer program products are disclosed for wavelength division multiplexing (WDM) security. An example method includes transmitting, by a control system, an authentication request to an active device in a fiber optic network, receiving, by the control system, a message from the active device, the message containing a unique identifier and an authentication key, and performing, by the control system, one or more authentication operations using the unique identifier and the authentication key. The method further includes, in an instance in which the active device is fails to be authenticated, transmitting, by the control system, an encryption key change message to the active device, but in an instance in which the active device is authenticated, transmitting, by the control system, a message to the active device authorizing the active device to communicate. Corresponding apparatuses and computer program products are also disclosed.

Systems, apparatuses, methods, and computer program products are disclosed for wavelength division multiplexing (WDM) security. An example method includes transmitting, by a control system, an authentication request to an active device in a fiber optic network, receiving, by the control system, a message from the active device, the message containing a unique identifier and an authentication key, and performing, by the control system, one or more authentication operations using the unique identifier and the authentication key. The method further includes, in an instance in which the active device is fails to be authenticated, transmitting, by the control system, an encryption key change message to the active device, but in an instance in which the active device is authenticated, transmitting, by the control system, a message to the active device authorizing the active device to communicate. Corresponding apparatuses and computer program products are also disclosed.