A program causes a computer to execute a process. The process includes: acquiring first delay time when a request is transmitted from a first container group having a proxy container of first type to a second container group having first proxy container of second type by the proxy container of first type; calculating second delay time when the request from the first container group reaches the second container group via third container group that relays communication between proxy containers of different types; performing, when the second delay time is shorter than the first delay time, setting for transmitting the request to the third container group via the proxy container of first type; and adding, when otherwise, a second proxy container of second type to the first container group, and performing setting for transmitting the request to the second container group via the second proxy container.

Systems and methods for zero trust authentication. In certain embodiments, a method may comprise providing, from a client computing system to an identity provider (IdP) authority, an authentication nonce value generated by hashing a random value and a public key of the client computing system, and receiving, at the client computing system from the IdP authority, an authorization token including the authentication nonce value, where the authorization token is signed by a private key of the IdP authority. The method may further comprise providing a message including the authorization token from the client computing system to a target computing system via an intermediary co-signer (ICS) configured to authenticate the message.

A system for authenticating a principal comprises first and second authentication systems and an authentication artifact signing service. The first authentication system issues a request comprising an authentication artifact associated with the principal and a specification of one or more modifications to be made thereto, the authentication artifact being generated by a second authentication system, signed thereby using a key, and stored by the first authentication system. The signing service receives the request and, responsive thereto: applies the modification(s) to the authentication artifact to generate a modified authentication artifact, signs the modified authentication artifact using a key of the second authentication system, and returns the signed modified authentication artifact to the first authentication system for use in authenticating the principal. The first authentication system executes in a different security domain than the signing service and is unable to access the key used thereby.

A device may determine that a network function of a network has been instantiated to facilitate communication via the network. The device may request a certificate authority to provide a certificate for the network function. The device may receive, from the certificate authority, the certificate. The device may generate a certificate profile to enable other network functions of the network to authenticate communications with the network function, wherein the certificate profile identifies: the certificate and a certification protocol. The device may provide, to the network function, the certificate profile to cause the network function to use the certificate to communicate with the other network functions.

A system for authenticating a principal comprises first and second authentication systems and an authentication artifact signing service. The first authentication system issues a request comprising an authentication artifact associated with the principal and a specification of one or more modifications to be made thereto, the authentication artifact being generated by a second authentication system, signed thereby using a key, and stored by the first authentication system. The signing service receives the request and, responsive thereto: applies the modification(s) to the authentication artifact to generate a modified authentication artifact, signs the modified authentication artifact using a key of the second authentication system, and returns the signed modified authentication artifact to the first authentication system for use in authenticating the principal. The first authentication system executes in a different security domain than the signing service and is unable to access the key used thereby.

Systems and methods for payment processing include receiving, by a payment terminal, a personal account number to complete a payment. The personal account number is encrypted by the payment terminal. The encrypted personal account number is sent from the payment terminal to a merchant server via a network. The encrypted personal account number is sent from the merchant server to a tokenization service provider server for tokenization and validation via a payment processor. The merchant server receives an indication of whether the transaction was successful and a token from the tokenization service provider server.

An encoding of a cryptographic key is obtained in a form of an encrypted key. Request is provided to a service provider including a fulfillment involving performing a cryptographic operation on data. Upon fulfillment of the request, a response is then received which indicates the fulfillment of the request.

An apparatus in one embodiment comprises a processing platform having at least one processing device. The processing platform implements a trusted bridge configured for at least temporary coupling between one or more data sources and a smart contract program of a blockchain. The trusted bridge comprises a secure enclave component and a relay component. Data obtained from a given one of the data sources via the relay component of the trusted bridge is authenticated in the secure enclave component of the trusted bridge. Information based at least in part on the data authenticated in the secure enclave component of the trusted bridge is provided to the smart contract program of the blockchain via the relay component of the trusted bridge. The secure enclave component illustratively receives a request for authenticated data from the blockchain smart contract program via the relay component, and responds to the request via the relay component.