An information processing device according to the present application includes a control unit. The control unit acquires, from an authentication server in a state in which a first authenticator used for FIDO authentication and a second authenticator used for recovery for the FIDO authentication cooperate with each other, a recovery execution request that is transmitted from a user terminal including the second authenticator to the authentication server, and if the recovery execution request meets a predetermined authentication condition that is set in advance, notifies the user terminal including the second authenticator of a recovery execution permission.

Content, such as an encryption key, may be transmitted between computing systems that both use more than one encryption algorithm. Secrets may be used to encode the content. The different encryption algorithms may be used to separately encrypt the encoded content and the secrets prior to communicating the encrypted, encoded content and encrypted secrets between computing systems.

Techniques disclosed herein relate to the pairing of a pairing initiator device and a pairing responder device for communication. The pairing initiator device and the pairing responder device range with each other to determine the distance between the pairing initiator device and the pairing responder device. Based on the distance being below a threshold distance, the pairing initiator device and the pairing responder device wirelessly pair with each other without further input from the user.

A method of encrypting data, in particular encrypting data in dependence on a user verification confidence level. An encryption algorithm is provided, data is input into the encryption algorithm, along with a public key and an access structure comprising the user verification confidence level. The encryption algorithm is run to output a cypher text of encrypted data, whereby the access structure is embedded into the cypher text such that only an entity satisfying the access structure can decrypt the cypher text.

A software defined (SD) process control system (SDCS) includes a control container having contents which are executable during run-time of the process plant to control at least a portion of an industrial process. The SDCS also includes a security service associated with the control container and including contents which define one or more security conditions. The security service executes via a container on a compute node of the SDCS to control access to and/or data flow from the control container based on the contents of the security container.

An access control method and system that uses a physical proximity interface on a token dispenser device to obtain tokens on a blockchain which are used for subsequent access to a local network. The tokens are authenticated on the local network using proof of authority authentication. A client device can present a token to the local network from anywhere in the world in order to access at least one device on the local network. In an example, the method includes receiving, from the physical proximity interface of the token dispenser device, a token on a blockchain layer; presenting, to a node of the local network, the token; and receiving, from the node, successful authentication of the token by way of proof of authority authentication. The method can include, after the successful authentication of the token, authorizing the client device to access a device on the local network.

Technologies are shown for session centric access control of a remote connection that involve receiving a connection request, redirecting the request to a trusted authority, and receiving a redirection of the request along with a profile or role determined for the client. A container is created for a remote connection with a certificate and a public key along with an identifier for each endpoint authorized in association with the profile or role determined for the client. Single use credentials are created and a secure shell initialized for the remote connection using the credentials, certificate and public key. The secure shell is presented to the client and the credentials expired. When an access request for an endpoint is received via the shell, it is determined whether an identifier corresponding to the requested endpoint is stored in the container for the shell and, if so, access is allowed to the requested endpoint.

A method of restricting data access based on properties of at least one of a process and a machine executing the process includes receiving, by an access control management system, from a first computing device, information associated with an encrypted data object. The method includes requesting, by the access control management system, from a verifier, verification that a second computing device executes a process in accordance with a process attribute identified in the information associated with the encrypted data object. The method includes sending, by the access control management system, to the second computing device, the received information associated with the encrypted data object, responsive to the verification of the process attribute.

A system may include a first computing device that receives identification data and an identifying parameter associate with a user and requests a second computing device to authenticate the user based on the identification data. The second computing system may query a first database for a first portion of authentication data based on the identifying parameter and then determine that a second portion of the authentication data exists based on the first portion of the authentication data. The first portion of the authentication data may include a pointer that identifies a second database that includes the second portion of authentication data such that the second computing device may retrieve it. The first and second portions of the authentication data may then be combined to form a combined authentication data to then be compared with the identification data, and the results of the comparison are sent to the first computing system.

A method, system and apparatus for requesting a plurality of credentials from a trusted entity. A local validation device (LVD) receives a credential request or an identifier from each of a plurality of user devices. The LVD generates or compiles a bundle of credential requests corresponding to the plurality of user devices. The LVD transmits the bundle of credentials requests to the MVD. The MVD receives the bundle of request and performs a validation for each request in the bundle and then communicates the credentials and/or the results of the validations to the LVD. The LVD communicates credentials to each of the plurality of user devices. In some cases, the LVD performs the validation for each credential request. For instance, the LVD can receive a local enforcement policy from the MVD, which can provide instructions or guidance to the LVD as to how to perform the validations.