A method for user authentication according to one embodiment of the present disclosure includes acquiring authentication information including biometric information of a user, generating a random string and a helper string from the biometric information, generating a secret value that corresponds to the authentication information, generating a private key and a public key using the secret value and the random string, and transmitting the public key to an authentication server.

A mobile device comprises a functional arrangement for performing a function of the mobile device, a coupling device for connecting the mobile device to a stationary device, an authentication device for authenticating the stationary device and an activation device. The authentication device authenticates the stationary device based on information on the stationary device. The activation device activates the functional arrangement when the mobile device is connected to the stationary device by the coupling device, and when the stationary device has been authenticated by the authentication device.

The present disclosure involves systems, software, and computer implemented methods for user-controlled access control for user information. One example method includes sending an authentication request to authenticate as a requesting entity to a first decentralized resource directory of a providing entity. An authentication challenge is received, via the connection, from the providing entity, and in response to the authentication request, to store an authentication challenge value for an authentication challenge key in a second decentralized resource directory of the requesting entity. The authentication challenge value for the authentication challenge key is stored in the second decentralized resource directory. An authentication challenge response is sent to the providing entity requesting the providing entity to verify the authentication challenge. An indication is received from the providing entity indicating that the requesting entity is authenticated to the first decentralized resource directory as the requesting entity.

A method for facilitating identity and access management in a cloud environment based on a zero-trust configuration is provided. The method includes retrieving, via a job, a token from a corresponding identity provider, the job including a unit of work and a unit of execution that corresponds to a change; retrieving, via the job, a change authorization from a change management system, the change authorization including a signed change authorization; retrieving, via the job, a change artifact from an artifact repository, the change artifact including a signed change artifact; requesting, via the job, a change orchestrator to execute the change, the request including the token, the change authorization, and the change artifact; instructing, via the change orchestrator, a service broker to execute the change; and executing, via the service broker, the change within the cloud environment.

A quantum resistant method is provided for supporting user equipment (UE) roaming across APs/eNBs/gNBs belonging to various Wireless LAN Controllers (WLCs) in enterprise 5G and WiFi co-located deployments. The method may include initializing a SKS server in an electrical communication with a master WLC with a random post-quantum common secret seed (PQSEED) to generate a post-quantum pre-shared key (PQPSK) and a respective PQPSK-ID. The method may also include sending an encrypted PQSEED along with a PQPSK-ID to a second WLC. The method may further include joining AP (WiFi) to the master WLC using a CAPWAP/DTLS protocol. The method may further include sending the PQPSK-ID from the master WLC to the UE in an EAP success packet when the UE is associated with the AP (WiFi).

A method of creating and applying a self-authenticating digital identity for a user having an identity is described.

In one embodiment, a method comprises: receiving, by a parent network device providing at least a portion of a directed acyclic graph (DAG) according to a prescribed routing protocol in a low power and lossy network, a destination advertisement object (DAO) message, the DAO message specifying a target Internet Protocol (IP) address claimed by an advertising network device in the DAG and the DAO message further specifying a secure token associated with the target IP address; and selectively issuing a cryptographic challenge to the DAO message to validate whether the advertising network device generated the secure token.

In an access control method, a service access request of a service application is received. The service access request includes identity information of a user. An identity validation request is sent to a server. The identity validation request includes the identity information of the user. Challenge information is received from the server based on the identity information of the user in the identity validation request being determined to be valid. Signature information of the challenge information is generated based on the challenge information and a private key. The signature information is sent to the server. A signature valid message is received from the server based on the challenge information being obtained from the signature information with a public key associated with the identity information of the user. Based on the signature valid message, the service access request is sent to the server.

Permission control and management for messaging application bots is described. A method can include providing a messaging application, on a first computing device associated with a first user, to enable communication between the first user and another user, and detecting, at the messaging application, a user request. The method can also include programmatically determining that an action in response to the user request requires access to data associated with the first user, and causing a permission interface to be rendered in the messaging application, the permission interface enabling the first user to approve or prohibit access to the data associated with the first user. The method can include accessing the data associated with the first user and performing the action in response to the user request, upon receiving user input from the first user indicating approval of the access to the data associated with the first user.

A system for credential storing and verifying includes an interface and a processor. The interface is configured to receive an indication to register a credential. The processor is configured to indicate to store in a distributed ledger a DID document associated with a holder identifier using a smart contract. Storing using the smart contract employs a dual signature authentication scheme to authorize storing based at least in part on an individual signature and a ledger writer signature. The processor is further configured to indicate to store in the distributed ledger a schema associated with an issuer of the credential using the smart contract and indicate to store in the distributed ledger a credential definition associated with the schema using the smart contract.