Methods and an apparatus are provided for securely authorizing access to remote resources. For example, a method is provided that includes receiving a request to determine whether a user device communicatively coupled to a resource server is authorized to access at least one resource hosted by the resource server and determining whether the user device communicatively coupled to the resource server is authorized to access the at least one resource hosted by the resource server based at least in part on whether the user device communicatively coupled to the resource server has been issued a management identifier. The method further includes providing a response indicating that the user device communicatively coupled to the resource server is authorized to access the at least one resource hosted by the resource server in response to a determination that the user device communicatively coupled to the resource server is authorized to access the at least one resource hosted by the resource server. The method yet further includes providing a response indicating that the user device communicatively coupled to the resource server is not authorized to access the at least one resource hosted by the resource server in response to a determination that the user device communicatively coupled to the resource server is not authorized to access the at least one resource hosted by the resource server.

A reception service system transmits a first transmission rule to a predetermined client terminal among a plurality of client terminals in a case where an amount of data transmitted from the predetermined client terminal per unit time exceeds a predetermined value. Each of the plurality of client terminals transmits data about an event that has occurred at that client terminal to the reception service system, and stores the first transmission rule transmitted from the reception service system. The client terminal does not transmit at least some of the data about the event that has occurred at the client terminal so that the amount of data transmitted per unit time does not exceed the predetermined value according to the first transmission rule.

An account protection service to prevent user login or other protected endpoint request abuse. In one embodiment, the service collects user recognition data, preferably for each login attempt (e.g. data about the connection, session, and other relevant context), and it constructs a true user profile for each such user over time, preferably using the recognition data from successful logins. The profile evolves as additional recognition data is collected from successful logins. The profile is a model of what the user “looks like” to the system. For a subsequent login attempt, the system then calculates a true user score. This score represents how well the current user recognition data matches the model represented by the true user profile. The user recognition service is used to drive policy decisions and enforcement capabilities. Preferably, user recognition works in association with bot detection in a combined solution.

A computer-implemented method for authentication is provided. The method includes displaying, on a display device and while in a locked state, a set of color wheels, each color wheel having a plurality of segments with each segment being a different color. User input is received via an input device on the set of color wheels. The user input is converted to a string. The string is communicated to an authentication server. In response to communicating the string, a response is received from the authentication server and the response is processed.

The technologies described herein are generally directed toward monitoring file sharing commands between network equipment to identify adverse conditions. According to an embodiment, a system can comprise a processor and a memory that can enable performance of operations including identifying a resource allocation communication between first network equipment and second network equipment via a network, with the resource allocation communication including a command authority and an allocation command. In an additional operation, based on the resource allocation communication, a validation source can be selected to validate the command authority for execution of the allocation command by the second network equipment. Further operations include, based on a failure to validate by the validation source, blocking execution of the allocation command by the second network equipment

Apparatuses, methods, and systems are disclosed for accessing an NPN using external credentials. One apparatus in a mobile communication network includes a processor and a transceiver that receives a registration request for a UE. Here, the UE does not have a subscription with the mobile communication network. The processor identifies a service provider of the UE and controls the transceiver to send an authentication message to an AAA server of the identified service provider. The processor receives an authentication response containing a master session key from the AAA server in response to successful authentication of the UE and derives a set of security keys (e.g., K.sub.AUSF, K.sub.SEAF) using the master session key.

The disclosed technology provides solutions for performing rapid authentication and authorization for distributed containerized microservices. In some aspects, a process of the technology can include steps for: associating a service type with a set of microservices or service pods, detecting deployment of a first microservice on a first host, and receiving an authentication and authorization state from a first virtual network edge (VNE) of the first host. In some aspects, the process can further include steps for distributing the authentication state to a second VNE on a second host, wherein the authentication state is configured to facilitate authentication of one or more subsequent microservices instantiated on the second host by the second VNE. Systems and machine readable media are also provided.

Presented herein are techniques to facilitate fast roaming between a mobile network operator-public (MNO-public) wireless wide area (WWA) access network and an enterprise private WWA access network. In one example, a method is provided that may include generating, by an authentication node, authentication material for a user equipment (UE) based on the UE being connected to a public WWA access network, wherein the public WWA access network is associated with a mobile network operator, and the authentication node and the UE are associated with an enterprise entity; obtaining, by the authentication node, an indication that the UE is attempting to access a private WWA access network associated with the enterprise entity; and providing, by the authentication node, the authentication material for the UE, wherein the authentication material facilitates connection establishment between the UE and the private WWA access network.

Systems and methods for verifying an identity of a first user involves receiving, at a server, a request from a communicatively coupled device of a second user to access information of the first user. The request includes information retrieved from a passive communication device associated with the first user and location information of the communicatively coupled device. In response, a location of an authenticated mobile device of the first user is determined, and when a location match is present, the identity of the first user is confirmed to the second user, and the second user is permitted to provide input into an account of the first user, such as for rating and reporting the performance of the first user. When a location match is not present, a message is transmitted to the second user indicating the identity of the first user is not confirmed and instructions provided to take action.

In general, techniques are described for supporting bulk delivery of change of authorization data in authentication, authorization, and accounting (AAA) protocols, where delivery is performed as a change of authorization after a subscriber has successfully authenticated and initially authorized. In one example, the techniques are directed to a method including determining, by a RADIUS server for a service provider network, change of authorization data for services to which the subscriber of the service provider network has subscribed. The method further includes generating, by the RADIUS server, RADIUS messages that form a transaction between the RADIUS server and a network access server acting as a RADIUS client. The RADIUS messages provide all of the change of authorization data to the network access server prior to the network access server provisioning the services. The method further includes outputting, by the RADIUS server, the RADIUS messages to the network access server.