A method for obtaining a command relating to a network access profile of an eUICC security module incorporated into a communication device and associated with a physical identifier. The communication terminal: obtains the physical identifier and an anonymous identifier of the security module is calculated from the physical identifier and a random parameter; transmits a request to obtain the command, via an “operator server”, to a “preparation server”, the request to obtain including the anonymous identifier of the security module; obtains the random parameter and calculates the anonymous identifier from the physical identifier of the security module and the random parameter; and sends, to a “discovery server”, a request to obtain information intended to obtain the command, this request to obtain information including the anonymous identifier, in order to obtain, in response, from the discovery server, an address of the preparation server.

A method for processing a security policy of a device may include a step for receiving, from another device, a first message including first information about a security policy of the other device. The first message may include a direct communication request message or a link modification request message. The method may further include the steps of: determining whether to accept or reject the first message on the basis of both the first information about the security policy of the other device and second information about the security policy of the device; and sending a second message on the basis of the determination.

The present invention provides a deployment platform that enables solution modules to be created and deployed without writing new code. The solution modules may include existing solutions, solution components, connectors, and the like selected from a solution library. The deployment platform includes a development engine providing functionality for generating deployment information for the solution module. The deployment information may include a blueprint or other information for deploying the solution module to target infrastructure. The deployment platform also includes a deployment engine providing functionality for deploying the solution module to the target infrastructure automatically. During deployment, the deployment engine pushes components of the solution module to the target infrastructure in accordance with the deployment information. During and after deployment, information may be captured and recorded to a distributed ledger to provide end-to-end visibility into the deployed solution over the deployment lifecycle (e.g., including initial deployment, updates/upgrades, and decommissioning).

A method includes determining a corresponding level of a security model associated with each device of a plurality of devices connected to a network, each level of the security model having a corresponding tag; applying, to each of the plurality of devices, the corresponding tag based on the corresponding level of the security model with which each of the plurality of devices are associated; receiving, over a network connection, network traffic from at least one of the plurality of devices and the corresponding tag; analyzing the corresponding tag associated with the network traffic; determining a destination for the network traffic; applying one or more security measures to the network traffic based on the corresponding tag for the at least one device and a corresponding tag of the destination for the network traffic; and sending the network traffic to the destination with the corresponding tag of the destination.

A method for providing online security may include: (1) receiving, by a validation computer program executed by a trusted entity backend for a trusted entity, a call from a web browser executed on a customer electronic device browsing a webpage for an online entity, the call comprising an online entity identifier for the online entity and a session identifier, wherein the webpage for the online entity may include a hidden <iframe> comprising code that causes the web browser to execute the call; (2) confirming, by the validation computer program, that a cookie for the trusted entity may be stored on the customer electronic device; and (3) returning, by the validation computer program, a first value indicating that the customer electronic device is known to the trusted entity or a second value indicating that the customer electronic device is not known to the trusted entity based on the confirmation.

A device configured to receive a connection request that includes device authentication credentials and to determine the user device passes authentication in response to identifying a device profile associated with the device authentication credentials. The device is further configured to receive user credentials for a first user and identify a first user identity that corresponds with the user credentials. The device is further configured to establish a first network connection with the user device, to send a token request to the user device, and to receive a token via the first network connection. The device is further configured to identify a second user identity based on the token, to determine the first user identifier matches the second user identifier, and to establish a second network connection for the user device, wherein the network connection enables the user device to access the network.

A processor may identify one or more predicted microservice chains for each of one or more user profiles. The one or more predicted microservice chains may be selected based on historical information. The one or more user profiles may each be associated with a respective user of a user device. The processor may analyze user specific information. The user specific information may be associated with the user device. The processor may determine, based on the user specific information, if the user device causes network intrusion. The processor may perform, based on the determination, an action for the user device.

A computer-readable medium contains cybersecurity configuration settings (CCS) generating file(s) including instructions when executed cause a processor of a computer located at a node in a networked system having computers including at least one computer system class to generate CCS. The CCS generating file includes group policy objects (GPOs) applicable to all computers, policy setting scripts that are applicable to <all the computer s, and group policy definition files which provide a policy setting library for the computer class. Execution of the CCS generating file at the node automatically generates the CCS for cybersecurity protection of the node. The computer class can include computer classes that include ≥2 different operating systems, and there can be a CCS generating file for each computer class. The CCS generating file can be a single multi-class CCS generating file that includes a plurality of CCS generating files.

Examples of techniques for validation of approver identifiers in a cloud computing environment are described herein. An aspect includes receiving, by a processor, a template that defines a plurality of actions to be performed by the processor. Another aspect includes determining for a first action of the plurality of actions whether the template specifies a first user identifier under which to run the first action. Another aspect includes, based on determining that the template specifies the first user identifier, determining whether the template specifies a second user identifier to approve running of the first action under the first user identifier. Another aspect includes, based on determining that the template specifies the second user identifier to approve running of the first action under the first user identifier, validating whether the second user identifier has permission to approve the running of the first action under the first user identifier.

According to one embodiment, a method, computer system, and computer program product for managing access to one or more protected web resources based on the location of an approver is provided. The present invention may include granting the requestor access to the protected web resource based on one or more access requirements being met, wherein at least one access requirement comprises a location of one or more authorization devices corresponding with one or more approvers being within a threshold distance of a computing device of a requestor requesting a protected web resource.