A provider system is connected to readers disposed at distances from the provider system. A secure local connection is established between the client device and the provider system via one of the readers. Before the client reaches an access touchpoint, the provider system receives from the client device a request for client access, the provider system sends to the client device a request for identification information of the client, and the client device sends client information associated with a first mobile identification credential (MIC) which the client device received from an authorizing party system (APS), the client having consented to release the client information to the provider system, and the client information having been verified. The provider system uses the verified client information associated with the first MIC to verify or not verify the identity of the client before granting or denying the request to the client.

The present disclosure provides a method, system, and device for security object synchronization at multiple nodes of an active-active environment. To illustrate, a source node may generate a corresponding security object sync request for each of multiple target nodes. The source node may send the security object sync request to the target nodes via a source queue and, for each target node, a corresponding distribution queue. A distribution queue may be closed based on an acknowledgement received from a corresponding target node, after a time period, or after a number of transmission attempts. A synchronization log may be maintained to indicate which security object sync requests have been delivered to which target nodes. In some implementations, the source node and the target nodes are part of an active-active environment that may be synchronized in time so the nodes resolve conflicts between received security object updates initiated from two different nodes.

Providing access to an external application includes receiving login credentials to access a client instance, wherein the login credentials are associated with a user account, causing the client instance to provide a link to an external application in the client instance, detecting a request to navigate to the external application from the link, generating a authentication record for the user account and the external application, storing information for the user account based on the authentication record, and generating a URL for the external application based on the authentication record. Providing access to the external application also includes receiving, from a remote client device hosting the external application, an authorization request comprising nonce information, determining that the user account is authorized to access the external application based on the authentication table, and providing access to the external application.

Techniques for allowing client devices to securely request services from remote servers without using a reproducible token on the client are disclosed. In an embodiment, the host-portion of a destination address, in whole or in part, is used as an authentication token to identify an end-user, to be a selector to retrieve a security or other policy, or to provide device-specific or user-specific content. In an embodiment, repeated unauthorized attempts to access services are monitored to allow a human or artificial network agent to take appropriate defensive action against attacks.

Provided is an apparatus including: a storage unit configured to store an account having a use authority for each of a plurality of learning algorithms; a use control unit configured to restrict use of each learning algorithm to a user of an account having a use authority for the learning algorithm; and a learning processing unit configured to perform learning processing of a learning model by one learning algorithm of the plurality of learning algorithms by using learning data supplied from a user of an account having a use authority for the one learning algorithm.

A method is provided for remotely and securely accessing a modem is provided that uses an encrypted authentication token with a modem password. The method includes receiving an encrypted authentication token from the modem, the authentication token having a modem password stored in secure memory and being encrypted according to a public key, transmitting the encrypted authentication token to an authentication server. receiving a decrypted authentication token from the authentication server, the decrypted authentication token comprising the modem password, generating an authentication key and a privacy key from the modem password, configuring modem interfaces at least in part using the authentication token, the modem interfaces including a network management protocol interface and communicating with the modem using the network management protocol interface according to at least one of the generated authentication key and the privacy key.

A reception service system transmits a first transmission rule to a predetermined client terminal among a plurality of client terminals in a case where an amount of data transmitted from the predetermined client terminal per unit time exceeds a predetermined value. Each of the plurality of client terminals transmits data about an event that has occurred at that client terminal to the reception service system, and stores the first transmission rule transmitted from the reception service system. The client terminal does not transmit at least some of the data about the event that has occurred at the client terminal so that the amount of data transmitted per unit time does not exceed the predetermined value according to the first transmission rule.

A communication device includes a transmission unit and a processing unit. The transmission unit transmits a packet group including multiple packets. In a case in which the communication device itself is not trusted by a destination communication device to which to transmit the packet group, the processing unit performs a process of instructing each of multiple nodes of a management unit that registers and manages management information distributed among the multiple nodes to register header information as the management information, the header information being partial information of a header included in each packet of the packet group transmitted by the transmission unit.

A method of preventing exploitation of a vulnerability of a computing system includes generating a deprivation token to cause disabling of a selected one or more features of a component of the computing system to prevent an exploit of a vulnerability affecting the selected one or more features; and publishing the derivation token to at least one of a computing system manufacturer computing system and an enterprise information technology (IT) computing system for distribution to affected computing systems.

Disclosed embodiments relate to systems and methods for securing the use of temporary access tokens in network environments. Techniques include identifying a request for an action involving a target network resource requiring a temporary access token; receiving, from the target network resource, a temporary access token; storing the temporary access token separate from the network identity; generating a customized replacement token having an attribute different from the temporary access token such that the customized replacement token cannot be used directly with the target network resource; providing the customized replacement token to the network identity; monitoring use of the customized replacement token to detect an activity identified as being at least one of potentially anomalous or potentially malicious; receiving an access request to access the target network resource; and based on the detected activity, denying the access request from the network identity.