Features are described for efficiently and accurately identifying a user of an electronic device with limited user interaction. The features include receiving a mobile device identifier from the mobile device. The features include transmitting the mobile device identifier to a service provider associated with the mobile device. The features include receiving information identifying the user from the service provider. The features include identifying a set of candidates associated with at least a portion of the information. The features include generating a metric for the candidates included in the set of candidates. An individual metric indicates a degree of relatedness between a value for the user for the at least one data field and a value for a candidate for the at least one data field. The features include identifying the user as a specific candidate included in the set of candidates based on the metric corresponding to a threshold.

A data management system manages secured data for a plurality of users. The data management system utilizes an access authorization system to authenticate users seeking access to the data management system. The access authorization system provides access tokens to authenticated users. The access tokens enable the authenticated users to access the data management system without again providing authentication data. The access authorization system includes, for each user, an access policy that governs whether the users can use the access tokens to access the data management system. The access tokens have a finite lifetime. If the users use the access tokens within the finite lifetime and if the users satisfy all of the access rules of the access policies, then the lifetime of the access tokens can be extended a finite number of times.

An access control apparatus and method for controlling a configuration of an automation apparatus. The method includes: reading authentication information from an electronic tag; transmitting the authentication information to a networked service; receiving access rights from the networked service; and controlling the configuration of the automation apparatus according to the access rights.

A system is described for authenticating a user on a client device using the user's mobile device and utilizing the audio channel. An authentication server receives a request from the client to initiate a session for the user, creates the session, and sends a session token back to the client along with a request for authentication. The client broadcasts an audio transmission containing the token to the mobile device over an audio channel using data-over-sound transmission. The mobile device receives the transmission via a microphone, obtains the token and the server identity from the transmission, and sends user credentials that are stored on the mobile device along with the token identifying the session directly to the authentication server. The server verifies the received credentials, confirms the token, and logs the user into the session.

According to some example embodiments, a method for providing security to a storage device includes receiving, by the storage device, a public key via a network; sending, by the storage device, the received public key and a proposed configuration corresponding to the storage device to a security manager that resides in a control plane of the network; determining, by the security manager, whether the public key received from the storage device matches a private key available to the security manager; downloading, by the security manager, the proposed configuration to the storage device; determining, by the security manager, if the proposed configuration is successfully downloaded to the storage device; operating the storage device according to the downloaded configuration; and granting, by the security manager, a request to lease the storage device operating in the downloaded configuration for a time interval.

The techniques herein are directed generally to providing access control and persona validation for interactions. In one embodiment, a method for a first device comprises: interacting with a second device on a communication channel; determining, over a verification channel with a verification service, that an identity of a user communicating on the second device is a verified identity according to the verification service; determining a persona of the user; querying a third-party entity to make a determination whether the persona is validated and to correspondingly determine a current privilege level; and managing interaction with the second device according to the determination whether the persona is validated and the corresponding current privilege level. Another embodiment comprises a verification server's perspective of facilitating the interaction between the first and second devices, where the verification server queries the third-party entity to validate the persona.

The invention discloses a method for managing communication authority based on multi-energy equipment data flow using digital twin and a system thereof, comprising the following steps: generating a unique permission code; Establishing a data flow interaction channel; utilizing a broadcast detection mechanism to periodically check the data flow communication authority based on the channel and continuously remove the data flow interaction channel that is expired and illegally authorized, thus to complete the data flow communication management. The present invention has the advantages that the management is more scientific, the algorithm is clearer, more efficient and safer, and the level is well arranged; the channel resource utilization rate is improved, filling the gap in the current stage of a method for managing communication authority based on multi-energy equipment data flow using digital twin and a system thereof, and ensuring the real-time mapping between physical entities and virtual images.

Disclosed herein are system, method and computer readable storage medium for enabling access control to be performed on messages received in a first-party (corporate) data center from a third-party (cloud) data center. Based on a received update request from an update service in the third-party (cloud) data center, an access control system (“ACL”) controller generates an ACL entry for enabling access to a first-party (corporate) data center from a system, within the third-party data center where a system configuration change was performed by a cloud platform. The ACL controller then transmits the ACL entry to one or more devices within the first-party data center, enabling access from the updated system hosted in the third-party data center.

A system and technique for a Request Forwarder as for a computer network architecture is disclosed to provide selective access to one or more cloud services. In some implementations, a computer system may receive a request for access to a cloud service, the request including a container credential. The computer system may determine an identification of the container using the container credential. The computer system may verify that the container requesting access to the cloud service is authorized based at least in part on stored policies. Based at least in part on the determination that the container requesting access to the cloud service is authorized: receiving instance credential from a metadata service. The computer system may include the instance credential with the request. The computer system may send the request to the cloud service. In various examples, the Request Forwarder can be provided as a service.

A computing system may receive a request of the user for a first action of the user with an entity. In connection with granting the request of the user, the computing system may configure a token for use by the user and the entity such that (i) the entity is added as an approved entity, and (ii) the token is configured with a resource amount of the first action as a usage threshold of the token. The computing system may receive a request of the entity to use the token. The computing system may determine whether granting the request of the entity would cumulatively exceed the usage threshold of the token. Based on a determination that granting the request of the entity would not cumulatively exceed the resource usage of the token, the computing system may grant the request of the entity to use the token.