A system and method for secure authentication of user entity and user entity device identity. The system and method described herein allows an identity to be continuously proven because of user entity's behavior and their biometrics. With all the fraud and risk that exists today, if someone has a user entity's driver's license they can do a lot of harm. By tying a user entity's identity to their user entity device (e.g., a mobile smartphone), then when a user entity enters a location (e.g., airport, hotel, bank), the user entity device announces through a wireless “I Am Here” signal which starts a process of continuous authentication while the user entity device interacts with the services offered by the location.

A method for managing data includes obtaining, by an indirection logic service, a data request for data, wherein the data request specifies a ledger entry, identifying an indirection logic entry stored in the indirection logic service based on the ledger entry, obtaining a selection of trust data from a client, wherein the ledger entry comprises metadata of the trust data, and initiating communication between the client and a local trust manager based on the selection of trust data, wherein the trust data was generated by the local trust manager.

A method and an apparatus for determining a security protection mode. In the method, a terminal device may determine a security protection mode of a second communications mode based on security protection information in a first communications mode. In this way, when switching from the first communications mode to the second communications mode, the terminal device may directly use the security protection mode corresponding to the second communications mode to protect transmitted data, so as to ensure data security of the terminal device after communications mode switching is performed.

A device receives a request for a trust designation for a user that is to utilize a merchant application to interact with one or more other users, wherein the merchant application includes one or more interfaces that allow the user to interact with the one or more other users while remaining anonymous or partially anonymous. The device obtains user data for the user based on information included in the request. The device determines the trust designation for the user by using a data model that has been trained using machine learning to process the user data. The device permits at least one of the one or more interfaces of the merchant application to display the trust designation, wherein the user remains anonymous or partially anonymous while the trust designation is displayed.

Various systems and methods for user-authorized onboarding of a device using a public authorization service (310) are described herein. In an example, a 3-way authorization protocol is used to coordinate device onboarding among several Internet of Things (IoT) Fog users (e.g., devices in a common network topology or domain) with principles of least privilege. For instance, respective onboarding steps may be assigned for performance by different Fog ‘owners’ such as respective users and clients (350A, 350B, . . . , 350N). Each owner may rely on a separate authorization protocol or user interaction to be notified of and to give approval for the specific onboarding action(s) assigned. Further techniques for implementation and tracking such onboarding actions as part of an IoT network service are also disclosed.

Systems, methods, and computer-readable media are provided for managing mutual and transitive trust relationships between resources, such as Fog/Edge nodes, autonomous devices (e.g., IoT devices), and/or analog/biological resources to provide collaborative, trusted communication over a network for service delivery. Disclosed embodiments include a subject resource configured to assign an observed resource to a trust zone based on situational and contextual information. The situational information may indicate a vector of the observed resource with respect to the subject resource. The contextual information may be based in part on whether a relationship exists between the subject resource and the observed resource. The subject resource is configured to determine a trust level of the observed resource based on the determined trust zone. Other embodiments are disclosed and/or claimed.

A securing method in a computing or communication network, the method making it possible to isolate a station connected to a wireless communication device of the network and identified as not complying with the security requirements defined for the network. The isolation of the connected station is performed automatically by a connection to a quarantine zone of the network, excluded from a so-called trusted zone. The device identified as not complying with the security requirements can, for example, access a wide-area network, such as the internet, but cannot access a secure local network.

A device receives a request for a trust designation for a user that is to utilize a merchant application to interact with one or more other users, wherein the merchant application includes one or more interfaces that allow the user to interact with the one or more other users while remaining anonymous or partially anonymous. The device obtains user data for the user based on information included in the request. The device determines the trust designation for the user by using a data model that has been trained using machine learning to process the user data. The device permits at least one of the one or more interfaces of the merchant application to display the trust designation, wherein the user remains anonymous or partially anonymous while the trust designation is displayed.

Embodiments disclosed herein may relate to systems and methods for secure authentication that enable a user to set up an account or log in an existing account upon an existing user vouching for the user. Embodiments disclosed herein comprise a central server that verifies one or more attributes of the user by transmitting multiple decentralized verification notifications to multiple existing users. Upon receiving a verification quorum, the server may then authenticate the user and grant the user access to a network and/or a database.

A computer implemented method for synchronizing multi-tenant single sign-on configuration. Utilizing a combination layer that is configured a single time to interact with a trust application at an identity provider. The combination layer is also configured to interact with the service provider and manages the security token and authentication state of the user. The identity provider can create a single long-lived trust application that is only responsible for redirecting to the combination layer, rather than a creating plurality of short-lived applications that redirect to a service provider every time a user login request is received. Thus, resulting in improved utilization of computing resources at the identity provider.