A system for authorizing a serverless application function having a plurality of tenants, each tenant may include one or more entities that share a common access to a processing space and a data store. The system includes a gateway that receives a request from a tenant, an authorization component that access a public key assigned to the tenant, and a serverless processor that generates public and private keys for the tenant. The serverless processor also generates an access token for the first tenant that is signed using the private key and requests a transaction token from the authorization component using the access token. The authorization component transmits a transaction token to the serverless processor, which is used to make further requests to a virtual environment.

A system for authorizing a serverless application function having a plurality of tenants, each tenant may include one or more entities that share a common access to a processing space and a data store. The system includes a gateway that receives a request from a tenant, an authorization component that access a public key assigned to the tenant, and a serverless processor that generates public and private keys for the tenant. The serverless processor also generates an access token for the first tenant that is signed using the private key and requests a transaction token from the authorization component using the access token. The authorization component transmits a transaction token to the serverless processor, which is used to make further requests to a virtual environment.

An example method of operation may include one or more of identifying an inbound call intended for a mobile device subscribed to a protected carrier network, determining the inbound call is assigned an origination telephone number that is subscribed to the protected carrier network, determining whether an inbound call origination source location indicates the protected carrier network or an out-of-network carrier network based on one or more call parameters received with the inbound call, and determining whether to transmit an indication to the mobile device that the inbound call has an elevated likelihood of being a scam call based on the inbound call origination source location.

An example method of operation may include one or more of identifying an inbound call intended for a mobile device subscribed to a protected carrier network, determining the inbound call is assigned an origination telephone number that is subscribed to the protected carrier network, determining whether an inbound call origination source location indicates the protected carrier network or an out-of-network carrier network based on one or more call parameters received with the inbound call, and determining whether to transmit an indication to the mobile device that the inbound call has an elevated likelihood of being a scam call based on the inbound call origination source location.

Techniques for providing a securing platform for service provider network environments are disclosed. In some embodiments, a system/process/computer program product for providing a securing platform for service provider network environments includes communicating with an orchestrator and/or another network element on a service provider network to identify a subscriber with a new IP flow using a security platform; associating the subscriber with the new IP flow at the security platform; and determining a security policy to apply at the security platform to the new IP flow based on the subscriber.

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for implicitly linking access policies using group names. One of the methods includes receiving first information corresponding to a directory service of network users, the directory service configured to organize the network users into a plurality of user roles, receiving second information corresponding to a resource available to the network users, the resource having a plurality of policy groups, identifying at least one first user role name that matches at least one first policy group name, and linking the user role corresponding to the matched first user role name with the policy group corresponding to the matched first policy group name such that the one or more network users in the linked user role are subject to the usage policies associated with the linked policy group.

A Secure/Multipurpose Internet Mail Extensions (S/MIME) key material publication system that converts cryptographic material extracted from digitally signed and validated S/MIME messages it receives into key material formats suitable for populating email address books. Publication of the address book contents both internal and external to an organization is done using the standard address book lightweight database access protocol (LDAP). The wide availability and coordination of such automated address books distributing key material across the Internet allows the large installed base of S/MIME email clients to immediately send secure encrypted email across organizational boundaries. The system serves the role of public key server thus removing a barrier to ubiquitous secure encrypted email by simplifying global key management.

An automated process is disclosed for improving the functionality of computer systems and electronic commerce in user identity-proofing. Steps include verifying that a user who is electronically seeking identity proofing is on an electronic directory of persons eligible for such identity proofing; creating an attest list for the user that includes associates who can vouch for his or her identity; collecting a video or other data from the user; sending the video or data to the associates and asking them for a confirmation or a disavowal of the identity of the user; deriving a biometric from the video or data upon receiving the confirmation; and saving the biometric as an identify-proofed biometric.

A system and method is disclosed of extracting information from real-time network packet data to analyze connectivity data for client devices in a network. The method includes: detecting when client devices initiate a connectivity event; after detecting a connectivity event, waiting a period of time for the client device to either reach or fail to reach a network connected state; after waiting a period of time, recording connectivity event information; and sending the recorded connectivity event information to an analytics system for network incident and/or network congestion analysis.

A method, apparatus and computer program product are provided for implementing an improved directory services system. An example of the method includes transmitting an access request to a directory services server, the access request comprising user credentials, receiving, in response to validation of the user credentials by the directory services server, a directory services response from the directory services server, the directory services response comprising one or more fields of directory services data generated by the directory services server, translating the directory services response to generate a generic data object, wherein the generic data object comprises one or more values derived from the one or more fields of directory service data included in the directory services response, and providing the generic data object to an application.