Apparatuses, methods, and systems are disclosed for protecting the user identity and credentials. One apparatus includes a processor registers with a mobile communication network using a first set of credentials, the mobile communication network supporting a plurality of network slices. The processor receives a public key for a network slice where slice-specific authentication is required and encrypts a second set of credentials using the public key. Here, the second set of credentials is used for authentication with the network slice. The apparatus includes a transceiver that sends a message to the mobile communication network, the message including the encrypted second set of credentials.

A mobility surrogate includes a humanoid form supporting at least one camera that captures image data from a first physical location in which the first mobility surrogate is disposed to produce an image signal and a mobility base. The mobility base includes a support mechanism, with the humanoid form affixed to the support on the mobility base and a transport module that includes mechanical drive mechanism and a transport control module including a processor and memory that are configured to receive control messages from a network and process the control messages to control the transport module according to the control messages received from the network.

System and method for secure time synchronization in an industrial facility, wherein a synchronization request of a facility component is transmitted to a registration service of a certificate management of the facility and the synchronization request is examined by the registration service, where the synchronization request includes a signature of the requesting facility component, and where depending on an outcome of the examination, a synchronization response is then transmitted to the requesting facility component a system time of the facility component is matched to a system time of the registration service based on the synchronization response.

Methods and systems are disclosed herein for secure communication between computing devices. A mobile device may communicate with an untrusted device to cause the untrusted device to send information (e.g., encrypted information that the untrusted device is unable to decrypt) to a server using an Internet connection of the untrusted device. The mobile device may have limited or no access to the Internet. To prevent potential security risks associated with using a public or untrusted device, the mobile device may encrypt information stored on the mobile device (e.g., stored in a mobile application associated with the server), send it to the untrusted device (e.g., by displaying a QR code to a camera of the untrusted device), and the untrusted device may send the information to the server via a network connection of the untrusted device.

Systems and methods are provided for receiving encrypted data from a second computing system and instantiating the computing system to process the encrypted data. The instantiation includes decrypting the encrypted data using a private key, performing an operation on the decrypted data, presenting an output indicating a result of the operation on the decrypted data, and re-encrypting the decrypted data. After the data is re-encrypted, the data is transmitted to the second computing system or a third computing system.

Discussed herein are techniques for migrating an application from a source cloud environment (SCE) to a target cloud environment (TCE). Responsive to a request received by an application migration service (AMS) to migrate an application executed in a first compute instance in the SCE to a second compute instance in the TCE, the AMS authenticates credentials of a user with respect to the SCE. Upon the credentials being successfully authenticated, the AMS generates a public key and a private key. The public key is transmitted to a service manager that injects the public key in the application executed in the first compute instance and the private key is assigned to a source agent. The source agent obtains one or more artifacts and configuration information that enable execution of the application based on the private key, which are installed by a target agent in the second compute instance in the TCE.

Techniques for server control of client authorization proof of possession are described herein. In various embodiments, a first server provisions client authorization proof of possession for a client device a real-world time, a client public key, and a client private key. The first server generates provisioning response message(s) including the client public key, the client private key, the real-world time, and/or an assertion object, and sends the message(s) to the client device. In various embodiments, a client device obtains an authorization proof token generated based on a client public key, a client private key, and a real-world time provisioned by a first server. The client device generates a request and sends the request to a second server, the request includes the authorization proof token and an assertion object from the first server signed by a server private key and an expiration time and a reference to the client public key.

In one embodiment, a method comprises: securing, by a security agent executed within a network device, first secure data structures for secure storage in the network device and second secure data structures for secure communications in a secure peer-to-peer data network; monitoring, by the security agent, a corresponding mandatory lifecycle policy for each of the first secure data structures; and cryptographically erasing one of the first secure data structures in response to expiration of the corresponding mandatory lifecycle policy.

A key manager receives one or more asymmetric key pairs associated with a user to be associated with remote access of cloud computing resources, selects a first asymmetric key pair of the one or more asymmetric key pairs, determines one or more cloud service providers associated with the user, selects a first cloud service provider of the one or more cloud service providers to be associated with the first asymmetric key pair, determines one or more cloud service components associated with the first cloud service provider that are accessible to the user, provisions at least one of the one or more cloud service components with the first public key, and configures a connection component to establish a secure connection to the at least one of the one or more cloud service components using the first private key.

An operation method of a user device which performs near field communication (NFC) with a card reader includes downloading a service certification of a service, which the card reader provides, from a service authentication server through a network, sending status information of the user device to the card reader, receiving a service identifier (ID) which the card reader sends depending on the status information, performing an authentication process with the card reader based on a symmetric key when the service ID is present in the downloaded service certification, and sending an authentication success message to the card reader when the authentication process succeeds.