Techniques that facilitate multiple sentinels for securing communications are provided. In one example, a system communicates with at least one multi-purpose device configured to communicate with one or more sources, at least one computing device configured to communicate with a defined source that is different than the one or more sources, and at least one security sentinel that manages one or more security processes for a communication network associated with the at least one multi-purpose device and the at least one computing device. The system also manages one or more other security processes for the communication network associated with the at least one multi-purpose device and the at least one computing device.

A query referencing a function associated with a remote software component is received by a network-based data warehouse system. Temporary security credentials corresponding to a role at a cloud computing service platform are obtained. The role has permission to send calls to a web endpoint corresponding to the remote software component. A request comprising input data and electronically signed using the temporary security credentials is sent to a web Application Programming Interface (API) management system of the cloud computing service platform. The request, when received by the web API management system, causes the web API management system to invoke external functionality provided by the remote software component at the web endpoint with respect to the input data. A response comprising a result of invoking the external functionality is received from the web API management system, and the result data is processed according to the query.

A control system includes a reader device including a transceiver for scanning scan for ephemeral ID signals, for detecting an ephemeral ID signal from a smart-device of a user not permanently associated with the user, for outputting to the smart device, reader data, in response to the ephemeral ID signal, and for receiving from the smart-device a first authorization server token, a processor coupled to the transceiver for determining whether the first token is valid, and for determining user data in a payload portion of the first token, a transmitter for transmitting the user data to a peripheral control unit, wherein a data protocol is selected from a group consisting of: Wiegand and OSDP, and the peripheral control unit for directing a peripheral device to perform a user-perceptible action in response to the user data.

A device-to-device authentication method based on a virtual authentication code is provided. The method includes transmitting a first code, receiving a second code reflecting an authentication result for the first code from a verification device, wherein the second code includes a hash value and role information for the client device generated by the verification device based on the first code, generating a third code that is the virtual authentication code, based on the first code and the second code; and transmitting the third code to at least one second device related to the role information.

A system and method for public API authentication by an API server includes receiving from a client/app a PK request for a Partial Key (PK), having a User ID, Session ID, rolling hash function (Fn2) version defining a client/app hash function (Fn2), and a received Temporary Key (TK); validating the received TK using Fn2 with the Session ID and either an Initial Key (IK) or a current PK; when the TK validation is complete, sending a PK calculated using a PK hash function (Fn1) with the User ID and a slot-generated rolling random number; receiving an API request for an API service having the User ID, Session ID, Fn2 version, and a received Authorization Key (AK); validating the received AK using Fn2 with the Session ID and the current PK; and when AK validation is complete, sending a successful response from the API service.

This disclosure relates to method and system for certificate-less security management of interconnected hybrid resources. The method includes selecting at least one hybrid resource from a plurality of hybrid resources in network to install pre-calculated security configuration. For each of the at least one hybrid resource, the method further includes receiving a One Time Password (OTP) valid for pre-configured time period, in response to an identity generation request for a hybrid resource; installing security data payload including the OTP and the pre-calculated security configuration, in the hybrid resource; receiving an identity issuance request from the hybrid resource through a secure channel upon installation of security data payload in the hybrid resource; assigning unique identity to the hybrid resource upon successful validation of the OTP received in identity issuance request; and generating, upon assignment, metadata corresponding to the hybrid resource for a Security Association Map (SAM) associated with the hybrid resource.

Systems, methods and devices for adding key chain and key derivative functions (KDF) support for Network time protocol (NTP) authentication using password based key derivation functions-NTP (PBKDF-NTP) are disclosed. In one embodiment, a method includes generating time bound multiple short lived keys instead of long lived keys for NTP security which ensures that attacker will not get enough time to crack the key values. The usage of time bound multiple short lived keys instead of long lived keys for NTP security will ensure that attacker will not get enough time to crack the key values within key lifetime. Hence man-in-middle attack can be avoided in NTP.

To provide an authentication technique having higher security between IoT devices and server devices or between IoT devices. The server device provides, to the terminal device, a parameter file including a predetermined identifier for uniquely identifying a relationship between the terminal device and the server device, and connection destination information regarding a connection destination of the server device, the terminal device accesses the server device specified by the connection destination information in the parameter file, requests issuance of a timed identification number, and transmits the identifier and the timed identification number to the server device when connecting to the server device specified by the connection destination information in the parameter file, and the server device authenticates the terminal device using the identifier, and confirms an authenticity of the terminal device using the timed identification number.

An image forming apparatus includes: a processor configured to: execute a linking application for a linkage with a specific service, to receive a linkage request from a user through the specific service; and perform an authenticating process that authenticates a user who uses the image forming apparatus, using user information on the user who uses the specific service linked as a result of an approval of the received linkage request.

In an approach for authentication of a username, a processor maintains a mapping of usernames and realms. A processor receives a username and a time-based one-time password code (TOTP code) for the username based on an authentication application. A processor, upon receiving the TOTP code: determines a realm from the mapping based on the received username and the received TOTP; and requests an entry of a credential relating to the username in the realm. A processor, upon receiving of the requested credential, authenticates the username by determining that the received credential matches an expected credential for the realm.