Systems and methods for network security are provided. Various embodiments issue single use certificates for validating remote endpoints access to the private network. Some embodiments use a triage zone (or triage gateway) to which remote device can calls into using a static issued certificate. However, instead of granting complete access to the virtual private network, the use of this static certificate only grants access to the triage zone where further validation of the endpoint without any access to sensitive content on the private network. The endpoint can be connected to an ID manager within the triage zone. The endpoint can then send the username and password to the ID manager that can create a single use certificate (e.g., valid for a limited period of time). While valid, the single use certificate can be used by the remote device to gain access to the production zone using a VPN tunnel.

A computer system configured to identify errors in a session launch initiated by a client application is provided. The computer system includes a memory and at least one processor coupled to the memory. The at least one processor is configured to receive one or more events from one or more applications or devices involved in the session launch, wherein an event of the one or more events comprises information from an application or device call (e.g., an application programming interface (API) call) communicated during the session launch, the information comprising destination information; build a primary Directed Acyclic Graph (DAG) based on the information from the API call; determine an error identifier based on the primary DAG; retrieve a troubleshooting recommendation from a library based on the error identifier; and send the troubleshooting recommendation to the client application.

Disclosed is an authentication management system including a custom credential provider installed on a computing device to support OS account authentication through an alternate authentication method that replaces an OS account authentication method supported by an operating system of the computing device, and an authentication management server communicably connected to the custom credential provider via a communication network to perform user authentication related to a user who attempts to OS account authentication using the alternate authentication information when the OS account authentication based on the alternate authentication information used in the alternate authentication method is attempted and transfer, to the custom credential provider, account authentication information necessary to perform OS account authentication according to the OS account authentication method supporting by the operating system or a seed value that is based on generation of the account authentication information when the user authentication is successful.

Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key. In an embodiment, the transmitting device can signal an attack or potential attack through the counter value. The attack signaling can further include information relating to the attack or potential attack.

A mobility management function receives a message indicating a revocation of an authentication and/or authorization (AA) of an aerial service of a wireless device. The mobility management function sends, to the wireless device and after an expiration of a time period in which a session associated with the aerial service is available after the revocation, a release message indicating a release of the session.

A method and system for authenticating a user for conduct of a transaction initiated by the user via a data-enabled telephone capable of initiating telephone calls over a network and of engaging in two-way data communication with a data server, wherein the caller identification data is received at the server and the data is associated with a user and provides a basis for authentication of the user and is used to address a message to the user, the message contains a logon key for use by the user in accomplishing the transaction.

A query referencing a function associated with a remote software component is received by a network-based data warehouse system. Temporary security credentials corresponding to a role at a cloud computing service platform are obtained. The role has permission to send calls to a web endpoint corresponding to the remote software component. A request comprising input data and electronically signed using the temporary security credentials is sent to a web Application Programming Interface (API) management system of the cloud computing service platform. The request, when received by the web API management system, causes the web API management system to invoke external functionality provided by the remote software component at the web endpoint with respect to the input data. A response comprising a result of invoking the external functionality is received from the web API management system, and the result data is processed according to the query.

A technique for managing, in a centralized manner, user accounts in a control system which includes two or more units is provided. A control system (2) is provided with first and second units (200, 300). The first unit (200), upon reception of an access request to the first unit (200) from an external device (500), requests the external device (500) to input a user account, and transmits the user account received from the external device (500) to the second unit (300). The second unit (300, U3) refers to registration information (330) defining account information of registered users, and, when the user account is determined to be registered, transmits to the first unit (200) a token indicating permission of access. The first unit (200) transmits the token received from the second unit (300) to the external device (500).

Methods, apparatus, and processor-readable storage media for temporary partial authentication value provisioning for offline authentication are provided herein. An example computer-implemented method includes generating, in response to a request from an access device, an intermediary set of cryptographic information from an initial set of cryptographic information; modifying the intermediary set of cryptographic information based at least in part on data pertaining to the access device and one or more security parameters, wherein modifying the intermediary set of cryptographic information comprises removing one or more items of the cryptographic information from the intermediary set; and transmitting, over a network connection, the modified intermediary set of cryptographic information to the access device for use in a subsequent offline authentication request.

A data monitoring system comprising a server communicatively coupled to a client device and a data module via a network. The server is configured to store a private key of a public-private key pair associated with the data module, receive a request from the client device for authenticated access to the data module, and generate an authentication key based at least on the private key and a time. The client device is configured to generate the request for authenticated access to the data module and transmit the request to the server. The data module is configured to store the private key of the public-private key pair associated with the data module, generate the authentication key based at least on the private key and the time, and grant access to the data module if the authentication key generated by the data module and the authentication key generated by the server match.