In an approach for authentication of a username, a processor maintains a mapping of usernames and realms. A processor receives a username and a time-based one-time password code (TOTP code) for the username based on an authentication application. A processor, upon receiving the TOTP code: determines a realm from the mapping based on the received username and the received TOTP; and requests an entry of a credential relating to the username in the realm. A processor, upon receiving of the requested credential, authenticates the username by determining that the received credential matches an expected credential for the realm.

A command to load or unload data at a storage location is received. In response to the command, a storage integration object associated with the storage location is identified. The storage integration object identifies a cloud identity object that corresponds to a cloud identity that is associated with a proxy identity object corresponding to a proxy identity granted permission to access the storage location. The data is loaded or unloaded at the storage location by assuming the proxy identity.

A system and a method are disclosed for authenticating a user of a mobile device using Unstructured Supplementary Service Data (“USSD”) protocol. The mobile device generates a One-Time Password (“OTP”) code and sends that OTP code to a telecommunications server that forwards the content of the USSD message to the application server using an included short code. The OTP code is also sent out to the application server outside of the USSD protocol. When the application server receives both transmissions, the application server compares the OTP codes of these transmissions and determines whether the codes match. If the OTP codes match, the application server determines that authentication is successful and transmits an authentication token to the mobile device that is used to secure communications between the mobile device and the application server.

A computing node in a distributed information security system, wherein the computing node is adapted to communicate with a subset of clients of the distributed information security system, wherein the computing node provides at least one cryptographic service for the clients of the subset, wherein the computing node is provisioned with a plurality of keys for use by said at least one cryptographic service, wherein the computing node is adapted to associate a key from the plurality of keys to a service request for a client according to a deterministic process based on one or more data associated with the client. A distributed information security system comprising a plurality of such nodes is also described, together with a method of providing a cryptographic service at such a computing node.

A Bluetooth device, which realizes different types of device by setting a MAC address of the device or a type of a broadcast device; when the device is used as a Bluetooth keyboard device, it can realize a function for inputting a dynamic password, and the device shifts an obtained dynamic password value into Bluetooth keyboard class virtual key information according to the Bluetooth keyboard protocol, and sends automatically the virtual key information to the upper computer successively, and the device can restore a type of the device so as to resolve a keyboard conflict between the keyboard device and the upper computer, in this way, the user makes less error to input a dynamic password and the identity authentication becomes safer.

A system and method for evaluating and improving the security of a local area network including an application residing on an external server configured to conduct a penetration test of the local area network by interrogating each of the devices on the local area network to identify vulnerabilities and risks associated with those devices, receiving a report listing all such identified vulnerabilities and risks, calculating an IoT readiness score for the local area network, and undertaking and/or recommending specific actions for improving the security of the local area network.

An apparatus comprises at least one processing device that is configured to control delivery of input-output operations from a host device to a storage system over selected ones of a plurality of paths through a network. The at least one processing device is further configured to generate a plurality of authentication tokens over time utilizing seed information of the host device, and for each of one or more of the input-output operations, to incorporate a particular one of the authentication tokens into the input-output operation, to send the input-output operation to the storage system, and to receive an indication from the storage system, responsive to the input-output operation sent to the storage system, as to whether or not the authentication token incorporated into the input-output operation matches a corresponding authentication token generated by the storage system. The at least one processing device illustratively comprises at least a portion of the host device.

Systems and methods of the present disclosure enable operation authorization using a dynamic code. Embodiments includes a computing system for receiving, from an access control server, an operation authorization request to authorize an operation by an initiator, where the operation authorization request includes a user identifier associated with the operation authorization request, and a dynamic code. The computing system accesses a dynamic key associated with a user credential associated with the user identifier and generates a recalculated dynamic code using a cryptographic algorithm and the dynamic key. The computing system authenticates the operation authorization request based on the dynamic code being equivalent to the recalculated dynamic code and returns the authentication to the access control server to authorize the operation.

An identity management system detects the occurrence of a trigger event, such as a time period expiration, or an action on the identity management system. The identity management system accordingly generates a new password for an account of a user on a third-party service and causes the account of the user on the third-party service to use the new password. The identity management system may also a mobile device management system to configure a client of the user with the new password.

Embodiments include a multi-tenant cloud system that receives a request for an authenticate action for a user. Embodiments create an authenticate target action and register a cache listener for a cache that includes a filter to listen for a target action response that is responsive to the authenticate target action, the filter listing a plurality of bridges assigned to an on-premise active directory. Embodiments randomly select one of the plurality of bridges and sends the authenticate target action to the active directory via the selected bridge. Embodiments wait for a cache callback and, at the cache callback, receive a target action response that includes a result of the authenticate action.