This disclosure relates to data security and cryptography. In one aspect, a method includes updating a user interface of a client device to present user interface controls that enable a user to specify data privacy settings that define how entities collect, store, and use data of the user. The data security system receives a request to modify a data privacy setting for one or more entities from the client device based on user interaction with one or more of the user interface controls. The request includes an ephemeral user identifier for the user and an attestation token. The data security system validates the request using at least the ephemeral user identifier and the attestation token. The data security system transmits data instructing the entity to modify usage of the user data based on the modified given data privacy setting to each of the one or more entities.

A system and method are provided for authenticating client devices communicating with an enterprise system. The method includes providing a policy enforcement interceptor to intercept API calls and enabling the policy enforcement interceptor to communicate with a policy information point to query the at least one endpoint for entitlements associated with an account. The method also includes intercepting an API call to the application API, communicating with the policy information point to determine entitlements associated with the account by having the policy information point query an entitlements database and, when the entitlements returned to the policy enforcement interceptor are valid, invoking a policy decision point to validate the client device. The method also includes, when the client device is validated, permitting invocation of the API. The method also includes providing an API response to the client device to permit access to the application via the API.

An application, executed by a User Equipment (“UE”), may receive an identifier, which may be used to monitor Key Performance Indicators (“KPIs”) associated with the UE. Such KPIs may be monitored in conjunction with execution of the application, such as at times that the application sends and/or receives traffic. The KPIs may be associated with sensor data, resources, and/or other features or functionality of the UE. The UE may obtain an identifier associated with the application and/or the UE from a KPI monitoring system of some embodiments, may obtain user consent to monitor and/or report KPIs associated with the application, and may provide such KPIs to the KPI monitoring system in conjunction with the identifier. The KPI monitoring system may generate aggregated KPI information, associated with the application, based on the KPIs received from the UE and/or KPIs received from one or more other sources.

An authority transfer system comprising a client, a resource server, a server that receives, from the client, an authorization request requesting permission to access to a resource managed by the resource server, and a user terminal possessed by an owner of the resource is provided. The server registers a first user terminal in accordance with a registration request of the first user terminal being received from the first user terminal, and determines whether or not a registered second user terminal can be deregistered in accordance with a registration cancellation request being received from the first user terminal, and if it is determined that the second user terminal can be deregistered, authenticates the first user terminal or the second user terminal, and deregisters the second user terminal in accordance with the authentication.

A user authentication method performed by an authentication management server constituting a block chain network with a target device may comprise receiving, from the target device, a transaction including authentication information of a user and a unique value of the target device; determining a token of the user stored in a smart contract based on the authentication information; and authenticating the user based on validity information of the token, ownership information of the token, and the transaction.

A system for detecting and mitigating forged authentication object attacks is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to retrieve the new authentication object from the authentication object inspector, calculate a cryptographic hash for the new authentication object, and store the cryptographic hash for the new authentication object in a data store; wherein subsequent access requests accompanied by authentication objects are validated by comparing hashes for each authentication object to previous generated hashes.

A method and apparatus of a device that authorizes a device for a service is described. In an exemplary embodiment, the device intercepts a request for a web page from a web browser executing on the device, wherein the request includes an indication associated with an authorization request for the service and the web page provides the service. In addition, the device presents an authorization user interface on the device. The device further performs a local authorization using a set of user credentials entered via the authorization user interface. The device additionally performs a server authorization with a server. Furthermore, the device redirects the web browser to the requested web page, wherein the web browser is authorized for the service provided by the web page.

An electronic device is disclosed. The electronic device includes a memory, a camera module, a communications module, and a processor that is configured to: receive, from the camera module, image data associated with a machine-readable optical label, the optical label encoding transaction details of a transfer of data to a recipient account, wherein the transaction details do not indicate an identity of the recipient account; receive a user input indicating authorization to initiate a transfer of data, via a protected resource, from an account associated with the user to the recipient account; and in response to receiving the user input, generate a request for initiating the transfer of data based on the transaction details, the request including an access token for use in authenticating the user on requests to access the protected resource.

An image forming apparatus includes a communication interface and a processor. The communication interface is configured to transmit data to and receive data from a cloud server that provides a cloud service. The processor is configured to receive a token from the cloud server via the communication interface, transmit a request including the token to the cloud server via the communication interface, receive a response including user information from the cloud server via the communication interface, and shift to a login state based on the user information.

Methods, systems, and apparatus, including computer programs encoded on computer storage media for data security protection are provided. One of the methods includes: receiving a job associated with a project, wherein the project is associated with one or more data sources; identifying a plurality of inputs and a plurality of outputs associated with the job; determining a plurality of required permissions associated with the job, wherein each of the required permissions comprises an operation on a required data source, the operation corresponding to at least one of the inputs or the outputs; verifying that the one or more data sources associated with the project comprise the required data source associated with each of the required permissions; and generating a token associated with the job, the token encoding the required permissions associated with the job, wherein the token is required for execution of the job.