A method in a first virtual private network (VPN) server associated with clustering a plurality of VPN servers in a clustered network, the method including receiving, from a VPN service provider (VSP) control infrastructure, VPN data associated with a user device having an established VPN connection with the clustered network; and communicating, utilizing key information, the VPN data with the user device during the established VPN connection. Various other aspects are contemplated.

A VXLAN access authentication method includes: An authentication point device receives a VXLAN authentication packet, where the VXLAN authentication packet is a VXLAN packet. The VXLAN authentication packet includes a VXLAN header and an authentication request sent by a terminal, the VXLAN header includes a first VNI, and the authentication request includes an authentication credential. The authentication point device obtains permission of the terminal or a second VNI based on the authentication credential. The permission of the terminal corresponds to the second VNI. The authentication point device sends the permission of the terminal or the second VNI to a control point device, where the control point device is a device that encapsulates the authentication request into the VXLAN authentication packet. In this application, VXLAN access authentication is performed on an overlay network, so that configuration complexity can be reduced when a VXLAN access authentication mode is modified or created.

A method for data processing is performed by an operation data recording device. The method includes: in response to a data access request sent by a client for a target vehicle, generating symmetric keys for symmetrically encrypting operation data of the target vehicle, in which the symmetric keys are generated based on a user ID and a primary public key for a third party, and the user ID is carried in the data access request; obtaining target encrypted data by symmetrically encrypting the operation data using the symmetric keys; and sending the target encrypted data to the client.

A method includes: in response to detecting a communication connection between the electronic device and the user equipment, obtaining a user instruction transmitted to the user equipment, the user instruction including at least one preset parameter for setting an interface feature of a target logical interface on the electronic device. The target logical interface is used for verifying an identity of a user. The method includes generating the target logical interface, by setting the interface feature based on the user instruction on the electronic device; obtaining verification information of a user; collecting a face image of the current user through the target logical interface; and verifying an identity of the current user based on the face image and the verification information.

A system allows for higher security guarantees on public or shared or even compromised equipment, which may be designated as untrusted equipment, without a need to install additional software on it or connect to it outside of general browser interactions. Based on this system, even if it is compromised, proper information separation may ensure security of the sensitive parts of data. That is, trusted information will only go to (outputs) or come from (inputs) trusted devices and insensitive information can go to or come from both trusted and untrusted devices.

A system for transmitting data objects among user profiles receives a request to transmit a particular number of a first type of data object to a receiver profile. The system determines whether a sender profile is associated with the particular number of the first type of data object. In response to determining that the sender profile is not associated with the particular number of the first type of data object, the system identifies one or more other types of data objects that correspond to the particular number of the first type of data object. The system initiates a user interaction session. The system generates a block within a blockchain network to store user interaction session metadata. The system transmits the identified one or more other types of data objects to the receiver profile. The system stores, in the block, a completion token that indicates the user interaction session is completed.

To control an image forming apparatus using a service on a network, an information terminal performs two-factor authentication and acquires authentication information through the two-factor authentication so that the image forming apparatus accesses the service.

Systems and methods are provided to utilize information from a directory service to determine, at a layer-one network policy server, the appropriate layer-two network policy server to which an authentication request should be routed. For example, a first directory service group may be created that includes all users using a first authentication type, a second directory service group may be created that includes all users using a second authentication type, etc. The layer-one network policy server may periodically synchronize with the directory service to download information about users in the different directory service groups, update a markup language document with that information, and use the markup language document to help route incoming authentication requests to the correct layer-two network policy server for a particular authentication type. In addition, a priority may be set (and changed) by an administrator favoring one or more authentication types in a network.

In some implementations, a device may monitor incoming messages to at least one message account of a user. The device may determine, based on monitoring the incoming messages, that one or more messages, of the incoming messages, are associated with resetting authentication information for one or more accounts of the user. The device may determine, based on determining that the one or more messages are associated with resetting authentication information, whether the one or more messages are indicative of abnormal authentication information resetting activity. The device may perform one or more actions based on determining that the one or more messages are indicative of abnormal authentication information resetting activity.

Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.