公开(公告)号：WO2023273978A1

公开(公告)日：2023-01-05

申请号：PCT/CN2022/100359

申请日：2022-06-22

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION ,  IBM (CHINA) CO., LIMITED

Inventor： ZHANG, Feng ,  JIANG, Penghui ,  YIN, Ting ,  SU, Jun ,  PENG, Zhehua

IPC: H04L9/32 ,  G06F21/31 ,  H04L63/0876 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20

Abstract: Authentication management by receiving a request to initiate an authentication from a computing device of a user, directing the request to a selected authentication service of a plurality of authentication services, wherein the selected authentication service is determined dynamically based on respective authentication metrics of the plurality of authentication services, receiving authentication information via the selected authentication service, and authenticating the user based on the received authentication information.

公开(公告)号：WO2022103782A1

公开(公告)日：2022-05-19

申请号：PCT/US2021/058696

申请日：2021-11-10

Applicant: ST. JUDE MEDICAL, CARDIOLOGY DIVISION, INC.

Inventor： REMER, Isaac ,  MARASS, Timothy S. ,  SUTERMEISTER, Derek ,  HUANG, Hai

IPC: G06F21/44 ,  H04L9/32 ,  H04L63/0876 ,  H04L9/3236

Abstract: A method of authenticating devices utilizes a central ledger distributed to a plurality of local systems includes storing a unique identifier locally on each device, modifying a central ledger to include an entry associated with the unique identifier and communicating the central ledger to a plurality of local systems for storage. To authorize a device, the local system receives a unique identifier from a connected device and searches the local ledger to verify/authenticate the validity of the connected device for use in the local system. The local system may then modify an entry in the local ledger associated with the unique identifier to reflect use and communicate the modified local ledger from each of the plurality of local systems to the centralized system. The central system then modifies the central ledger based on the received local ledger and communicates the modified central ledger to a local system.

公开(公告)号：WO2022031454A1

公开(公告)日：2022-02-10

申请号：PCT/US2021/042844

申请日：2021-07-22

Applicant: CISCO TECHNOLOGY, INC.

Inventor： WETTERWALD, Patrick ,  ZADDACH, Jonas ,  THUBERT, Pascal ,  LEVY-ABEGNOLI, Eric

IPC: H04L29/06 ,  H04W12/06 ,  H04L2463/082 ,  H04L63/0853 ,  H04L63/0876 ,  H04L63/0884 ,  H04L63/16

Abstract: This disclosure describes techniques for device to device authentication. For instance, a first device may detect a second device, such as when a user physically attaches the second device to the first device or when the second device wireless communicates with the first device. A component of the first device and/or an authentication entity may then determine to authenticate the second device. In some instances, the component determines to authenticate the second device using information associated with an environment of the second device. To authenticate the second device, the authentication entity may send a request to a user, receive a response from the user, and then verity the response. After the authentication, the first device may determine that the second device includes a trusted device and establish a connection with the second device.

公开(公告)号：WO2021259589A1

公开(公告)日：2021-12-30

申请号：PCT/EP2021/064370

申请日：2021-05-28

Applicant: TYNTEC GROUP LIMITED

Inventor： TRAPP, Thorsten ,  WOLFRAM, Nicola ,  COPSEY, David Jonathan

IPC: H04L29/06 ,  H04L61/1511 ,  H04L63/0272 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/0876 ,  H04L63/107 ,  H04L63/18 ,  H04L67/02

Abstract: A gateway server that is operably connected to a network operator via a public IP network and a secure IP network. The gateway server comprises a first communication module operable to provide communication between the gateway server and the network operator using the public IP network. The first communication module has a first IP address. The server further comprises a second communication module operable to provide communication between the gateway server and the network operator using the secure IP network. The second communication module has a second IP address which has the same IP address as the first IP address. The gateway server is operable to receive one or more IP packets from the network operator via at least one of the public IP network using the first communication module and the secure IP network using the second communication module. Each of the one or more IP packets comprises associated header data. The gateway server is operable to interpret the header data of each of the IP packets, and to direct responses to the received one or more IP packets via the public IP network or via the secure IP network based on the interpreted header data so that the responses are routed via the IP network from which the corresponding respective IP packets were received.

公开(公告)号：WO2021247055A1

公开(公告)日：2021-12-09

申请号：PCT/US2020/040247

申请日：2020-06-30

Applicant: SAUDI ARABIAN OIL COMPANY ,  ARAMCO SERVICE COMPANY

Inventor： MUTAIRI, Baraka ,  GHANMI, Wail ,  OMAIR, Abdumajeed ,  KHALIFAH, Khalifah ,  RAMADY, Baher

IPC: H04L29/06 ,  H04L63/0876 ,  H04L63/0884 ,  H04L63/101 ,  H04L63/105 ,  H04L63/1466 ,  H04L63/16

Abstract: A method for preventing Medium Access Control (MAC) spoofing attacks in a communication network may include obtaining, by a protection layer, a connecting request for connecting a terminal to the communication network. The method may include issuing, by the protection layer, a MAC authentication request to a Network Admission Control (NAC) server, the MAC authentication request may be a request to determine whether a MAC address of the terminal is whitelisted. The method may include responding, by the NAC server, to the MAC authentication request of the protection layer by allowing the terminal to join the communication network based on whether the MAC address of the terminal is whitelisted. The method may include sending, by the NAC server, a log message to a log analyzer server, the log message including a result identifying whether the MAC address of the terminal is whitelisted.

公开(公告)号：WO2021231005A1

公开(公告)日：2021-11-18

申请号：PCT/US2021/026736

申请日：2021-04-10

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： TELLER, Rachel Anne Brown ,  SUBRAMANIAM, Sarat Chandra ,  BALL, Steven James

IPC: H04L29/06 ,  H04W12/069 ,  H04W12/08 ,  H04W12/33 ,  H04W12/47 ,  H04W12/61 ,  H04W12/63 ,  H04W12/68 ,  H04W12/77 ,  H04W12/06 ,  G06F21/34 ,  G06F21/36 ,  G06F2221/2111 ,  G06F2221/2113 ,  H04L2463/082 ,  H04L63/083 ,  H04L63/0876 ,  H04L63/0892 ,  H04L63/102 ,  H04L63/104 ,  H04L63/105

Abstract: According to examples, an apparatus may include a memory on which is stored machine-readable instructions that may cause a processor to receive a user credential from a terminal, in which the user credential is stored in a machine-readable code on a user device and the terminal obtained the machine-readable code from the user device. The processor may also identify at least one authentication factor associated with the user based on the user credential, in which the authentication factor(s) includes a physical location associated with the user and/or a time-based factor. The processor may further determine whether the authentication factor(s) indicates that the user is to be granted access to the terminal and based on a determination that the authentication factor(s) indicates that the user is to be granted access to the terminal, may grant the user access to the terminal.

公开(公告)号：WO2023275484A1

公开(公告)日：2023-01-05

申请号：PCT/FR2022/051285

申请日：2022-06-28

Applicant: ORANGE

Inventor： BENDIABDALLAH, Halim ,  NAJMI, Elyass

IPC: G06F21/34 ,  H04W12/50 ,  H04W12/06 ,  G06F21/44 ,  H04L63/0876 ,  H04L63/101 ,  H04W12/08 ,  H04W12/69

Abstract: Un procédé de gestion d'un dispositif électronique configuré pour communiquer avec au moins un terminal d'utilisateur (2) et au moins un serveur (3) est mis en œuvre par ledit serveur (3) et comporte : - réception en provenance du dispositif électronique, d'une requête d'identification (REQi) d'au moins un terminal d'utilisateur (2) sur lequel activer une application de gestion (APP) dudit dispositif électronique (1); - transmission vers au moins un terminal d'utilisateur identifié, d'une requête de notification (REQn) permettant l'activation d'une application de gestion (APP) sur ledit au moins un terminal d'utilisateur identifié (2).

公开(公告)号：WO2022132541A2

公开(公告)日：2022-06-23

申请号：PCT/US2021/062497

申请日：2021-12-09

Applicant: OKTA, INC.

Inventor： CHANDRAMOHAN, Kavitha ,  STOCKMANN, Johannes

IPC: G06F21/41 ,  G06F21/32 ,  G06F21/46 ,  H04L9/40 ,  H04L63/0442 ,  H04L63/0815 ,  H04L63/0861 ,  H04L63/0876 ,  H04L63/108 ,  H04L67/143

Abstract: A kiosk device is shared by many users of an organization in a sequential manner. The kiosk is provisioned so that each of the appropriate users of the organization may use it, and so that each such user may be provided with a federated identity by an external identity provider (IdP) system. The federated identity may be used to automatically provide the user with access to the user's different resources (e.g., the user's accounts on various third-party applications). An authenticator component of the kiosk device communicates with the external IdP system so as to securely and transparently provide the users with a federated identity. In order to provide additional security, the authenticator component and/or the IdP system may take into account organization-specific details when authenticating a user, such as whether a particular user is expected to be on duty with the organization at the current time.

公开(公告)号：WO2022005912A1

公开(公告)日：2022-01-06

申请号：PCT/US2021/039234

申请日：2021-06-25

Applicant: ILLUMINA, INC. ,  PALANISAMY, Prabhu ,  KARANGUTKAR, Milan ,  STINSON, Ryan

Inventor： PALANISAMY, Prabhu ,  KARANGUTKAR, Milan ,  STINSON, Ryan

IPC: H04L29/08 ,  H04L29/06 ,  G16B20/00 ,  G06F21/62 ,  G06F21/6245 ,  G16B50/30 ,  G16H10/60 ,  H04L63/0236 ,  H04L63/0807 ,  H04L63/0876 ,  H04L63/10 ,  H04L63/101 ,  H04L63/102 ,  H04L63/20 ,  H04L67/10 ,  H04L67/12

Abstract: Policy-based genomic digital data sharing facilitates a variety of sharing scenarios, including public access, tenant-to-tenant sharing, workgroup sharing, and access by external service providers. Genomic digital data can be published to the platform and controlled by access tokens that are generated based on access policies. The policies can support conditions that are evaluated at execution time and effectively place control of access to information in hands of the owning tenant. Sharing conditions can be easily specified to support various use cases, relieving administrators from excessive access control configuration.

公开(公告)号：WO2022002841A1

公开(公告)日：2022-01-06

申请号：PCT/EP2021/067671

申请日：2021-06-28

Applicant: DEUTSCHE TELEKOM AG

Inventor： MINOW, Jascha ,  JAHN, Carl ,  EL MALLOUKI, Said ,  PLATSCHEK, Martin Michael

IPC: H04L29/06 ,  H04W12/00 ,  G06F21/44 ,  G06F3/167 ,  H04L63/083 ,  H04L63/0861 ,  H04L63/0876

Abstract: Die Erfindung betrifft ein Verfahren, ein Nutzerendgerät sowie ein Kommunikationssystem zur Autorisierung eines Nutzerendgeräts bei der Verwendung eines Service in einem Kommunikationsnetz, insbesondere dem Internet, aufweisend, ein Nutzerendgerät aufweisend eine Rechnereinheit zum Ausführen von Algorithmen und zum Steuern des Nutzerendgeräts sowie eine erste Kommunikationsschnittstelle zum Aufbau einer Datenverbindung mit einem Server im Kommunikationsnetz, wobei der Service auf dem Server betrieben wird; wobei das Verfahren folgende Schritte umfasst: Erzeugung eines für das Nutzerendgerät charakteristischen Audio-Signals bei einer bevorstehenden Nutzung des Service; Erfassen des charakteristischen Audio-Signals durch das Nutzerendgerät; Übertragen des charakteristischen Audio-Signals über die Datenverbindung an den Server; Ermittlung durch den Server mittels in einer Datenbank hinterlegter Signature Keys, ob das übertragende Audio-Signal des Nutzerendgeräts mit dem erzeugten Audio-Signal übereinstimmt; Freischaltung des Nutzerendgeräts durch den Server für den Service bei Übereinstimmung der Audio-Signale.