CPC Class H04W

A multi-tenant system that provides cloud-based identity management receives a request to execute a job, where the job has a scheduled start time, or a timeframe to complete, that exceeds the validity time of a request access token. The system generates the request access token corresponding to the job, where the request access token has access privileges. The system schedules the job and persists the request access token. The system triggers the job at the scheduled start time and generates a derived access token based on the request access token, where the derived access token includes the access privileges. The system then injects the derived access token during runtime of the job and calls a microservice using the derived access token to execute the job.

A communication system includes a registration server, a management server and a first target device. When receiving destination information from a communication device, the registration server transmits authentication information to the communication device, transmits screen relating information to a destination indicated by the destination information, receives user information from the communication device and registers the user information therein. When receiving the authentication information from the communication device, the first target device transmits the authentication information and first device identification information to the management server. When receiving the authentication information and the first device identification information from the first target device, the management server registers the first device identification information therein. The user information in the registration server and the first device identification information in the management server are registered with being associated with each other.

Provided is an information processing apparatus including: a processing unit configured to selectively perform a process using information acquired from an application. The processing unit generates second key information based on first key information when the first key information is acquired from an application, retains specific information for specifying a target application on which a process is to be performed, when the first key information is acquired, determines whether an accessing application is the target application based on the specific information when being accessed by the application after the specific information is retained, performs a process based on information acquired from the accessing application and the second key information when the application is determined to be the target application, and refrains from performing a process using information acquired from the accessing application when the application is determined not to be the target application.

A system and method for mitigating security vulnerabilities of a computer network by detecting a management status of an endpoint computing device attempting to authenticate to one or more computing resources accessible via the computer network includes: detecting an authentication attempt by the endpoint computing device to the computer network; during the authentication attempt, collecting management status indicia from the endpoint computing device, wherein the management status indicia comprise data used to determine a management status of the endpoint computing device; using the management status indicia to identify the management status of the endpoint computing device and identifying the management status of the endpoint computing device; and controlling access to the computer network based on (a) whether the authentication attempt by the endpoint computing device is successful and (b) the identified management status of the endpoint computing device.

Disclosed embodiments relate to securely caching and provisioning secrets for use in an offline process. Techniques include accessing, at an endpoint computing resource storing a secret, a first cryptographic key; encrypting the secret using the first cryptographic key; receiving, from an auxiliary device, a second cryptographic key; encrypting the encrypted secret with the second cryptographic key to produce an encrypted block; sending, without using a network connection, the encrypted block to the auxiliary device for decryption; receiving, from the auxiliary device and without using a network connection, a decrypted version of the encrypted block; and decrypting the encrypted secret with a cryptographic key corresponding to the first cryptographic key.

A user device may request access to a service provided by an application server. The application server may request that an identity server authenticate the user device. The identity server may have a network authentication system assist with the authentication of the user device. Once authenticated by the network authentication system, the application server may be informed and may grant the user device access to the requested service. Additionally, the identity server may help determine whether the user device is a security threat by comparing user information from the network authentication system with user information from the application server. Additionally, the network authentication system may provide the application server with user information to enable the application server to automatically register the user device for a particular service.