WO2016179230A1 - Commande basée sur rôle de réponse incidente dans un environnement collaboratif sécurisé - Google Patents

Commande basée sur rôle de réponse incidente dans un environnement collaboratif sécurisé Download PDF

Info

Publication number
WO2016179230A1
WO2016179230A1 PCT/US2016/030688 US2016030688W WO2016179230A1 WO 2016179230 A1 WO2016179230 A1 WO 2016179230A1 US 2016030688 W US2016030688 W US 2016030688W WO 2016179230 A1 WO2016179230 A1 WO 2016179230A1
Authority
WO
WIPO (PCT)
Prior art keywords
workflow
computer
attorney
type selection
filtering
Prior art date
Application number
PCT/US2016/030688
Other languages
English (en)
Inventor
William KEY
Original Assignee
Cybersponse, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US14/703,881 external-priority patent/US20150235164A1/en
Application filed by Cybersponse, Inc. filed Critical Cybersponse, Inc.
Publication of WO2016179230A1 publication Critical patent/WO2016179230A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities

Definitions

  • Various systems and method for incident response may benefit from role-based control. More particularly, role-based control of incident response may be of benefit in a secure collaborative environment.
  • Various workflow management systems may relate to incident response systems.
  • incident response systems do not provide appropriate mechanisms and methods for addressing issues such as, for example, attorney-client privilege, work product privilege, confidentiality, and the like, at an early stage.
  • a method can include determining, by a computer for a computer-controlled workflow, whether filtering is activated. The method can also include determining, by the computer when filtering is activated, whether a threshold severity level is met by the workflow or whether a critical data type is implemented in the workflow. The method can further include alerting, by the computer, an attorney about the workflow when the threshold is met or the critical data type is implemented.
  • an apparatus can include at least one processor and at least one memory including computer program code.
  • the at least one memory and the computer program code can be configured to, with the at least one processor, cause the apparatus at least to determine, for a computer- controlled workflow, whether filtering is activated.
  • the at least one memory and the computer program code can also be configured to, with the at least one processor, cause the apparatus at least to determine, when filtering is activated, whether a threshold severity level is met by the workflow or whether a critical data type is implemented in the workflow.
  • the at least one memory and the computer program code can further be configured to, with the at least one processor, cause the apparatus at least to alert an attorney about the workflow when the threshold is met or the critical data type is implemented.
  • a non-transitory computer-readable medium can, according to certain embodiments, be encoded with instructions that, when executed in hardware, perform a process.
  • the process can include determining, by a computer for a computer-controlled workflow, whether filtering is activated.
  • the process can also include determining, by the computer when filtering is activated, whether a threshold severity level is met by the workflow or whether a critical data type is implemented in the workflow.
  • the process can further include alerting, by the computer, an attorney about the workflow when the threshold is met or the critical data type is implemented.
  • An apparatus in certain embodiments, can include means for determining, for a computer-controlled workflow, whether filtering is activated.
  • the apparatus can also include means for determining, when filtering is activated, whether a threshold severity level is met by the workflow or whether a critical data type is implemented in the workflow.
  • the apparatus can further include means for alerting an attorney about the workflow when the threshold is met or the critical data type is implemented.
  • Figure 1 is a process flow diagram illustrating a high-level workflow of an embodiment of a role-based control of a secure collaborative environment.
  • Figure 2 is a process flow diagram illustrating a workflow choice process wherein the lead role can decide on a type of workflow to be utilized as well as how the workflow will be executed.
  • Figure 3 is a process flow diagram illustrating an automated process to require verification and guidance as tasks are assigned and completed for a chosen workflow.
  • Figure 4 is a process flow diagram illustrating a directed-by-lead-role method of executing a chosen workflow.
  • Figure 5 illustrates the automatic keyword triggering process that may be implemented to further automate the process for keeping incident response communications and actions confidential and, in certain embodiments, privileged.
  • Figure 6 illustrates a system according to certain embodiments of the invention.
  • Role-based control of an incident response (IR) process in a secure collaborative environment can be performed on a computer system, sometimes referred to as an incident response platform (IRP).
  • IRP incident response platform
  • a method of role-based control, and the corresponding system can be designed to maintain confidentiality of the incident response process at all times, while also allowing various user roles to take the lead and have varying degrees of control over the process.
  • Such an approach may facilitate the execution of an organization's incident response policies in whatever manner the organization has determined to be appropriate.
  • the user in the lead role can be responsible for determining what policies and workflows to apply to maintain confidentiality.
  • One example may be when either in-house or outside counsel takes on a lead role in applying legal analysis to one or more steps of a response process. Such involvement may be undertaken at an early stage in order to maximize possible attorney-client privilege.
  • Figures 1-5 illustrates various embodiments of a method and system for maintaining process control of a cyber-security incident response team by a lead role during an incident response process.
  • FIG. 1 shows a high level overview of a basic process of certain embodiments for maintaining control as a lead role.
  • the incident response platform can be designed to receive event data or incident data from outside systems such as intrusion detection systems, antivirus, security information and event management systems, or any other system designed to detect cyber security events. This intake of event data and report of an incident is illustrated in step 101.
  • the secure collaborative environment can be initiated in step 102.
  • One or more connections to the secure collaborative environment can be encrypted using any desired mechanism, such as Hypertext Transfer Protocol Secure (HTTPS).
  • HTTPS Hypertext Transfer Protocol Secure
  • users pre-designated to access the system may be allowed to communicate by sending or receiving data. This limitation on users may be achieved through the storing of unique login credentials in an encrypted user database, or by other authentication mechanisms.
  • Login to the incident response platform can be further secured through two-factor authentication techniques.
  • the two-factor authentication techniques may require login credentials, such as username and password, and another form at the option of the user, including, but not limited to, a code sent via short message service (SMS) to the user, an authentication application on the user's smartphone, an encrypted dongle, or any other secondary mechanism for unique identification of the user.
  • login credentials such as username and password
  • SMS short message service
  • the secure collaboration environment of the incident response platform can contain the ability for users to communicate with each other through instant messaging, chat rooms, file sharing, white boarding, event feeds, user alerts and notifications, internal messaging, internal email, conference calling, SMS messaging, group SMS messaging, and other communication techniques including multimedia messaging.
  • a lead role can be determined.
  • the lead role may be automatically designated or manually designated.
  • the manual designation may be performed by a user having sufficient authorization, or by other mechanisms such as by voting amongst active users.
  • the user in the lead role can command the incident response process.
  • the lead role can refer to a user equivalent to a Chief Information Security Officer of an organization, a lead member of the incident response team, or, in certain embodiments, an attorney to coordinate the actions of the incident response team.
  • the lead role can be assigned initial tasks to be completed to begin the coordination of the incident response team. These tasks may include an initial analysis of the event data or incident data received by the incident response platform in step 101.
  • the lead role may make a determination as to whether to mobilize the incident response team and the proper course of action for the incident response team at this or any other desired time.
  • the lead role can make a decision about which workflow to execute and the method for such execution.
  • the lead role can have options to use automated workflows, manually created workflows, or a combination of both.
  • the lead role can also determine the method for maintaining control of the process of the incident response team. This process can be further seen by the illustrated provided in the example of Figure 2.
  • the lead role can oversee the execution of the chosen workflow.
  • the lead role can also coordinate communications among the incident response team.
  • the lead role can see the incident response process through until the incident is rectified.
  • FIG. 2 illustrates an exemplary process by which the lead role may determine that the incident response team is to proceed under a particular workflow.
  • the lead role can be presented with the event data or incident data received in step 101 and can be given a choice through a graphical user interface as to how to create a workflow for the incident response team to proceed.
  • the lead role can apply the lead role's expertise in applying best practices and/or legal standards to the choice in determining which type of workflow to utilize.
  • the lead role may choose to utilize a pre-determined workflow that is stored in a database.
  • Pre-determined workflows may have been previously created by users, including for example the user in the lead role.
  • the pre-determined workflows may have been provided by the incident response platform vendor or built automatically by the incident response platform itself.
  • the lead role may choose to build a workflow on-the-fly for the incident response team.
  • the lead role may apply its knowledge of legal standards to create a workflow.
  • the lead role may choose from pre-existing template workflows that are stored in a database and manually alter them to fit the current incident.
  • the lead role can then choose, in step 205 what type of lead role loop is to be utilized for the execution of the workflow.
  • the lead role may choose to use a verification and guidance loop, illustrated in Figure 3.
  • the lead role may choose to use the directed-by-lead-role loop, illustrated in Figure 4.
  • Step 208 represents the completion of the workflow by the incident response team under the direction of the lead role.
  • FIG. 3 illustrates an exemplary process by which the lead role may manage the incident response team using the verification and guidance loop.
  • the lead role can select the verification and guidance loop, which may have any similar descriptive name in the incident response platform, through the user interface.
  • the lead role can assign the workflow chosen earlier in step 201.
  • the lead role can be presented with a list of the members of the incident response team that may be included in the workflow assignment. This list can be populated through previous role-assignments stored in the database.
  • the lead role may make a determination as to which team members or role types to include in the workflow assignment.
  • steps 303 tasks may be generated to remedy the incident based on the workflow chosen by the lead role.
  • the task generation may be automatically performed by the incident response platform or manually by the lead role.
  • the tasks generated in step 303 may be assigned to members of the incident response team.
  • the tasks may be assigned according to role or according to person or by any other desired standard.
  • the lead role may decide whether and to whom to assign tasks.
  • the tasks may also be assigned automatically by the incident response platform.
  • step 305 input can be requested of the lead role as to whether to proceed with an assigned task.
  • the lead role may utilize the lead role's expertise and/or apply legal standards to approve an assigned task.
  • the lead role can also provide the incident response team member to whom the task was assigned with guidance on how to perform the task.
  • the approval process can be performed using the incident response platform graphical user interface on the lead role's console.
  • any guidance or communications between the lead role and the incident response team member can be done through the incident response platform secure communications system or any other desired communications system.
  • that communication may be filtered through the lead role to determine whether the communication should take place and whether the content of such communication should be sent as is or edited.
  • the lead role may further provide continuing guidance through the secure communications (or other) platform to incident response team members, as well as direct group communications through the other methods of communication within the incident response platform.
  • step 306 a determination can be made as to whether the assigned workflow has been completed. This determination may be done automatically by the incident response platform or manually by the lead role, for example. If it is determined that the workflow is not complete, and the incident has not been remedied, the process can return to step 304 where additional tasks may be assigned to incident response team members.
  • the process can end at step 307 and the incident can be considered resolved.
  • FIG 4 illustrates an exemplary process by which the lead role may manage the incident response team using a directed-by-lead-role loop.
  • the lead role can select the directed-by-lead-role loop, which may have any similar descriptive name in the incident response platform, through the user interface.
  • the lead role may assign the workflow chosen earlier in step 201.
  • the lead role may be presented with a list of the members of the incident response team that may be included in the workflow assignment. This list may be populated through previous role-assignments stored in the database.
  • the lead role may make a determination on which team members or role types to include in the workflow assignment.
  • the lead role can interpret industry and/or legal standards to apply to handle the type of incident that the incident response team aims to remedy.
  • the lead role in this step may further adjust the workflow to comply with the lead role's understanding of the industry and/or legal standards for conducting the response.
  • the lead role may coordinate with the incident response team using the secure communications system (or any other desired communications system) to ensure that the incident response team understands the workflow and requirements thereof.
  • the lead role may assign tasks to members of the incident response team according to the lead role's interpretation of the industry and/or legal standards for conducting the response.
  • the lead role may utilize the secure communications system to assign these tasks.
  • the lead role may continue to communicate using the secure communications system with the incident response team members and direct them on how to complete the response process.
  • all (or a subset thereof) communications between incident response team members may be sent to the lead role to determine whether the communication should take place and whether the content of such communication should be sent as is or edited.
  • the lead role may further provide continuing guidance through the secure communications platform with incident response team members as well as direct group communications through the other methods of communication within the incident response platform.
  • the lead role can make a determination as to whether the incident has been completed and can make a determination as to whether the workflow is complete according to the industry and/or legal standards that the lead role has applied to the process. If the lead role determines that the workflow has not been completed, the lead role may choose to return to step 403 and interpret the standard again. The lead role can also assign additional tasks to incident response team members. If the lead role determines that the workflow has been completed and the incident has been resolved, the lead role may end the workflow and mark the incident as resolved with a user interface.
  • Figure 5 illustrates an exemplary automatic keyword triggering process that may be implemented to further automate the process for keeping incident response communications and actions confidential and, in certain embodiments, privileged.
  • a pre-defined set of keywords can be stored in a database that a user has determined may give rise to the need for heightened protection of the communications.
  • the pre-defined set of keywords could include words such as "fault,” “mistake,” “error,” or “failed,” or names, such as names of personnel or names of customers.
  • the list can comprise a dynamic list of whatever words the user wishes to trigger enhanced scrutiny.
  • step 501 if a communication, incoming alert, incident record, or anything else defined by the user, contains one or more of the keywords, the system can detect the keyword and begin one of the automatic keyword triggering processes. The system can also, in step 502, halt any workflow processes that may be in progress for the related event or incident.
  • the system can then determine whether filtering has been activated in step 503.
  • Filtering in the automatic keyword triggering process can be a determination whether a specific threshold severity level or critical data type is present in the related event or incident record.
  • Threshold severity levels may be descriptive values such as “low,” “medium,” “high,” “severe,” “critical,” or other such values.
  • Threshold severity levels to be utilized may be generated or set by connected alerting tools, the system itself, or according to a user's choice. Threshold severity levels may also be quantitative scores based on industry standard formulas such as provided by the National Institute of Standards and Technology (NIST) or the Common Vulnerability Scoring System (CVSS), or may be custom-built by the user as well.
  • NIST National Institute of Standards and Technology
  • CVSS Common Vulnerability Scoring System
  • Critical data types may be designations of the specific types of data that may be implicated or compromised in an event or incident and may include personally identifiable information (PII), personal health information (PHI), payment card information (PCI), or any other type of data that the user or organization wishes to designate as important enough to trigger additional scrutiny or protection of the response process.
  • PII personally identifiable information
  • PHI personal health information
  • PCI payment card information
  • the system can proceed to step 504 and determine whether a threshold severity level or critical data type is present in the related event or incident record, for example based on user settings. If either is present, the system can proceed to step 506.
  • step 506 an attorney can be automatically alerted via email, SMS, automated phone call, or other communications method(s) that an event or incident requires the attorney's attention.
  • the attorney can then be presented with an attorney involvement type choice in step 507.
  • the attorney may elect to self-manage the event or incident, passively observe the response process, or deputize another lead for the response team to act on his or her behalf in a legal capacity.
  • attorney-client privilege may be maintained over some or most of the communications that occur during the response process.
  • the attorney may elect to discontinue attorney involvement, and the process may proceed to step 505.
  • the response process may resume according to whatever workflow process was associated with the event or incident in step 508 with attorney involvement according to the attorney involvement type.
  • step 504 If filtering was active in step 503 but neither the threshold severity level nor critical data type were implicated in step 504, the response process can resume according to whatever workflow process was associated with the event or incident without attorney involvement in step 505.
  • step 509 the system can still determine whether filtering is activated in step 510. If filtering is active, the process may proceed to step 504, discussed above.
  • step 510 If filtering is not active in step 510, the response process can resume according to whatever workflow process was associated with the event or incident without attorney involvement in step 505.
  • Figure 6 illustrates an exemplary system according to certain embodiments of the invention. It should be understood that each block of the flowchart of any of Figures 1-5 may be implemented by various means or their combinations, such as hardware, software, firmware, one or more processors and/or circuitry.
  • a system may include several devices, such as, for example, server 610 and terminal 620. The system may include more than one terminal 620 and more than one server 610, although only one of each is shown for the purposes of illustration.
  • a server can be any computer system, including a network server, a cloud server, or the like.
  • Each of these devices may include at least one processor or control unit or module, respectively indicated as 614 and 624.
  • At least one memory may be provided in each device, and indicated as 615 and 625, respectively.
  • the memory may include computer program instructions or computer code contained therein, for example for carrying out the embodiments described above.
  • One or more transceiver 616 and 626 may be provided, and each device may also include an antenna, respectively illustrated as 617 and 627.
  • Other configurations of these devices for example, may be provided.
  • server 610 and terminal 620 may be configured for wired or wireless communication and in such cases antennas 617 and 627 may illustrate any form of communication hardware, without being limited to an antenna.
  • Transceivers 616 and 626 may each, independently, be a transmitter, a receiver, or both a transmitter and a receiver, or a unit or device that may be configured both for transmission and reception.
  • a terminal 620 may be a mobile phone, smart phone, multimedia device, a computer, such as a tablet, personal data or digital assistant (PDA), or the like.
  • PDA personal data or digital assistant
  • Processors 614 and 624 may be embodied by any computational or data processing device, such as a central processing unit (CPU), digital signal processor (DSP), application specific integrated circuit (ASIC), programmable logic devices (PLDs), field programmable gate arrays (FPGAs), digitally enhanced circuits, or comparable device or a combination thereof.
  • the processors may be implemented as a single controller, or a plurality of controllers or processors. Additionally, the processors may be implemented as a pool of processors in a local configuration, in a cloud configuration, or in a combination thereof.
  • the implementation may include modules or unit of at least one chip set (e.g., procedures, functions, and so on).
  • Memories 615 and 625 may independently be any suitable storage device, such as a non-transitory computer-readable medium.
  • a hard disk drive (HDD), random access memory (RAM), flash memory, or other suitable memory may be used.
  • the memories may be combined on a single integrated circuit as the processor, or may be separate therefrom.
  • the computer program instructions may be stored in the memory and which may be processed by the processors can be any suitable form of computer program code, for example, a compiled or interpreted computer program written in any suitable programming language.
  • the memory may be fixed or removable.
  • a non-transitory computer-readable medium may be encoded with computer instructions or one or more computer program (such as added or updated software routine, applet or macro) that, when executed in hardware, may perform a process such as one of the processes described herein.
  • Computer programs may be coded by a programming language, which may be a high-level programming language, such as objective-C, C, C++, C#, Java, etc., or a low-level programming language, such as a machine language, or assembler. Alternatively, certain embodiments of the invention may be performed entirely in hardware.
  • certain embodiments may be configured to perform a method.
  • the method can include determining, by a computer such as terminal 610 for a computer-controlled workflow, whether filtering is activated.
  • the method can also include determining, by the computer when filtering is activated, whether a threshold severity level is met by the workflow or whether a critical data type is implemented in the workflow.
  • the method can further include alerting, by the computer, an attorney about the workflow when the threshold is met or the critical data type is implemented.
  • the method can also include suspending, by the computer, the workflow until an attorney involvement type selection is made.
  • the method can further include resuming, by the computer, the workflow upon the attorney involvement type selection being made.
  • the method can additionally include controlling, by the computer, the workflow in accordance with the attorney involvement type selection.
  • Control of the workflow in accordance with the attorney involvement type selection can involve routing at least a portion of communications of the workflow through the attorney or a person designated by the attorney. For example, in certain embodiments, all communications of the workflow may be so routed.
  • control of the workflow in accordance with the attorney involvement type selection can involve altering at least one of a content or a header of communications of the workflow based on the attorney involvement type selection. For example, a header of "privileged and confidential" or “attorney-client privileged” may be added to communications to and from the attorney, depending on the attorney involvement selection.
  • PII or PHI may be redacted prior to the communications being distributed amongst team members of incident response team.
  • the method can further include detecting, by the computer, at least one keyword in an alert, incident report, or communication of the workflow.
  • the method can also include halting, by the computer, the workflow when the at least one keyword is detected.
  • the method can additionally include alerting, by the computer when the filtering is not activated, the attorney about the workflow based on the detected at least one keyword.

Landscapes

  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • Engineering & Computer Science (AREA)
  • Strategic Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Economics (AREA)
  • Operations Research (AREA)
  • Game Theory and Decision Science (AREA)
  • Development Economics (AREA)
  • Marketing (AREA)
  • Educational Administration (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

Divers systèmes et un procédé pour une réponse incidente peuvent bénéficier d'une commande basée sur rôle. Plus particulièrement, une commande basée sur rôle de réponse incidente peut être bénéfique dans un environnement collaboratif sécurisé. Un procédé peut consister à déterminer, au moyen d'un ordinateur pour un flux de travail commandé par ordinateur, si un filtrage est ou non activé. Le procédé peut également consister à déterminer, au moyen de l'ordinateur lorsque le filtrage est activé, si un niveau de sévérité de seuil est satisfait par le flux de travail ou si un type de données critiques est mis en œuvre dans le flux de travail. Le procédé peut en outre consister à prévenir, au moyen de l'ordinateur, un avocat concernant le flux de travail lorsque le seuil est satisfait ou que le type de données critiques est mis en œuvre.
PCT/US2016/030688 2015-05-04 2016-05-04 Commande basée sur rôle de réponse incidente dans un environnement collaboratif sécurisé WO2016179230A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US14/703,881 2015-05-04
US14/703,881 US20150235164A1 (en) 2013-03-15 2015-05-04 Role-Based Control of Incident Response in a Secure Collaborative Environment

Publications (1)

Publication Number Publication Date
WO2016179230A1 true WO2016179230A1 (fr) 2016-11-10

Family

ID=56081559

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2016/030688 WO2016179230A1 (fr) 2015-05-04 2016-05-04 Commande basée sur rôle de réponse incidente dans un environnement collaboratif sécurisé

Country Status (1)

Country Link
WO (1) WO2016179230A1 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080040191A1 (en) * 2006-08-10 2008-02-14 Novell, Inc. Event-driven customizable automated workflows for incident remediation
US20110087510A1 (en) * 2009-10-14 2011-04-14 Everbridge, Inc. Incident Communication System
US20140282353A1 (en) * 2013-03-14 2014-09-18 Microsoft Corporation Software release workflow management

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080040191A1 (en) * 2006-08-10 2008-02-14 Novell, Inc. Event-driven customizable automated workflows for incident remediation
US20110087510A1 (en) * 2009-10-14 2011-04-14 Everbridge, Inc. Incident Communication System
US20140282353A1 (en) * 2013-03-14 2014-09-18 Microsoft Corporation Software release workflow management

Similar Documents

Publication Publication Date Title
US20150235164A1 (en) Role-Based Control of Incident Response in a Secure Collaborative Environment
USRE48669E1 (en) System and method for identifying and [assessing] remediating vulnerabilities on a mobile communications device
CN110463161B (zh) 用于访问受保护资源的口令状态机
US10057271B2 (en) Social media login and interaction management
US10445487B2 (en) Methods and apparatus for authentication of joint account login
CN104333863B (zh) 连接管理方法及装置、电子设备
US10237267B2 (en) Rights control method, client, and server
WO2015180690A1 (fr) Procédé et dispositif pour lire des informations de vérification
US20150095989A1 (en) Managing sharing of wireless network login passwords
US20170214679A1 (en) User-enabled, two-factor authentication service
US9690926B2 (en) User authentication based on established network activity
WO2017054504A1 (fr) Procédé et dispositif d'authentification d'identité, et support d'informations
US9355233B1 (en) Password reset using hash functions
EP3113419B1 (fr) Procédé d'accès à un réseau et routeur
US11025635B2 (en) Secure remote support authorization
EP3270318A1 (fr) Dispositif de terminal à module de sécurité dynamique et procédé pour son exploitation
US20150242625A1 (en) Pre-Delegation of Defined User Roles for Guiding User in Incident Response
US9888070B2 (en) Brokered advanced pairing
KR20150045488A (ko) 시스템 제어
CN105005726A (zh) 一种菜单项的控制方法及装置
US20180270249A1 (en) Enabling users to perform operations that require elevated privileges
CN105592009A (zh) 找回或修改登录密码的方法及装置
US10778434B2 (en) Smart login method using messenger service and apparatus thereof
JP2018523230A (ja) 損害報告されたアカウントのログイン方法及び装置
WO2016179230A1 (fr) Commande basée sur rôle de réponse incidente dans un environnement collaboratif sécurisé

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16725276

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16725276

Country of ref document: EP

Kind code of ref document: A1