Abstract: Concepts and technologies are disclosed herein for managing access based on activities of entities. A computing device can collect data that comprises an image. The computing device can identify an entity that is located in a range of a sensor. The computing device can determine an identity that is associated with the entity and an activity associated with the entity. The computing device can obtain a trust indicator associated with the entity. The computing device can determine, based on the trust indicator, if the activity should be allowed. If the computing device determines that the activity should be allowed, the computing device can initiate allowing of the activity. If the computing device determines that the activity should not be allowed, the computing device can initiate blocking of the activity.

Abstract: The present invention relates to a communication node, a method of operating the same, and a collaborative system.

Abstract: A computer-implemented method includes obtaining, by a processor, existing security information for static application security testing (SAST). The method also includes using, by the processor, the existing security information to discover, by a machine capable of learning, new security information. The method also includes improving, by the processor, security of a computer using the new security information.

Abstract: A system may include a first computing device that receives identification data and an identifying parameter associate with a user and requests a second computing device to authenticate the user based on the identification data. The second computing system may query a first database for a first portion of authentication data based on the identifying parameter and then determine that a second portion of the authentication data exists based on the first portion of the authentication data. The first portion of the authentication data may include a pointer that identifies a second database that includes the second portion of authentication data such that the second computing device may retrieve it. The first and second portions of the authentication data may then be combined to form a combined authentication data to then be compared with the identification data, and the results of the comparison are sent to the first computing system.

Abstract: Disclosed herein are systems and methods for granting access to a file. In one aspect, an exemplary method comprises, calculating a first hash of a portion of the file, searching for the first hash in a local database, when the first hash is found indicates that the file is malicious, calculating a second hash, searching for the second hash in the verdict cache, and pronouncing a final decision as to a harmfulness of the file, and when either the first hash is not found in the verdict cache or the first hash is found and indicates that the file is trusted, granting access to the file, calculating a second hash of the file, generating a request for information about the file and sending the request to a remote server, and pronouncing a decision as to harmfulness of the file based on results of the search received from the remote server.

Abstract: In response to a radio link failure between given user equipment and a source access node of a communication system during a data transfer operation over a control plane, a method is provided for recovering the radio link for the given user equipment through a target access node of the communication system. The radio link recovery is enabled via a mobility management node of the communication system using a non-access stratum security context previously established between the given user equipment and the mobility management node.

Abstract: Aspects of the invention include protecting data objects in a computing environment based on physical location. Aspects include receiving, by a computing system, a request to access an encrypted data from an authenticated user, wherein the encrypted data includes information about a data encryption key used to encrypt the encrypted data. Aspects also include providing, by the computing system, the encrypted data to the computer system where the user was authenticated, the computer system including a set of decryption keys protected by a master key stored within a hardware security module associated with the location of the hardware security module. Aspects further include decrypting, by the hardware security module, the encrypted data based on a determination that the data encryption key corresponds to one of the set of decryption keys, wherein the set of decryption keys are determined based on the location of the hardware security module.

Abstract: A password input system equipped with a security setting function is disclosed. The system includes one input unit configured to receive an input from user; an output unit configured to output a current state and result; a dedicated communication port configured to transmit and receive data to and from a password adaptor; a memory configured to save a program for security setting function; and a processor configured to execute the program saved in memory. When the processor waits for an input of a password from user and simultaneously password adaptor is coupled to dedicated communication port, the processor receives a password through communication with password adaptor and compares received password with a pre-saved password, and when the received password matches the pre-saved password, the processor unlocks a secure state without further inputting a password.

Abstract: According to a first aspect of the present invention, there is provide a method of electronically signing content. Content to be signed and an attribute sharing item are presented at a signing device associated with a signer. It is detected that the signer has accessed the attribute sharing item to provide one or more identity attributes which uniquely identify the signer. It is also detected that the signer has initiated a signing action at the signing device. The signing action and the identity attributes are transmitted to a signing service which is configured to create an electronic signature including encrypting the content to be signed and the one or more identity attribute.

Abstract: Systems and methods may be used for providing more secure authentication attempts by implementing authentication systems with credentials that include interspersed noise symbols in positions selected, for example by a user. These systems and methods secure against eavesdroppers such as shoulder-surfers or man-in-the middle attacks as it is difficult for an eavesdropper to separate the noise symbols from legitimate credential symbols. Some systems and methods may use a subset of a credential with the interspersed noise symbols.

Abstract: Methods and systems are described for verifying an identity of a user through contextual knowledge-based authentication. The system described uses contextual knowledge-based authentication. By verifying an identity of a user through contextual knowledge-based authentication, the verification is both more secure and more intuitive to the user. For example, by relying on confidential and/or proprietary information, the system may generate verification questions, the answers to which are known only by the user.

Abstract: A certificate renewal method includes a satellite certification authority (CA) receiving, from a central CA, permission configuration information including permission information for indicating that only renewal processes are executed, receiving a renewal request transmitted by a device, judging whether a renewal condition is satisfied, generating a new device certificate via a signing procedure implemented using a private key corresponding to a level 3 certificate of the satellite CA in response to determining that the renewal condition is satisfied, and transmitting the new device certificate to the device.

Abstract: A method for physical layer secure transmission against an arbitrary number of eavesdropping antennas includes: S1: communication between legitimate transmitter Alice and legitimate receiver Bob is confirmed; S2: Alice randomly generates a key bit bk with MS bits, maps the key bit bk into a key symbol K, and performs an XOR on the key bit bk and to-be-transmitted confidential information b to obtain an encrypted bits bs; S3: Bob transmits a pilot sequence to Alice, and Alice calculates a candidate precoding space W and transmits modulated symbol streams s=(s1, . . , sN) by using precoding W(e); S4: Bob measures received signal strength of each antenna, estimates the corresponding antenna vector e, inversely maps the vector e to obtain key symbols and key bits, and demodulates the received symbol streams in sequence at each activated antenna to obtain demodulated ciphertext bits; S5: Bob performs an XOR on observed key bits and the demodulated ciphertext bits to obtain the confidential information.

Abstract: [Problem] To provide a terminal registration system and a terminal registration method for improving user convenience in registration of a new terminal to a plurality of service sites. [Solution] The registered terminal 1 includes an Authenticator 10 including service site list information 110 that associates private keys and URLs for access to service sites with each other. A Registration Manager 100 acquires the service site list information 110 from the Authenticator 10 of the registered terminal 1. Then, the Registration Manager 100 performs FIDO authentication for a registration target service site using a private key of the registered terminal 1, on the basis of the acquired service site list information 110, and performs Registration of a newly generated cryptographic key at the new terminal 2.

Abstract: A privacy filter includes a plurality of micro louvers. Each micro louver of the plurality of micro louvers is a same size. Each micro louver of the plurality of micro louvers are laid flat on top of each other to form the privacy filter. The plurality of micro louvers includes a first micro louver and a set of micro louvers. The first micro louver is in a fixed position. The set of micro louvers has a first piezo element at a first end of each micro louver and a second piezo element at a second end of each micro louver. The first end is opposite the second end.

Abstract: Systems and methods for securely storing data for efficient access by cloud-based computing instances is provided. In one or more examples, a computing hub can receive one or more access requests to data stored within a persistent data storage computing resources that in connected to the computing hub. The computing hub can be configured to determine if the access request is from an authorized computing resource, and can then generate one or more tokens that provide access to the computing resource. The one or more tokens can include information regarding the IP address of the requesting cloud-based computing resource, and each time that the cloud-based computing resource uses the token to request access to the stored data, the computing hub can check the IP address of the computing resource against the IP address indicated on the token to decide whether or not to grant access to the data.

Abstract: The present application provides a secure element comprising a processor and a memory integrated into a semiconductor chip; the memory is configured to provide a storage space for the processor to load and run a secure program, the secure program includes an image of a secure operating system, and the image of the secure operating system includes a system image resident segment and a system image dynamic loading segment. The processor is configured to: divide the system image dynamic loading segment into a plurality of pages, where each of the plurality of pages includes some content of the system image dynamic loading segment; perform security processing on each of the plurality of pages; and migrate each security-processed page to an external storage of the secure element.

Abstract: Systems and methods provide for secure and efficient token generation, management, transfer, and authentication services in a biometric data environment. Various embodiments relate to a method performed by a processor of an authentication computing system. An example method includes receiving an update biometric reference sample and a user identifier, retrieving a previous biometric reference template record in a storage location based on the user identifier. The previous biometric reference template record includes a template record identifier uniquely identifying the previous biometric reference template record and a previous biometric reference template generated using a previous biometric reference sample.

Abstract: Provided is a method for authenticating a device. The method may include coupling a first device to an interaction database that is connected to a second device. The first and second devices store first group public and private keys. The second device also stores second device public and private keys. The first device transmits to a remote computer system a first message encrypted with a remote computer system public key that includes challenge data and response data encrypted with the first group public key and authentication data. The second device receives from the remote computer system a second message including the encrypted challenge data. The second device transmits to the remote computer system a third message including the response data. In response to receiving an authentication message, interaction may be permitted between the first device and remote computer system. A system and computer program product are also disclosed.

Abstract: Embodiments of the disclosure provide application management capabilities to enterprises. A computing device of a user, associated with the enterprise, receives an enrollment token signed with a certificate. The enrollment token includes an enterprise identifier associated with the enterprise. The computing device receives a package containing one or more applications. The package also includes an enterprise identifier. Installation and execution of one or more applications from the received package is accepted or rejected based on a comparison of the enterprise identifier from the enrollment token with the enterprise identifier from the received package or application. A web service provides validation services by monitoring the installation and execution of applications on the computing devices associated with the enterprise.