Abstract: A computing system includes a virtual server to provide a virtual computing session, and a client device to access the virtual computing session via a communications network. The virtual computing session includes a remote browser, and the client device includes a local browser to access user credential information. The remote browser is used to navigate to a website requiring user authentication, receive a user credential challenge from the website, and request the user credential information from the client device to satisfy the user credential challenge. The client device provides the user credential information to the remote browser for user authentication via the local browser, so as to satisfy the user credential challenge of the website.

Abstract: Disclosed herein are systems and methods for changing a password of an account record under a threat of unlawful access to user data. In one aspect, an exemplary method comprises generating, by an account records generator, a set of known user account records and sending the generated set of known user account records to a determination module, identifying, by the determination module, a use of at least one user account record from the generated set, and sending, to a verification module, data about the at least one user account record, performing, by the verification module, a verification of a presence of a threat of unlawful access to user data, the unlawful access being performed using the at least one user account record and performing, by a change module, the changing of a password of the at least one user account record the use of which has been identified.

Abstract: Systems and methods for providing authentication and authorization for software license management of a particular software-controlled application are disclosed. Exemplary implementations may: store information electronically, including different types of user information, hardware information, key information, and license information; receive a user request for user-specific authentication and device-specific authorization to access and/or use the particular software-controlled application; perform different types of (automated) verification based on the user identifier, the hardware identifier, and the machine identifier in the user request; and, responsive to particular results from the different types of verification, perform some combination of transferring a response to the user request and performing registration and/or assignment as requested.

Abstract: A layered-infrastructure blockchain-based system for software license distribution includes a distributed cloud of blockchain full nodes. Each blockchain full node contains a blockchain data structure on which a complete set of license key transactions are recorded. The layered-infrastructure also includes a plurality of storage systems. Each respective storage system contains a blockchain light data structure on which only a subset of license key transactions associated with that respective storage system are recorded. A plurality of hosts connect to the plurality of storage systems. As the hosts connect to the storage systems, license key transactions are generated, such that the license key transactions that are recorded in the blockchain-based system for software license distribution are associated with the connection events between the plurality of hosts and the plurality of storage systems.

Abstract: A system and a method are provided for facilitating the security of sets of credentials. The system and method allow a user to lock or unlock a credential set of at least one user account. The user attempts to access the user account as standard procedure. Before a service provider goes through an authentication process, a third-party server of a service provider requests a token from the system. Based on if the credential set is in a locked status or unlocked status, at least one remote server of the system respectively relays an invalidation token or a validation token to the third-party server. If the invalidation token is relayed to the third-party server, the service provider does not go through the authentication process. If the validation token is relayed to the third-party server, the service provider proceeds with the authentication process as standard procedure.

Abstract: A method for providing authentication using an image sensor of an electronic device including: receiving, by the electronic device, a plurality of frames from the image sensor of the electronic device, wherein each frame includes a plurality of Optical Black (OB) pixels; determining, by the electronic device, a set of optimal OB pixels from the plurality of frames; and generating, by the electronic device, a unique key based on the set of optimal OB pixels for the authentication.

Abstract: A method includes receiving, by a virtual machine running on a computing system, a public cryptographic key associated with a peripheral device of the computing system. The method further includes, responsive to validating the public cryptographic key, encrypting a cryptographic nonce value with the public cryptographic key. The cryptographic nonce value encrypted with the public cryptographic key is transmitted to the peripheral device. The method further includes using a shared cryptographic key generated from the cryptographic nonce value to access contents of a direct memory access (DMA) buffer utilized by the peripheral device.

Abstract: A system for automating identifications of forbidden network connections is configured to create a network connectivity matrix comprising allowability indications indicating whether establishing network connections between network zones are allowed or forbidden. The system determines whether there is any network connection between devices connected to a firewall device that violates a corresponding allowability indication in the network connectivity matrix. In response to determining at least one network connection between different devices that violates the corresponding allowability indication, the system determines that the at least one network connection is a forbidden network connection.

Abstract: A system and method for preventing use of invalid digital certificates is disclosed. The method comprises receiving, in a validation service from a requesting entity, a cryptographic asset and a request to evaluate the cryptographic asset, the cryptographic asset uniquely assigned to one of the plurality of devices by an associated one of the commercially distinct entities, the request comprising the cryptographic asset, determining an evaluation state of the cryptographic asset at least in part from a database derived from a plurality of public keys currently assigned to the plurality of devices and previously received by the validation service, determining a disposition of the cryptographic asset according to a disposition policy associated with the determined evaluation state and the device and effecting the determined disposition of the cryptographic asset.

Abstract: The technology disclosed herein enables the detection and subsequent mitigation of threats in virtualized workload environments. In a particular embodiment, a method provides, in a workload orchestration platform, managing one or more first logical networks that include a plurality of first workloads and a plurality of shadow workloads. One or more initial processes of the shadow workloads, when instantiated, are known to a security application. The method further includes providing security permissions to the security application that enable the security application to manage the shadow workloads. Also, the method includes providing admin permissions to an administrator application that enable the administrator application to manage the first workloads irrespective of the shadow workloads.

Abstract: The performance of quantum key distribution by systems and methods that use wavelength division multiplexing and encode information using both wavelength and polarization of photons of two or more wavelengths. Multi-wavelength polarization state encoding schemes allow ternary-coded digits, quaternary-coded digits and higher-radix digits to be represented by single photons. Information expressed in a first radix can be encoded in a higher radix and combined with a string of key values to produce a datastream having all allowed digit values of that radix in a manner that allows eavesdropping to be detected without requiring the sender and receiver to exchange additional information after transmission of the information.

Abstract: A method for misbehaviour warnings in an intelligent transportation system (ITS) including determining at a network server that an ITS station is misbehaving. In response to determining that the ITS station is misbehaving, the network server transmits a misbehaviour warning message to the ITS station indicating that the ITS station is misbehaving. In response to transmitting the misbehaviour warning message and determining that the ITS station is continuing to misbehave, the network server includes information of the ITS station in a certificate revocation list (CRL) and transmits the CRL.

Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent executes an attestation algorithm to generate a first secure attestation for the first I/O device and a second secure attestation for the second I/O device, obtains a peer-to-peer communication key, and forwards the peer-to-peer communication key to the first I/O device and a second I/O device to enable secure peer-to-peer communication between the first I/O device and the second I/O device over a communication link secured by the peer-to-peer communication key. Other embodiments are described and claimed.

Abstract: This disclosure describes, in part, techniques and systems for enabling new devices introduced into respective environments (“provisionee devices”) to be provisioned by existing devices in the respective environments (“provisioner devices”) in a manner in which the provisioning requests sent by the provisioner devices are allocated over time and, thus, do not overwhelm the provisioning system(s) at any given time.

Abstract: A method for providing ciphertext data by a first computing device having memory includes obtaining, from the memory, plaintext data having a structure; providing the plaintext data to a structure preserving encryption network (SPEN) to generate the ciphertext data, where the structure of the plaintext data corresponds to a structure of the ciphertext data; and communicating, from the first computing device to a second computing device, the ciphertext data to permit analysis on the ciphertext data.

Abstract: Apparatuses, systems, methods, and computer program products are presented for an aggregation platform filter. A hardware computing device is configured to download users' data from a first plurality of third-party service providers over a data network on behalf of the users for a second plurality of third-party service providers. A filter module is configured monitor electronic credentials of users used by a hardware computing device to download the users' data. A filter module is configured to detect similar electronic credentials of a user for the same third-party service provider from a first plurality being used for multiple third-party service providers from a second plurality of third-party service providers. A filter module is configured to share, with multiple third-party service providers, the same data downloaded by a hardware computing device from a same third-party service provider with similar electronic credentials using a same session identity.

Abstract: A secure element device for use in a connected device includes a first interface configured to enable communication with a communication module and a second interface configured to enable communication with an action module of the connected device. A processor coupled to the first interface and the second interface, executes a first set of computer-readable instructions, stored in a memory of the secure element device, to authenticate, via the first interface, the connected device on the communication network. The processor also executes a second set of computer-readable instructions, stored in the memory, to perform one or both of (i) obtaining, via the second interface, data from the action module, the data to be transmitted over the communication network and (ii) controlling, via the second interface, the action module to cause the action module to perform one or more operations based on an instruction received over the communication network.

Abstract: The technology includes a method performed by a security system of a 5G network to protect against a cyberattack. The system can instantiate a function to monitor and control incoming network traffic at a perimeter of the 5G network in accordance with a security model that is based on a vulnerability parameter, a risk parameter, and a threat parameter. The system can process the incoming network traffic with the security model to output a vulnerability-risk-threat (VRT) score that characterizes the incoming network traffic in relation to the vulnerability parameter, the risk parameter, and the threat parameter, and causes one or more actions based on the VRT score to mitigate the cyberattack. The action(s) can include blocking the incoming network traffic at the perimeter of the 5G network.

Abstract: A method, a communication device and a computer program product for protecting communication devices from access by unauthorized users. The method includes retrieving, from a memory, a biometric sensor disable time range and determining, via a processor of the communication device, if a current time is within the biometric sensor disable time range. In response to determining that the current time is within the biometric sensor disable time range, the method further includes determining if the communication device is in a sleep mode and in response to determining that the communication device is in the sleep mode, disabling at least one biometric sensor.

Abstract: The present disclosure provides technical solutions related to distributed IPSec gateway. A control plane and a data plane of the IPSec gateway are divided, a plurality of gateway processing nodes may be run in the data plane to process data packets of incoming ESP/AR traffic and/or data packets of outgoing IP traffic. IKE information interaction may be handled in the control plane and the traffic may be steered on each gateway processing node in the data plane.