Abstract: An information computer system is provided for securely releasing time-sensitive information to recipients via a blockchain. A submitter submits a document to the system and a blockchain transaction is generated and submitted to the blockchain based on the document (e.g., the document is included as part of the blockchain transaction). An editor may edit the document and an approver may approve the document for release to the recipients. Each modification and/or approval of the document is recorded as a separate transaction on the blockchain where each of the submitter, editor, approver, and recipients interact with the blockchain with corresponding unique digital identifiers—such as private keys.

Abstract: Disclosed herein are systems and methods for detecting unauthorized alteration with regard to a certificate store. In one aspect, an exemplary method comprises, tracking changes in a file system or a system registry of an operating system of a device with regard to the certificate store, detecting an alteration or an attempted alteration with regard to the certificate and sending information about the alternation or the attempted alteration to an analysis module, obtaining information about at least one certificate with which a change in the file system or the system registry with regard to the certificate store is connected, and determining a class of the change, where the class of the change is determined from a portion of the respective system registry or the file system in which the change occurred and from an action associated with the change, and comparing the obtained information to similar information on known certificates.

Abstract: An exemplary system preserves the autonomy of two or more distinct storage management systems all the while enabling backed up data to be restored from a first storage management system (the “local system”) to a specially-configured client in a second storage management system (the “remote system”). For example, backed up data in the local system (e.g., a secondary copy of production data) may be transferred, in a restore operation, from secondary storage in the local storage management system, which originated the data, to a client of the remote storage management system (the “remote client”). As a specially-configured “restore-only client,” the remote client is limited to receiving backed up data from the local storage management system, via restore operation(s) managed by the local storage manager. The remote client remains a full-fledged client in its home system, the remote storage management system.

Abstract: The technology described in this document can be embodied in a method that includes receiving, at one or more servers from a first computing device, (i) authentication information identifying a user-account associated with (a) the first computing device or (b) an application executing on the first computing device, and (ii) a transaction identifier generated by a second computing device. The transaction identifier is obtained by the first computing device by detecting one or more parameters of a magnetic field generated by the second computing device. The method also includes determining, by the one or more servers, that the user-account is authorized to initiate a transaction identified by the transaction identifier, and in response to determining that the user-account is authorized to initiate the transaction, transmitting, from the one or more servers to the second computing device, confirmation information usable by the second computing device to proceed with the transaction.

Abstract: A random-number generation unit generates a plurality of random numbers from a plurality of seeds. A data scrambling unit conceals concealment target data which is a concealment target by using the plurality of random numbers generated by the random-number generation unit. A transmission unit transmits concealed data which is the concealment target data concealed by the data scrambling unit to a data analysis device, and transmits any seed among the plurality of seeds to the data analysis device, after transmission of the concealed data to the data analysis device.

Abstract: A method for authentication between a server process and a client process by means of multiple communication including a primary authentication communication and a secondary authentication communication. The method includes steps for: the server process receiving from the client process an initiating communication of the primary authentication communication, the server process initiating the secondary authentication communication between the server process and a client authentication process, the server process receiving primary authentication information comprising an authentication code or an authentication result, the server process receiving secondary authentication information comprising an authentication code or an authentication result of the secondary authentication communication, and the server process establishing the authentication on the basis of the primary and secondary authentication information.

Abstract: Examples of the present disclosure describe systems and methods of providing real-time scanning of IP addresses. In aspects, input may be received by a real-time IP scanning system. The system may generate one or more work orders based on the input. A scanner associated with the system may access a work order and attempt to communicate with one or more devices identified by the work order. If the attempted communication with a device is successful, a protocol analyzer may be used to provide a predefined payload to the device. If the response from the device matches an expected string, the device may be determined to be a safe and/or legitimate device. If the response from the device does not match an expected string, the device may be determined to be a malicious device.

Abstract: A response method and system in virtual network computing authentication, and a proxy server, where the method includes receiving, by a proxy server, a password from a controller, receiving challenge information from a serving end, where the challenge information is generated by the serving end based on the virtual network computing authentication, determining a first response value according to the password and the challenge information, and sending the first response value to the serving end in order to resolve a problem that sensitive data of a user is leaked or decrypted by brute force because a response process in the virtual network computing authentication is completed by a client, thereby improving security in the virtual network computing authentication process.

Abstract: The described cipher system includes a bits of some randomness (BOSR) reservoir; a first multiplexer circuit that receives a BOSR key, a functional key, and a first control signal for selection between the BOSR key and the functional key; a second multiplexer circuit that receives a BOSR state, a functional state, and a second control signal for selection between the BOSR state and the functional state; a block cipher logic circuit that receives the outputs from the first and second multiplexer circuits and a functional input. The block cipher outputs bits into either the BOSR reservoir or as a functional output according to a third control signal. The cipher system includes a control logic block that outputs the first control signal, second control signal, and third control signal and controls whether a clock cycle of the block cipher logic circuit is used for a BOSR operation or a functional operation.

Abstract: A method authenticates a user in order to activate an access mechanism for a device. One or more processors detect a real-time initial emotional state of the user, where the real-time initial emotional state of the user dynamically changes over time. The processor(s) present content as a stimulus to the user, and predict a predicted post-stimulus emotional state of the user, where the predicted post-stimulus emotional state of the user is predicted to be caused by the content being presented to the user, and where the predicted post-stimulus emotional state is dependent upon the real-time initial emotional state of the user. The processor(s) detect a real-time post-stimulus emotional state of the user. The processor(s) match the predicted post-stimulus emotional state of the user to the real-time post-stimulus emotional state of the user, and then authenticate the user and activate an access mechanism for a device.

Abstract: The technology described in this document can be embodied in a computer-implemented method that includes receiving, at one or more servers from a first computing device, (i) first identification information identifying the first computing device or an application executing on the first computing device, and (ii) second identification information identifying a second computing device. The second identification information is obtained by the first computing device by detecting changes to one or more parameters of a magnetic field generated by the second computing device. The method also includes determining, by the server based on the first information, identity information of a user associated with the first computing device, and transmitting, from the one or more servers to the second computing device, the identity information, such that the identity information is usable by the second computing device to verify an access attempt by the user.

Abstract: A method and a device for directing traffic are provided. The method includes: determining whether a tag of a to-be-sent data packet is same as a reference tag configured in a preset matching rule; under situations where a determination result is that tag of the to-be-sent data packet is not the same as the reference tag configured in the preset matching rule, configuring the to-be-sent data packet with the reference tag by redirecting the to-be-sent data packet; sending the to-be-sent data packet configured with the reference tag.

Abstract: In one embodiment, a device in a network tracks changes in a source port or address identifier indicated by network traffic associated with a particular host in the network. The device detects an operating system start event based on the track changes in the source port or address identifier indicated in the traffic data associated with the particular host. The device provides data regarding the detected operating system start event as input to a machine learning-based malware detector. The device causes performance of a mitigation action in the network when the malware detector determines that the particular host is infected with malware.

Abstract: A hybrid device includes a personal digital key (PDK) and a receiver-decoder circuit (RDC). The PDK and RDC of the hybrid device are coupled for communication with each other. In one embodiment, the hybrid device also provides a physical interconnect for connecting to other devices to send and receive control signals and data, and receive power. The hybrid device operates in one of several modes including, PDK only, RDC only, or PDK and RDC. This allows a variety of system configurations for mixed operation including: PDK/RDC, RDC/RDC or PDK/PDK. The present invention also includes a number of system configurations for use of the hybrid device including: use of the hybrid device in a cell phone; simultaneous use of the PDK and the RDC functionality of hybrid device; use of multiple links of hybrid device to generate an authorization signal, use of multiple PDK links to the hybrid device to generate an authorization signal; and use of the hybrid device for authorization inheritance.

Abstract: A remote management method and a device, where the method includes receiving, by a subscription manager-data preparation (SM-DP+) server, a first identifier from a local profile assistant (LPA), searching for, by the SM-DP+ server, a remote profile management command corresponding to the first identifier, generating, by the SM-DP+ server, a first digital signature according to the first identifier and the remote profile management command, and sending the first digital signature and the remote profile management command to an embedded universal integrated circuit card (eUICC) using the LPA.

Abstract: A method to assess the distribution of electronic files within provider networks, wherein each provider network includes at least one server computer which distributes the electronic files to a multitude of client computers within the provider network. The present teaching also relates to an electronic data analysis device and a system for implementing such a method.

Abstract: Methods and systems for a transportation vehicle are provided. One method includes generating a packet by an application executed by a processor of a first seat device of an in-flight entertainment system having a plurality of seat devices on an aircraft; dropping the packet by the seat device when the application is not authorized for Internet communication; dropping the packet by the seat device when the packet is one of a broadcast packet, multicast packet or destined to a second seat device of the in-flight entertainment system; determining that the seat device Internet traffic is below a threshold value; and transmitting the packet to a network device when the application is authorized, and the packet is not a broadcast packet, multicast packet or destined for a second seat device.

Abstract: The system and method described herein may leverage active network scanning and passive network monitoring to provide strategic anti-malware monitoring in a network. In particular, the system and method described herein may remotely connect to managed hosts in a network to compute hashes or other signatures associated with processes running thereon and suspicious files hosted thereon, wherein the hashes may communicated to a cloud database that aggregates all known virus or malware signatures that various anti-virus vendors have catalogued to detect malware infections without requiring the hosts to have a local or resident anti-virus agent. Furthermore, running processes and file system activity may be monitored in the network to further detect malware infections. Additionally, the network scanning and network monitoring may be used to detect hosts that may potentially be participating in an active botnet or hosting botnet content and audit anti-virus strategies deployed in the network.

Abstract: A computer implemented system and method provide an authenticated unique digital identity through a verifying and validating an asserted identity of a user for enrollment in a secure personal dataset accessing system, wherein the personal dataset includes identifiable attributes of the user. Authenticity of an asserted user identity includes electronically verified identifiable attributes to form the personal dataset. A generated digital security element results in the user electronically receiving a password and unique electronic address assigned to the user. The digital security element is then transmitted to the user and enables electronic access to the personal dataset, the personal dataset having been authenticated through the verification and validation.

Abstract: The present disclosure provides a method and apparatuses configured for identifying a server instance in communications between an entity and a bootstrapping server. In particular, the method is directed to sending a data communication between the entity and the bootstrapping server, wherein the data include a pointer to the server instance. In addition, the bootstrapping server is configured to set, in at least part of data to be communicated to an entity, a pointer to a security server instance.