Abstract: A set of DLP rules are enforced to prevent loss of biometric data on a computing device. Attempts to perform operations targeting biometric data are detected, and the specific biometric data being targeted is identified. It is determined whether given attempted operations targeting biometric data are permitted, according to the set of DLP rules. This can take the form of enforcing DLP rules governing attempted operations based on factors such as the type of biometric data, quantity of biometric data, quality of biometric data, target of an attempt to transmit biometric data, specific users and/or applications that initiated attempted operations, specific people represented by the biometric data, relationships between them, etc. In response to determining that a specific attempted operation targeting biometric data is not permitted according to the DLP rules, the operation is blocked. If the DLP rules do not prohibit the operation, its execution is permitted.

Abstract: Methods and systems for visualizing, analyzing, archiving and securing computer and internet of things (IoT) data networks are disclosed. The system includes a data collection device (sensor), preprocessing unit, analysis unit containing at least the Koopman mode analysis unit, and a postprocessing unit. The methods include Koopman mode analysis, support vector machines or deep learning used to compute the baseline, detect and rank known and unknown threats to the system, visualize and archive them.

Abstract: A method for storing a data file, ‘DF’ on a storage entity, ‘SE’ includes a computing entity, ‘CE’, chunking the DF into a number of blocks using a one-way-function and a chunking key. The CE may compute a hash value for each of the blocks. One or more proxies, ‘PE’, may check whether the blocks are already stored, resulting in a first number of already stored blocks and a second number of blocks not being stored. The CE may encrypt the blocks not being stored using an encryption key, transmit the encrypted blocks to the SE for storing, and inform the PE about the hash value of each of the transmitted blocks and corresponding storage location information of the transmitted blocks.

Abstract: A method for connecting to a Wi-Fi hotspot device, the Wi-Fi hotspot device, and a user equipment (UE), where the method includes generating, by the Wi-Fi hotspot device, a two-dimensional barcode according to Wi-Fi authentication information, where the two-dimensional barcode includes the Wi-Fi authentication information, and the Wi-Fi authentication information is used for authentication prior to connection to the Wi-Fi hotspot device, and presenting, by the Wi-Fi hotspot device, the two-dimensional barcode to the UE using a display screen of the Wi-Fi hotspot device such that the UE may connect to the Wi-Fi hotspot device according to the two-dimensional barcode.

Abstract: In example embodiments, a first pattern of characters is displayed on a user interface of a user device. A user input is received and the first pattern of characters is replaced by a second pattern of characters. The user input is a selection of one of the characters from the pattern of characters. Each character is encrypted by a password selection rule (e.g., assign to a character selection the value of the character adjacent in a clockwise, counterclockwise, or diagonal direction from the selected character). After all user inputs are received determined from the password selection rule, an input password is generated. The generated input password is compared to a stored password designation to determine whether the input password matches the stored password designation. If the input password matches the stored password designation, the user is authorized to have access to the user device.

Abstract: The present invention provides a screen privacy protection method and system for a mobile terminal device. The screen privacy protection method comprises an environment data acquisition step, a privacy leakage determination step, a determination step and a screen privacy protection step. The present invention has the following advantageous effects: screen privacy can be effectively protected without the addition of hardware, a very good technical effect is achieved, and the screen privacy protection method and system provided by the present invention is worthy of popularization and application.

Abstract: A server provides activities and/or services to a player through a mobile device. In response to a request from the mobile device, information known to a player is determined and sent to the mobile device via the server. In this fashion, verification can be made that the mobile device is communicating with the server.

Abstract: Provided are an entity identity validity verification method and device with multiple trusted third parties being involved. In the application, validity of identities of entities performing mutual identity validity verification can only be verified by different trusted third parties. During the verification process, the trusted third parties that are respectively trusted by the two entities interact with each other, and provide identity validity verification services for mutual identity validity verification between the entities, to complete the identity validity verification between the entities.

Abstract: An information processing system includes multiple information processing apparatuses for providing a multitenant service. The information processing system is configured: to store a user account for each user belonging to one of a plurality of tenants provided by the multitenant service, the user account including a tenant ID of the tenant, and a role representing privilege of the user; to store license information assigned to each of the tenants, the license information including a license type representing a type of task allowed to be performed by the tenant; to receive a first request, from a first user belonging to a first tenant, for performing a task concerning a second tenant; and to determine, based on the role of the first user and the license information assigned to the first tenant, whether the performing of the task concerning the second tenant is allowed.

Abstract: A computer-implemented method for storing data of a new user account in a blockchain ledger, the method including: receiving, from a first client, by a server storing data in the blockchain ledger, an operation instruction instructing the server to create a user account corresponding to a user identifier, in which the operation instruction includes the user identifier and a public key parameter; obtaining, based on the public key parameter, a public key corresponding to the user identifier; creating, in the blockchain ledger, the user account corresponding to the user identifier; generating a data record including the operation instruction and the public key; and writing the data record into the blockchain ledger.

Abstract: This disclosure relates to providing a high availability computing service in a distributed system. In one aspect, a method includes sending, by a computing unit of multiple computing units that are each executing a respective copy of a computing task, a certificate request to a trusted certificate generator. The request includes authentication information. The authentication information includes a code hash of the computing task. The computing unit receives a certificate report including a public key certificate in a certificate chain generated for the code hash and a private key corresponding to the public key certificate. The public key certificate and the private key form a certificate pair. The certificate chain includes multiple certificates including the public key certificate and a root certificate corresponding to the public key certificate. The computing unit is used as a TLS server. The certificate pair is set as a certificate pair of the TLS server.

Abstract: The system and method described herein may leverage active network scanning and passive network monitoring to provide strategic anti-malware monitoring in a network. In particular, the system and method described herein may remotely connect to managed hosts in a network to compute hashes or other signatures associated with processes running thereon and suspicious files hosted thereon, wherein the hashes may communicated to a cloud database that aggregates all known virus or malware signatures that various anti-virus vendors have catalogued to detect malware infections without requiring the hosts to have a local or resident anti-virus agent. Furthermore, running processes and file system activity may be monitored in the network to further detect malware infections. Additionally, the network scanning and network monitoring may be used to detect hosts that may potentially be participating in an active botnet or hosting botnet content and audit anti-virus strategies deployed in the network.

Abstract: A low-cost cryptographic accelerator is disclosed that accelerates inner loops of a cryptographic process. The cryptographic accelerator performs operations on cryptographic data provided by a central processing unit (CPU) running a software cryptographic process to create a combined hardware and software cryptographic process, resulting in a lower cost secure communication solution than software-only or hardware-only cryptographic processes.

Abstract: A method includes receiving, by a host server on a public cloud including one or more physical data centers associated with one or more logical zones, a pairing request by a client device associated with a private cloud, allocating, by the host server, access to resources on the one or more physical data centers to the client device, and pairing, by the host server, the private cloud to the public cloud based on receiving an identity provider token from an identity provider.

Abstract: A technique for controlling access to a radio access network administered by an access device. The device obtains an item of data indicating that the presence of a user has been detected in a detection zone. An access request requesting access to the radio access network is received from an applicant device, the radio access network being prohibited by the access device for a device with physical address corresponding to that of the applicant device. The applicant device, identified by the address, is then authorized by the access device to access the radio access network.

Abstract: Method and apparatus are disclosed for homomorphic re-encryption schemes in a system comprising a cloud service provider (CSP), a third authorized party (TAP), a data requestor (DR) and a plurality of data providers (DPs). According to an embodiment, a method implemented at a CSP comprises: in response to a request from a TAP, obtaining from a plurality of DPs cipher texts of their respective data, based on the request, wherein each DP is able to homomorphically encrypt its data; analyzing the cipher texts; and sending the analyzing result to the TAP, wherein the TAP is able to re-encrypt the analyzing result, such that a DR can decrypt the re-encrypted analyzing result with the DR's secret key.

Abstract: At least some embodiments are a method including connecting a mobile computer system to a vehicle computer system, wherein the vehicle computer system does not include a display device. Mission control data is received from the vehicle computer system, the mission control data generated by one or more vehicle I/O sensors coupled to the vehicle computer system. The mission control data is displayed on a display device of the mobile computer system.

Abstract: A method. At least some embodiments are a method including detecting docking of a mobile computer system to a docking device. In response to detecting the docking, the method further includes connecting an external data communication network to a bridge logic device in the mobile computer system via the docking device, and uploading, via the external data communication network, first data to a non-volatile random access memory coupled to the bridge logic device in the mobile computer system. The method further includes uploading, via the external data communication network, second data to the non-volatile random access memory coupled to the bridge logic device in the mobile computer system, the second data comprising programming instructions for execution on a computer system external to the mobile computer system.

Abstract: The disclosed technology provides solutions for performing rapid authentication and authorization for distributed containerized microservices. In some aspects, a process of the technology can include steps for: associating a service type with a set of microservices or service pods, detecting deployment of a first microservice on a first host, and receiving an authentication and authorization state from a first virtual network edge (VNE) of the first host. In some aspects, the process can further include steps for distributing the authentication state to a second VNE on a second host, wherein the authentication state is configured to facilitate authentication of one or more subsequent microservices instantiated on the second host by the second VNE. Systems and machine readable media are also provided.

Abstract: A method of replicating a UNIX password from a source computer to a delimited set of target computers performed by an application executing on a computer system. The method comprises receiving an identity of a source computer, determining a date of a UNIX password associated with a user identity configured on the source computer, determining that the UNIX password associated with the user identity configured on the source computer is less than a predefined number of days old, receiving identities of a plurality of target computers, reading an encrypted UNIX password associated with the user identity from the source computer, and, for each of the target computers, writing the encrypted UNIX password into an entry associated to the user identity in a password file on the target computer.