Abstract: Disclosed are system and method for verification of data transferred among several data storages. An exemplary method includes: calculating first hash-sums of the data during an initial placement in a data storage; transmitting the first hash-sums to at least one blockchain network; detecting a transfer of the data to a new data storage; calculating second hash-sums of the data after a placement of the data in the new data storage; transmitting the second hash-sums to the at least one blockchain network; comparing the first and second hash-sums of the data; and determining data immutability after the transfer of the data from the data storage to the new data storage based at least on results of the comparing.

Abstract: A data storage method comprises sending, by a blockchain node associated with a blockchain, data to an encryption device to cause the encryption device to encrypt the data and return the encrypted data to the blockchain node; receiving the encrypted data returned by the encryption device; and sending the encrypted data to other blockchain nodes associated with the blockchain to cause each of the other blockchain nodes to store the encrypted data in the blockchain after performing consensus verification on the encrypted data with success.

Abstract: Systems and methods for enhancing the security of an account by reducing the ability of an attacker to determine that an account includes multiple passcodes for accessing the account. An example method may comprise: accessing an account that comprises a first passcode providing constrained access to a set of computing resources and a second passcode providing unconstrained access to the set of computing resources; associating the account with a randomized resource limit that restricts a quantity of passcodes associated with the account; receiving a request to create a third passcode for the account; and denying the creation of the third passcode for the account in view of the randomized resource limit.

Abstract: There is disclosed a method of establishing trust between an agent device and a verification apparatus, the method comprising: obtaining, at the agent device, a trust credential, wherein the trust credential relates to an aspect of the agent device and comprises authentication information for identifying at least one party trusted by the verification apparatus and/or device data relating to the agent device; transmitting, from the agent device to the verification apparatus, the trust credential; obtaining, at the verification apparatus, the trust credential; analysing, at the verification apparatus, the trust credential; determining, at the verification apparatus, whether the agent device is trusted based on the analysis; and responsive to determining the agent device is trusted, establishing trust between the agent device and the verification apparatus.

Abstract: A technique is provided for authentication of a user accessing an access control device. The technique includes an application server that receives a request from a communication device associated with the user or the access control device. The request contains an identifier of the communication device, an identifier of the access control device and presence data indicating that the communication device is associated with the access control device. The application server checks a database for the user's subscription, sends a response to the access control device to request the user to enter a secret code via an interface of the access control device, receives a temporary secret code generated by a service provider server if the entered secret code is correct, and sends a message containing the temporary secret code to the communication device to request the user to enter the secret code via the interface of the access control device.

Abstract: A data storage method comprises sending, by a blockchain node associated with a blockchain, data to an encryption device to cause the encryption device to encrypt the data and return the encrypted data to the blockchain node; receiving the encrypted data returned by the encryption device; and sending the encrypted data to other blockchain nodes associated with the blockchain to cause each of the other blockchain nodes to store the encrypted data in the blockchain after performing consensus verification on the encrypted data with success.

Abstract: An access control system is described in which a credential may be authenticated and permitted to access a protected resource only after discovery of a second device. Requiring discovery of a second device prior to authentication enhances security by protecting against unauthorized access by an illicit user of a credential.

Abstract: A differential message security policy includes receiving information regarding activities of a user, determining a security risk for the user based on the activities of the user, and setting a security policy for the user based on the security risk. The security policy of the user may be modified based on a change in the security risk of the user or the security risk of the user exceeding a predetermined level. The security risk may be determined based on an aggregated scoring system that uses security variables related to the activities of the user.

Abstract: A wireless system can be used to authenticate a user device via proximity information of wireless network devices. The system can include the user device, the wireless network devices, and a server. At least some of the wireless network devices can be wirelessly connected to the user device and at least some other wireless network devices can be wirelessly unconnected to the user device. The server can use proximity information about the user device with respect to the wireless network devices to authenticate a user.

Abstract: A method for double anonymization of data includes: receiving, by a first computing system, a plurality of first data sets, each including a set identifier and personally identifiable information; anonymizing, by the first computing system, each of the first data sets, by hashing the set identifier included in each first data set to obtain a hashed identifier and deidentifying the personally identifiable information; transmitting, by the first computing system, the plurality of anonymized first data sets to a second computing system, wherein the second computing system is distinct and separate from the first computing system; anonymizing, by the second computing system, each of the anonymized first data sets, by hashing the hashed identifier to obtain a double-hashed identifier; and storing, in the second computing system or a third separate and distinct computing system, the plurality of double anonymized first data.

Abstract: This disclosure describes techniques for defining security measures of a secure data corridor that enables data feeds to transmit from an ingress point to an egress point, while maintaining a desired security protection. This disclosure further describes techniques to quantify the desired security protection by determining and further associating a data sensitivity rating with individual data feeds in transmit through the secure data corridor. In some examples, the data sensitivity rating of the secure data corridor may be locked at a default rating that is commensurate with access permissions of a subject or a data sensitivity rating of an adjoining secure data container. Alternatively, the data sensitivity rating may be dynamically set based on data feeds transmitting through the secure data corridor or set based on the data sensitivity rating of data feeds at an ingress point or egress point of the secure data corridor.

Abstract: Roughly described, anomalous behavior of a machine-learned computer-implemented individual can be detected while operating in a production environment. A population of individuals is represented in a computer storage medium, each individual identifying actions to assert in dependence upon input data. As part of machine learning, the individuals are tested against samples of training data and the actions they assert are recorded in a behavior repository. The behavior of an individual is characterized from the observations recorded during training. In a production environment, the individuals are operated by applying production input data, and the production behavior of the individual is observed and compared to the behavior of the individual represented in the behavior repository. A determination is made from the comparison of whether the individual's production behavior during operation is anomalous.

Abstract: A method for transmitting authentication information of a service provided from a service providing server at a first device in a wireless communication system comprising a plurality of devices includes obtaining, from an authentication server, first access information using an authentication code obtained based on an IDentifier (ID) and a password of an application for using of the service from the authentication server, transmitting, to the service providing server, a service request message comprising the first access information, performing a connection procedure with a second device among the plurality of devices, obtaining from the connected second device, second device information, and after registering the second device to the service providing server based on the second device information, transmitting, to the second device, registration information comprising the authentication code.

Abstract: Implementations of the present disclosure include identifying, by a relay that is communicatively linked with a first blockchain instance and a second blockchain instance in a unified blockchain network, a blockchain domain name of a first blockchain instance; identifying a blockchain domain name of the second blockchain instance; receiving, from a node of the first blockchain instance, an access request for accessing the second blockchain instance, wherein the access request including the blockchain domain name of the second blockchain instance; identifying a chain identifier of the second blockchain instance based on the blockchain domain name of the second blockchain instance, wherein the chain identifier of the second blockchain instance indicates a blockchain network configuration of the second blockchain instance; and providing access to the second blockchain instance for the first blockchain instance based on the blockchain network configuration indicated by the chain identifier of the second blockchai

Abstract: Electronic device and methods supporting secure boot functionalities performed utilizing an unsecured System-on-Chip (SoC) are provided. In various embodiments, the electronic device contains an unsecured SoC, a locked off-chip Non-Volatile Memory (NVM) component, and an unlocked off-chip NVM component. An on-chip or first stage boot loader program is stored in a first on-chip memory area; and, when execute, causes an on-chip processor to loads an image of a cryptographic key, such as a public key, into a second on-chip memory area. The cryptographic key is stored in the locked off-chip NVM component, possibly in conjunction with a second stage boot loader program. The on-chip processor then utilizes the cryptographic key, alone or in combination with other data, as a root-of-trust to verify the authenticity of one or more software components, such as an operating system, stored in the unlocked off-chip NVM component prior to booting the software component(s).

Abstract: Embodiments of the present invention provide an automated network security system for dynamically managing network security rules. The system uses a cognitive engine to capture network traffic and analyze behavioral data about said network traffic. Based on analysis of the behavioral data, the system may identify one or more vulnerabilities in the network security system and determine one or more changes to the network security rules to remedy the one or more vulnerabilities. The system further uses a robotic process automation system to test, simulate, and implement the one or more changes to the network security rules for the network.

Abstract: A device includes a first unit and a second unit, wherein, a first storage controller of the first unit stores in a first storage authentication information used for user authentication, a provision controller of the first unit controls a function provider of the first unit to provide a predetermined function when an authorized user is obtained, a first acquirer of the second unit acquires the authentication information before performance of the user authentication, a first generator of the second unit generates priority user information representing of the acquired authentication information, authentication information corresponding to a user who has been authenticated in user authentication as an authorized user, to which user authentication time information is added, and an authenticator of the second unit performs user authentication by collating the input authentication information with the priority user information and supplies the provision controller of the first unit with a user authentication result

Abstract: Systems and methods for controlling access to an online account are described. An access control message including an action to be performed on an online account can be sent from a mobile device to a server. The server may identify the mobile device based on identifying information in the access control message. Upon identifying the mobile device, the server may determine whether the user has authority to initiate the action to be performed on the online account. Upon determining that a user of the mobile device does have authority to initiate the indicated action, the action indicated in the access control message may be taken with respect to the online account.

Abstract: Determining a group of figures for use in a vision test to distinguish computers from humans. An image is obtained and segmented into a plurality of parts. Based on the plurality of parts, a group of figures is determined to enable the group of figures to be displayed at a certain rate for a user to recognize the image.

Abstract: Determining a group of figures for use in a vision test to distinguish computers from humans. An image is obtained and segmented into a plurality of parts. Based on the plurality of parts, a group of figures is determined to enable the group of figures to be displayed at a certain rate for a user to recognize the image.