Abstract: Provided are a blockchain-based data processing method and apparatus, a device, and a storage medium, which relate to the field of blockchain technology and can be used for cloud computing and cloud services. The specific implementation is: in response to a data usage request initiated by a data user, acquiring a signature result from an entrusted signer associated with to-be-used data after the entrusted signer audits the data user; calling a lease smart contract according to the data usage request to determine a signature verification key of the entrusted signer associated with the to-be-used data; performing verification on the signature result according to the signature verification key; and in a case where the verification passes, feeding back the to-be-used data to the data user. Therefore, the usage security of data can be improved.

Abstract: An internet of things device including an interworking gateway. The interworking gateway serves as an agent of an internet of things server in an operator network, replaces the internet of things server to register and authenticate an internet of things terminal, and forwards a message between the internet of things server and the internet of things terminal. The interworking gateway is located in a same IP subnet or private network as a packet data network gateway or a user plane device in a telecommunications network. Based on an Internet Protocol (IP) address of the internet of things terminal, the interworking gateway may determine validity of the internet of things terminal and directly address the internet of things terminal.

Abstract: A service action category based cloud security system and method implement cloud security by categorizing service actions of cloud service providers into a set of service action categories. The service action categorization is performed agnostic to the applications or functions provided by the cloud service providers and also agnostic to the cloud service providers. With the service actions of cloud service providers thus categorized, cloud security monitoring and threat detection can be performed based on service action categories. Thus, cloud security can be implemented without requiring knowledge of the applications supported by the cloud service providers and without knowing all of the individual service actions supported by the cloud service providers.

Abstract: Disclosed herein are systems and methods that may generate so-called “honey credentials” that are transmitted to a “phishing” website, and are then stored into a honey credential database. The honey credentials appear to be valid credentials, but whenever a bad actor attempts to access an enterprise using the honey credentials, security appliances the enterprise may update the records of the honey credential database to include one or more unique identifiers for each bad actor device that attempts to access the enterprise network using the honey credentials. A server may automatically query the honey credential database to identify other accounts that have been accessed by devices that used the honey credentials to access the enterprise. The server may then flag the accounts and restrict their functionality.

Abstract: An information processing apparatus comprising a processor executing a control program configured to authenticate a user. The processor further configured to transmit an action instructing signal for issuing an instruction to perform an action to a portable device at plural radio wave output intensities selectively, via wireless communication, wherein the portable device has been associated with the user in advance. The processor further configured to detect a status change of the portable device, for at least one of the plural radio wave output intensities. The processor further configured to determine, when the action instruction signal is transmitted at the at least one of the plural radio wave output intensities and based on the change of the status corresponds to the action instructed by the action instruction signal, whether or not the user is holding the portable device that is associated with the user in advance.

Abstract: Methods, systems, and media for dynamically separating Internet of Things (IoT) devices in a network are provided. In accordance with some embodiments of the disclosed subject matter, a method for dynamically separating IoT devices in a network is provided, the method comprising: detecting a first IoT device in the network; monitoring network communication of the first IoT device; determining device information of the first IoT device based on the monitored network communication; and causing the first IoT device to communicate on a first subnet of a plurality of subnets in the network based on the device information.

Abstract: Disclosed implementations may include receiving a first communication comprising first content generated by a first user; identifying authentication metadata embedded within the first communication; receiving a second communication generated by a second user, wherein the second communication comprises second content and the authentication metadata; decoding the authentication metadata from the second communication; parsing the first content of the first communication and the second content of the second communication; determining that the first content is different than the second content based at least in part on the parsing; and generating an alteration notification based at least in part on the determining.

Abstract: Disclosed embodiments relate to systems and methods for securing the use of temporary access tokens in network environments. Techniques include identifying a request for an action involving a target network resource requiring a temporary access token; receiving, from the target network resource, a temporary access token; storing the temporary access token separate from the network identity; generating a customized replacement token having an attribute different from the temporary access token such that the customized replacement token cannot be used directly with the target network resource; providing the customized replacement token to the network identity; monitoring use of the customized replacement token to detect an activity identified as being at least one of potentially anomalous or potentially malicious; receiving an access request to access the target network resource; and based on the detected activity, denying the access request from the network identity.

Abstract: Various embodiments of apparatuses and methods for protecting data integrity in a content distribution network (“CDN”) are described. Code or data in one of the servers or instances of a CDN might sometimes become incorrect or corrupt. One corrupted server or instance can potentially impact a considerable portion of the CDN. To solve these and other problems, various embodiments of a CDN can designate one or more parameters, which are then identified in a request for content to another entity. In these embodiments, the CDN can generate an encoding of the expected values of the designated parameters. The CDN can then compare, in these embodiments, its encoding of the expected values to an encoding of the values received from the other entity in response to the request. The CDN can validate the content of the response, as well as the identity of the other entity, in some embodiments.

Abstract: A communication device may accept an input of user authentication information, cause an output unit to output specific information obtained by using a public key in a case where authentication using the inputted user authentication information is successful. In a case where the authentication using the inputted user authentication information fails, the specific information is not outputted. The communication device may receive an authentication request in which the public key is used from a first external device, send an authentication response to the first external device, receive first connection information from the first external device, and establish a first wireless connection between the communication device and a second external device by using the first connection information.

Abstract: A system and method for granting access to network resources through access credentials given to an agent process running on each computer or machine where resource requesters reside. The system extends a traditional token-granting authorization system to the agent processes, where each agent has administrative access to machine information. The agent uses that access to acquire detailed information about resource requesters. Requester qualifications defined by the system limit requester access to resources, and are enforced both by the agent and by the central system on the network resource server. Resource requesters ask for a token for resource use from the agent, not the central system. The agent uses its credentials to get a token from the central system and then return the token to qualified requesters.

Abstract: A computing device may include a memory and a processor configured to cooperate with the memory to establish a connection with a client device, with the client device having a first credential to connect the client device to a computing service, and the first credential being provided by a proxy. The processor may further receive a request from the client device via the connection to validate the first credential before use of the first credential by the client device, and validate the first credential with use of a second credential for the computing service obtained independent of the proxy.

Abstract: A computing system can associate a customer device of a customer with a financial transaction record and the merchant, the financial transaction record indicative of a first purchase from the merchant by the customer, transmit a first query to the customer device prompting the customer to input information regarding an aspect of the first purchase, the first query including a description of a predetermined product parameter of the financial transaction record indicative of the first purchase from the merchant by the customer, authenticating, by the computing system, the first request by determining that the customer-input response to the first query corresponds to the established aspect of the first purchase in accordance with a predetermined accuracy threshold, and authorizing, by the computing system, connection of the customer device to the network provided by the merchant based at least in part on the first request being authenticated.

Abstract: An automated system comprising a processor and a database are described. The processor executes communication software reading: at least one image corresponding to an identifier of a blood product from a donor; and at least one database storing at least one communication from a receiver of the blood product. The communication software executed by the processor determines an intermediary from the identifier and contacts the intermediary to obtain contact information of the donor.

Abstract: An information handling system includes a memory to cache a manifest that has authorized programming interfaces of a client application after the manifest was retrieved from the client application. A native service may receive a connection request from the client application, and verify that a digital signature of the client application is valid and untampered. The native service may also retrieve the manifest from the client application, receive an application programming interface request from the client application, and validate whether the application programming interface request is authorized based on the manifest. If the application programming interface request is authorized, then the application programming interface request is processed.

Abstract: The disclosed computer-implemented method for securing authentication procedures includes (i) monitoring, by a third-party security application, to detect reception of a second factor authentication token as an input to complete a second factor authentication procedure in connection with a second application that is independent from the third-party security application, (ii) verifying, by the third-party security application, whether or not the second factor authentication token was transmitted by a valid server in coordination with the second application as part of an authentic version of the second factor authentication procedure, and (iii) performing a security action to protect a user account based on a result of verifying whether or not the second factor authentication token was transmitted by the valid server in coordination with the second application as part of the authentic version of the second factor authentication procedure.

Abstract: Technologies disclosed herein provide an apparatus comprising a fuse controller coupled to an aggregator. The fuse controller includes a plurality of fuses for storing a unique identifier of a device and a first secured value of a first password associated with the unique identifier. The aggregator is to receive the unique identifier and the first secured value from the fuse controller, send the unique identifier to an unlock host, receive a second password from the unlock host, compute a second secured value of the second password using a security function, and unlock one or more privileged features on the device based on the first secured value corresponding to the second secured value. In a specific embodiment, the first secured value corresponds to the second secured value if the first password is equivalent to the second password.

Abstract: In some implementations, an authentication system may receive, from a client device, a credential associated with a user account and a request to access a resource. The authentication system may transmit, to the client device, a request for an image of a customized physical security token associated with the user account. The authentication system may receive, from the client device, a first image. The authentication system may compare the first image with a representation of a second image of the customized physical security token associated with the user account. The authentication system may grant or denying access to the resource based on comparing the first image with the representation of the second image.

Abstract: Method and device used for wireless communications, including receiving a second media access control packet data unit (MAC PDU) group, a MAC Header of any MAC PDU in the second MAC PDU group comprising information corresponding to a first portion of a first old identifier (ID); the second MAC PDU group comprising a first packet data convergence protocol (PDCP) PDU, and a header of the first PDCP PDU comprising a first key ID; the first key ID being used to identify a first key, and the first key being used to generate a key for a security algorithm applied to the first PDCP PDU; transmitting a first MAC PDU group comprising a second PDCP PDU, the second PDCP PDU comprising information corresponding to a first portion of the first PDCP PDU; by determining a first key ID and a second key ID, reliability is improved, and risks during communications are avoided.

Abstract: Various methods, apparatuses/systems, and media for automatically establishing a communication between two or more applications that do not share a compatible authentication model are disclosed. A receiver receives a request from a first application to communicate with a second application, wherein the first application supports a first authentication model and the second application supports a second authentication model which is incompatible with the first authentication model. A processor utilizes a configurable gateway layer, in response to receiving the request, to mediate a communication between the first application and the second application; and routes the request from the first application to the configurable gateway layer. The configurable gateway layer translates the first authentication model to the second authentication model.