Abstract: A method of unlocking an electronic device, an unlocking device and system and a storage medium are provided. The method includes: acquiring at least one image to be authenticated, in which the image to be authenticated is an RGB image or an infrared image; obtaining an RGB image authentication result of the image to be authenticated by RGB object authentication of the image to be authenticated in a case where the image to be authenticated is the RGB image, and obtaining an infrared image authentication result of the image to be authenticated by infrared object authentication of the image to be authenticated in a case where the image to be authenticated is the infrared image; and determining whether to unlock the electronic device according to at least one of the RGB image authentication result and the infrared image authentication result.

Abstract: Methods and systems for tag-based identification include receiving a set of parameters at a user device from a remote server. A counterfeit-proof identification tag is read using a sensor in the user device using the set of parameters. Features of the counterfeit-proof identification tag are extracted in accordance with a feature extraction function, using a processor, to generate a tag bit sequence. A challenge function is applied to the extracted features to generate a result. The result is transmitted to the remote server to authenticate the counterfeit-proof identification tag. The counterfeit-proof identification tag is authenticated with a tag database at the remote server.

Abstract: Security credentials issued by an entity, such as an identity broker, can have a limited lifetime. Access to resources or content under those credentials then can only be obtained for a limited period of time, limiting the ability of an unauthorized entity obtaining the credentials to utilize those credentials for access. Along with the credentials, a refresh token can be issued to a requesting client that can enable the limited lifetime of the credentials to be renewed up to a maximum lifetime of the credentials and/or the token. A service providing access can determine that the client has a valid copy of the refresh token when the credentials are about to expire, and if so can cause the lifetime of the credentials to be extended another credential lifetime. This renewal can be done transparent to a user and without again contacting the identity broker.

Abstract: A system for predicting vulnerability of network resources is provided. The system can calculate an initial vulnerability score for each of the network resources and use the initial vulnerability scores along with activity data of the network resources to train a vulnerability model. After training, the vulnerability model can predict the vulnerability of the network resources based on new activity data collected from the network resources. Based on the predicted vulnerability, vulnerable network resources can be identified. Further analysis can be performed by comparing the activities of the vulnerable network resources and other network resources to identify activity patterns unique to the vulnerable network resources as attack patterns. Based on the attack patterns, one or more actions can be taken to increase the security of the vulnerable network resources to avoid further vulnerability.

Abstract: Dynamic Software Defined Networking (DSDN) systems and methods provide secure and isolated subnetworks within a larger network. Each subnetwork may be formed with varied policies and communication restrictions based on at least device type, device grouping, and risk level. The DSDN systems and methods may also be applied to form a network, with or without subnetworks, of devices that are spatially separated, thereby reducing the attack surface of the DSDN-formed network.

Abstract: Parental control of child's web-based digital content experience, which can be applied to other contexts such as education, the workplace or other organizations. Trust relationships authorize specified users or organizations to permit access to content or resources by other users. Collection curation including content reputation and age appropriate ratings disclosed.

Abstract: A guard sensor injects a multi-GHz (multi giga-bit) guard signal along a guard signal transmission path above an observable knee in the amplitude response of the path to define a guarded region and to detect physical or electromagnetic intrusions of that guarded region. At frequencies above the knee, the signal transmission path exhibits increasingly non-linear and even chaotic behavior that improves the overall sensitivity of the sensor and its ability to detect slight changes in the distributed transmission parameters that characterize circuit devices, signal paths and signals. The guarded region may be used to protect a combination of circuit devices, physical connections, interfaces, high and low frequency signal transmission paths and signals.

Abstract: A computing system includes a virtualization server to provide a virtual session, and a client device communicating with the virtualization server and displaying the virtual session. The client device includes a camera for generating user images of a user of the client device. A user validator includes a policy database for security enforcement, and analyzes the user images and selects at least one policy from the policy database based on the analyzed images. The at least one policy provides at least one action to be taken by the computing system to protect the virtual session.

Abstract: Systems and methods for monitoring activity within High Definition Multimedia Interface (HDMI) enabled consumer electronics control (CEC) devices and their networks and identifying unexpected and/or suspicious activity within the network are provided. CEC message packets and packet attribute analysis can be used to identify unexpected and/or suspicious CEC activity within two or more interconnected HDMI devices. Three fundamental steps can be used: a data collection step can capture CEC activity occurring within an HDMI distribution; a data processing step can correlate data into a packet analysis process to create a model later used for evaluation; and a decision process step can use the model created in the data processing step to determine if activity occurring within the HDMI distribution is expected or unexpected.

Abstract: A device includes processing circuitry configured to receive node data including attributes from at least one computing device, organize the node data into one or more node groupings, wherein each node grouping includes nodes of the node data having one or more shared attributes, determine a node grouping processing scheme based on one or more transient event detection priorities, and detect, in response to executing the node grouping processing scheme for each of the one or more node groupings, one or more transient event occurrences within the one or more node groupings.

Abstract: A system for secure storage audit verification includes a transaction pool and a processor. The transaction pool stores transactions records for a Key Release System (KRS) Audit Agent or a Key Management System (KMS) Audit Agent. The processor is configured to select a transaction, wherein the transaction is awaiting verification in the transaction pool; determine whether the transaction is old; in response to the transaction not being old, select a new transaction; and in response to the transaction being old, indicate to suspend processing of the transaction.

Abstract: Policy changes are propagated to access control devices of a distributed system. The policy changes are given immediate effect without having to wait for the changes to propagate through the system. A token comprises the policy change and can be provided in connection with access requests. Before an access control device has received a propagated policy change, the access control device can evaluate a token provided in connection with a request to determine, consistent with the policy change, whether to fulfill the request.

Abstract: A method for encrypting logic includes generating, by a computing system, locking logic for inclusion in a logic circuit. The locking logic is generated based at least in part on an error rate and an attack complexity. The method also includes inserting, by the computing system, a one-way function into the locking logic. The method further includes applying, by the computing system, obfuscation logic to the logic circuit, where the obfuscation logic is applied on top of the locking logic.

Abstract: Methods and apparatus for private network peering in virtual network environments in which peerings between virtual client private networks on a provider network may be established by clients via an API to a peering service. The peering service and API 104 may allow clients to dynamically establish and manage virtual network transit centers on the provider network at which virtual ports may be established and configured, virtual peerings between private networks may be requested and, if accepted, established, and routing information for the peerings may be specified and exchanged. Once a virtual peering between client private networks is established, packets may be exchanged between the respective client private networks via the peering over the network substrate according to the overlay network technology used by the provider network, for example an encapsulation protocol technology.

Abstract: A system and a method are disclosed for determining that a first electronic communication, received in a first private repository of a user, has been identified (e.g., flagged) as including a threat, and determining a probability that the first electronic communication includes the threat. In response to determining that the probability exceeds a threshold probability, the system monitors monitoring for a second electronic communication, received in a second private repository, that includes contents that match the contents of the first electronic communication.

Abstract: Methods, systems, and computer-readable media for industrial control software execution management. For example, there is provided a method for enabling a software module included in a plurality of software modules of an application package installed on a computing device configured to control a turbomachine of an industrial plant. The method can include receiving, by a processor of the computing device, a request for executing the software module. The method can include generating and sending an activation request to a remote server. The method can include generating, by the remote server, an activation code if a verification protocol is successfully completed. The method can include forwarding the activation code to the computing device. The method can include activating the software module when the activation code is received by the processor.

Abstract: Disclosed herein are methods and systems of identifying vulnerabilities of an application. An exemplary method comprises identifying at least one function in executable code of the application according to at least one rule for modification of functions, adding an interception code to the executable code of the application upon launching of the application, executing the application with the added interception code, collecting, by the interception code, data relating to function calls performed by the application during execution, analyzing the collected data based on criteria for safe execution of applications, wherein the criteria comprises a range of permissible values of arguments of intercepted function calls and identifying inconsistencies between the analyzed data and the criteria for safe execution of applications, wherein the inconsistencies indicate vulnerabilities in the application.

Abstract: Computer systems and methods are provided for storing a first path profile. A computing device receives a first request to access a first location of a website, transmits the first request to a server, and receives a first cookie that includes identifying information for the first location. In response to receiving the first cookie, the device stores the identifying information. The device receives a second request to access a second location of the web site that is distinct from the first location. The second request includes the identifying information for the first location. The device transmits the second request to the server and receives a second cookie that includes the identifying information for the first location and for the second location. In response to receiving the second cookie, the device stores the first path profile that includes the identifying information for the first location and the second location.

Abstract: The subject disclosure relates to employing sourcing and generation components to facilitate a generation of identity data. In an example, a system comprising a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory, comprise a sourcing component and a generation component. In an aspect, the sourcing component can source, by a user device comprising the processor, a set of biometric data and a set of statistical data. In another aspect, a generation component can generate, by the user device, a set of identification data based on an interpolation of the set of biometric data and the set of statistical data.

Abstract: Systems, methods and computer readable media for providing users with encrypted content data associated with a service are disclosed. A device may receive first content data. The device may encrypt the first content data using a first key to obtain first encrypted data. The device may generate second encrypted data by applying a cipher substitution to the first encrypted data using a second key. The device may cause to send the second encrypted data to a second device.