Abstract: A list-type detection unit (220) performs list-type detection on communication data so as to detect a fraudulent communication. A machine-learning-type detection unit (230) performs machine-learning-type detection on communication data so as to detect a fraudulent communication. A communication acceptance unit (210) receives communication data from a network, and allocates the received communication data to at least one of the list-type detection unit and the machine-learning-type detection unit, using an allocation filter. A filter setting unit (250) determines a parameter value based on a load status of the list-type detection unit and a load status of the machine-learning-type detection unit, and sets the determined parameter value in the allocation filter.

Abstract: A method for redacting sensitive information from an audio stream, such as a voice signal in a telephone call, in real time is provided. The method includes: receiving an audio stream; conveying the audio stream through a channel that includes a valve; detecting, from within the audio stream, a first event that indicates an onset of sensitive information; closing the valve so that the conveying of the audio stream through the channel is temporarily stopped; detecting, from within the audio stream, a second event that indicates an ending of the sensitive information; and reopening the valve so that the conveying of the audio stream through the channel is resumed. The sensitive information may include payment card industry (PCI) information, such as a card number and/or a card verification value (CVV).

Abstract: A management device calculates, from access information transmitted from a token terminal and a site seed assigned to a server, a user seed, and registers the user seed in the token terminal. The token terminal obtains a share seed, calculates a key code from the share seed and the user seed, and presents the key code to the user. When the user enters the key code to an access terminal, the access terminal transmits, to the server, a request having the key code specified. The server obtains access information relating to the transmitted request, calculates a checkup seed from the access information and the site seed assigned to the server, obtains a share seed independently from the token terminal, calculates a checkup code from the share seed and the checkup seed, and sets a necessary condition for sign-in that is consistent between the key code and the checkup code.

Abstract: The present disclosure inter alia presents a method of generating a temporary authentication value, for use in a secure transmission to a service provider system having one or several computer servers. The method starts with receiving a first identification data and receiving a security data associated with the first identification data. Thereafter, a hash function is applied to the first identification data and the security data to generate a temporary authentication value. The generated temporary authentication value is divided into a first and a second part. The method thereafter comprises transmitting only the second part of the divided temporary authentication value to the service provider system for verification.

Abstract: Systems and procedures are provided for validating an IHS (Information Handling System) as operating using only factory-provisioned lockable devices. During factory provisioning of the IHS, a signed inventory certificate is uploaded to the IHS that includes an inventory of factory-provisioned lockable devices and also includes encrypted code(s) for accessing the lockable devices. Upon delivery and initialization of the IHS, the inventory certificate is retrieved by a pre-boot validation process. An inventory of detected lockable devices of the IHS is then collected. The validation process compares the collected inventory of detected lockable devices against the inventory of factory-provisioned lockable devices from the inventory certificate in order to validate the IHS is operating using only factory-provisioned lockable devices.

Abstract: A method of and system for gate-level masking of secret data during a cryptographic process is described. A mask share is determined, wherein a first portion of the mask share includes a first number of zero-values and a second number of one-values, and a second portion of the mask share includes the first number of one-values and the second number of zero-values. Masked data values and the first portion of the mask share are input into a first portion of masked gate logic, and the masked data values and the second portion of the mask share are input into a second portion of the masked gate logic. A first output from the first portion of the masked gate logic and a second output from the second portion of the masked gate logic are identified, wherein either the first output or the second output is a zero-value.

Abstract: In one embodiment, a New Radio (NR) core network system comprises a set of network functions to: receive a request from a user equipment (UE) device comprising a virtual local area network data network name (VLAN DNN); determine whether the UE device is authorized to access a particular VLAN implemented on the core network and associated with the VLAN DNN; and cause a message comprising a VLAN identifier (VLAN ID) to be transmitted to the UE device based on a determination that the UE device is authorized to access the particular VLAN, wherein the VLAN ID corresponds to the particular VLAN.

Abstract: Methods, systems, and devices for authenticating a device using a remote host are described. In some systems, a management server may identify a software update for a device and transmit a notification that the software update is sent to the device. In some cases, the system may also include a field server. The field server may receive the notification and set a flag, in a memory, that indicates an association between the device and the software update. The field server may receive, from the device, a connection request that includes a certificate associated with a key for authenticating the device and accept the key as valid based on the flag indicating the update to the software.

Abstract: [Problem] It is possible to enable the centralized management of resource usage right and improve the reliability and tamper resistance of information related to the resource usage right.

Abstract: A device for controlled identity credential release may include at least one processor configured to receive a request to release an identity credential of a user, the identity credential being stored on the device. The at least one processor may be further configured to authenticate the user associated with the identity credential. The at least one processor may be further configured to, responsive to the authentication, provide at least a portion of the identity credential, such as for display and/or to a terminal device over a direct wireless connection. The at least one processor may be further configured to cause the electronic device to enter a locked state and/or to remain in a locked state, responsive to providing the at least the portion of the identity credential.

Abstract: A method for monitoring industrial devices includes: obtaining an access token of a cloud storage server by a management device; sending a certificate request message to the management device by a user apparatus; performing a certificate verification on the user apparatus by the management device according to the certificate request message, and sending a certificate pass message with the access token to the user apparatus by the management device after passing the certificate verification; sending an access request message with the access token and identification information to the cloud storage server by the user apparatus; and providing device data of an industrial device terminal to the user apparatus by the cloud storage server according to the access token and a privilege of the identification information.

Abstract: A system and related methods are disclosed for managing, evaluating and improving identity governance and administration. The system is configured to execute a method, which includes receiving, by a computing system, data associated with the identity governance and administration, classifying, by a computing system, the data associated with the identity governance and administration according to one or more rules, generating, by a computing system, a three-dimensional model using the classified data associated with the identity governance and administration, performing, by a computing system, a statistical analysis, and optionally displaying, by a computing system, the three-dimensional model or results of the statistical analysis, or both.

Abstract: Cryptographic circuitry, in operation, generates N first pairs of elliptic curve cryptography (ECC) keys r(i), R(i), with i varying from 1 to N, using K second pairs of ECC keys p(k), P(k), with k varying from 1 to K, wherein K is smaller than N. Each pair r(i), R(i) of the first pairs of keys is a linear combination of pairs of the second pairs of ECC keys according to: ? i ? [ 1 ; N ] ? { r ? ( l ) = ? j = 1 K A ? ( i , j ) * p ? ( j ) R ? ( i ) = ? j = 1 K A ? ( i , j ) * P ? ( j ) , wherein A(i,j) designates a general term of a matrix A of size N*K, and all the sub-matrices of size K*K are invertible. The cryptographic circuitry, in operation, executes cryptographic operations using one or more pairs of the first pairs of ECC keys.

Abstract: Methods, apparatus, and computer program products for configurable secure boots are disclosed. One method includes determining, by a processor of a computing apparatus, whether a geographical location of the computing apparatus corresponds to a predetermined location, performing a boot process for booting up the computing apparatus in response to the geographical location of the computing apparatus corresponding to the predetermined location, and disabling the boot process from booting up the computing apparatus in response to the geographical location of the computing apparatus failing to correspond to the predetermined location. Computing apparatus and computer program products for performing the method are also disclosed.

Abstract: Some examples described herein relate to computer interfaces and authentication protocols for securely linking and transferring content between online accounts. In one example, a system can provide a graphical user interface (GUI) with multiple interactive interface pages, through which a user can selectively transfer content from a first online account to a second online account. For example, the user can select to transfer points from the first online account to the second online account. The system can then transfer of the selected content from the first online account to the second online account. To perform this transfer, the system can employ multiple layers of authentication and other security mechanisms. For example, the system can employ two or more layers of authentication and a unique external identifier to perform the transfer. Following the transfer, the GUI can be updated to reflect the results of the transfer.

Abstract: An authentication method for a tag device includes exchanging authentication codes between the tag device and an authentication server to perform mutual authentication. A reader device acts as a communications bridge between the tag device and the authentication server. The reader device may observe mutual authentication between the tag device and the authentication server as an indicator that the tag device is authentic. A failure of mutual authentication indicates that the tag device is not authentic.

Abstract: In an embodiment, a computing system, such as a monitoring computer, receives a request from a user to monitor an account of the user with an online service provider. The request may include personal information and user preferences for one or more protective actions. The system periodically monitors external data sources for indications of changes to personal information associated with the account, and detects changes or attempted changes to personal information associated with the account. The system may determine risk levels associated with detected changes or attempted changes, and transmit a notification to the user via a communication channel selected based on the determined risk level and/or the user preferences. The system may also initiate protective actions, so that further unauthorized access to the account may be prevented.

Abstract: A computer-implemented method for authenticating a request to access a remote resource includes identifying a request from a first device to access a resource located on a second device. The computer-implemented method further includes retrieving one or more encrypted passwords for authenticating access to the resource from a partition of a vault located on the first device. The computer-implemented method further includes comparing the one or more encrypted passwords retrieved from the partition of the vault located on the first device to one or more designated passwords stored on the second device. The computer-implemented method further includes granting the first device access to the resource located on the second device based, at least in part, on the one or more encrypted passwords retrieved from the partition of the vault located on the first device matching the one or more designated passwords stored on the second device.

Abstract: Techniques are provided for detecting a malicious script in a web page. Instrumentation code is provided for serving to a client computing device with a web page. The instrumentation code is configured to monitor web code execution at the client computing device when a script referenced by the web page is processed. Script activity data generated by the instrumentation code is received. The script activity data describes one or more script actions detected by the instrumentation code at the client computing device. Prior script activity data generated by a prior instance of the instrumentation code is obtained. A malicious change in the script is detected based on comparing the script activity data and the prior script activity data. In response to detecting the malicious change in the script, a threat response action is performed.

Abstract: A device may not trust another device with which it is in communication. To establish trust, a first device may send a second device an indication of signed code that is stored in a protected memory of the first device. Based on determining that the first device is a trusted device, the second device may send the first device an encrypted content asset, a decryption key associated with the content asset, and/or an encryption key associated with the content asset.