Abstract: An embodiment device comprises a first processing unit configured to process an initial data line and deliver a first processed data line, a first delay unit coupled to the output of the first processing unit and configured to deliver a delayed first processed data line delayed by a first delay, a second delay unit configured to deliver the delayed initial data line delayed by a second delay, a second processing unit coupled to the output of the second delay unit and configured to process the delayed initial data line and deliver a delayed second processed data line, and a comparison unit configured to compare the contents of the delayed first and second processed data lines and deliver a non-authentication signal if the contents are not identical, the first and second delays being equal to a variable value.

Abstract: A system includes a server configured to store a plurality of imagery configured to be presented in an email template on an electronic device. The server is configured to receive a request to retrieve an imagery of the plurality of imagery for use in the email template. The system also includes a controller configured to perform operations that include monitoring information associated with the request, comparing monitored information associated with the request with expected information associated with the request, and determining unauthorized usage of the email template based on a mismatch between the monitored information and the expected information.

Abstract: A computer system for just-in-time authentication displays a user interface comprising a first portion and a second portion. The first portion of the user interface is associated with a first permission attribute, and the second portion of the user interface is associated with a second permission attribute. The first permission attribute is associated with a first user and the second permission attribute is associated with a second user. The computer system receives, from one or more proximity sensors, a proximity of the second user relative to the user interface. The computer system also receives, from an identity-verification sensor, a verification of an identification of the second user. Further, the computer system activates the second portion of the user interface for interaction from the second user.

Abstract: An example computing device includes a memory accessible at startup of the computing device, a buffer, and a set of instructions. The memory stores a configuration setting that is configurable by the application of a change request. The memory also stores a first public key and a second public key. The buffer stores change requests submitted by a remote entity, including a first change request to make a first setting change and a second change request to make a second setting change. The first change request is signed by a first private key corresponding to the first public key, and the second change request is signed by a second private key corresponding to the second public key. The set of instructions retrieves a change request from the buffer, determines whether the change request is authenticated by a public key, and if authenticated, applies the change request.

Abstract: Efficient authentication in a file system with multiple security groups is disclosed. A file system (FS) executing on at least one processor device receives, from a first client application of a plurality of client applications, a request to access a first object, the request including a unique object ID that identifies the first object. The FS determines, based on a data structure maintained by the FS and inaccessible to the first client application, that the first client application is associated with a first security group of a plurality of different security groups. The FS determines, based on metadata of the first object, that the first object is associated with the first security group, and grants the first client application access to the first object.

Abstract: Systems and methods are provided for binding one or more components to an identification component of a hardware module. Each of the serial numbers for the one or more components are included within a module-specific authentication certificate that is stored within the identification component of the hardware module. When connected to a computing platform, an authentication system of the computing platform is capable of retrieving the module-specific authentication certificate. The authentication system can compare the list of serial numbers included in the module-specific authentication certificate with one or more serial numbers read over a first interface. If the two lists of serial numbers match, the authentication system can flag the hardware module as authenticate through authentication of all components of the hardware module.

Abstract: An approach is provided to manage in-flight drones. The approach identifies a drone at a drone charging station with the identified drone being unauthorized to be at the drone charging station. Responsively, the approach then secures the identified drone and removes the identified drone from the drone charging station.

Abstract: Examples disclosed herein relate to receiving an authentication credential from a user, generating a security key associated with a physical document selected for an image capture operation, receiving a request for a captured image file of the physical document, and providing the captured image file of the physical document upon determining that the request comprises the security key.

Abstract: A content recording apparatus includes an obtaining unit which obtains a content having a variable-length packet structure, an encrypter which generates encrypted data by encrypting the content, and a recorder which records the encrypted data in a block unit having a fixed length in a recording medium. The encrypted data includes an invalidated region unnecessary for reproduction of the content. The recorder records a size of the invalidated region in the recording medium.

Abstract: A method for asymmetric encryption based on a gene chip includes the steps of (a) obtaining original information in text or image or other form and converting the same into a binary code, and (b) preprocessing the binary code to obtain a binary matrix. In (c), an encryption key is obtained, the encryption key comprising a gene expression solution. In (d), the gene expression solution is placed on a gene chip according to an arrangement and correspondence of the binary matrix.

Abstract: A first device may receive content from a second device based on a request for the content. The first device may be located between the second device and a third device. The first device may determine a value for a portion of the content using a function, where the value is to be used to analyze the content. The value may uniquely identify the portion of the content. The first device may determine whether a classification of the content can be determined. The first device may selectively determine the classification of the content by providing the value or the portion of the content corresponding to the value, to a fourth device when the classification cannot be determined, or determine the classification of the content using a data store when the classification can be determined. The first device may perform an action with respect to the content.

Abstract: Technologies are provided for prevention of organizational data leakage across platforms based on device status. A device management service may include status information for a client device and/or a connection in a token provided to the client device and update the status in response to changes. An applicable data protection policy may be determined based on the detected status and optionally based on data being accessed. An instruction may be transmitted to a client application executed on the client device based on the applicable data protection policy thereby enforcing the data protection policy at the server. The instruction may cause a script executed at the client application to disable one or more user interface controls associated with functionality such as downloading, synchronizing, printing, etc. of the organizational data to prevent leakage of organizational data.

Abstract: An emotion-based authentication service can obtain data associated with a user device, identify an emotion associated with the data, detect an authentication request that requests authentication of the user device using an emotion-based authentication service, generate, based on the emotion and the data, a challenge for the user device and an expected response to the challenge, receive, from the user device, a response to the challenge, and determine if the user device is to be authenticated based on the response to the challenge and the expected response to the challenge.

Abstract: Systems and methods are provided for registering with a given application. The systems and methods include operations for receiving, with a messaging application, a request to authenticate a phone number from the given application, the phone number being input by a user to register an account with the given application; determining that the phone number received in the request matches a user phone number stored in a user account associated with the messaging application; in response to determining that the phone number received in the request matches the user phone number stored in the user account, transmitting a communication from the messaging application to the given application indicating that the phone number has been authenticated; and causing the given application to register the account for the user to enable the user to log into the given application.

Abstract: A system for utilizing a mobile device as a computer authenticator is provided. The system may include a computing application executing on a computing apparatus. The system may include a secure backend server. The secure backend server may include a list of user identifiers, token serial numbers, device registration numbers and computing device identifiers. A pre-registration process may be used to embed a mobile token on a mobile device. A registration process may be used to pair the mobile device to the computing device. An in-use process may be used to authenticate the computing application using the mobile device.

Abstract: A method for hiding information in executable code comprising: identifying a set of pairs of interchangeable instructions, wherein each pair has an instruction order of execution that is reversible without changing a functionality of the executable code; organizing the pairs into a plurality of matrices based on a set of random seeds; for each matrix, inverting a submatrix consisting of a subset of columns from each matrix to identify a subset of pairs; identifying a matrix that has full column rank on a subset of columns that is a function of the pairs' location; storing an index of the identified matrix's associated seed in a secure data storage location; and encoding data into the executable code by reversing the order of execution of the subset of pairs and treating each pair having reversed instructions as a “1” and each pair of non-reversed instructions as a “0” or vice versa.

Abstract: A system includes a credential service operable to store a URL for reaching the credential service and a mobile library on a mobile device operable to communicate with the credential service, the mobile library operable to receive the URL for subsequent transactions with the credential service.

Abstract: Data is efficiently read from and written in a sequence without an access position being revealed. A secure reading and writing apparatus (1) receives a read command or a write command as input, and, when the read command is input, outputs a secret text [a[x]] which is an x-th element of a secret text sequence [a], and, when the write command is input, adds the secret text [a[x]] which is the x-th element of the secret text sequence [a], to a secret text [d]. A secure reading part (12) reads the secret text [a[x]] which is the x-th element from the secret text sequence [a]. A buffer addition part (13) adds a secret text [c] of an unreflected value c to the secret text [a[x]]. A buffer appending part (14) appends a secret text [x] and the secret text [d] to a write buffer [b].

Abstract: Disclosed herein is an apparatus for calculating a cryptographic component R2 mod n for a cryptographic function, where n is a modulo number and R is a constant greater than n. The apparatus comprises a processor configured to set a start value to be equal to R mod n, perform b iterations of a shift and subtract operation on the start value to produce a base value, wherein the start value is set to be equal to the base value after each iteration, set a multiplication operand to be equal to the base value, and perform k iterations of a Montgomery modular multiplication of the multiplication operand with the multiplication operand to produce an intermediate result, wherein the multiplication operand is set to be equal to the intermediate result after each iteration, wherein the shift and subtract operation comprises determining a shifted start value which is equivalent to the start value multiplied by two, and subtracting n from the shifted start value if the shifted start value is greater than or equal to n.

Abstract: A method of validating software including maintaining, in a trusted computing system, a copy of at least portions of data of the software, the software comprising data in an untrusted computing system. The method includes, with the trusted computing system, specifying selected data from data included in the copy as hash data, generating an executable file for generating a hash based on the specified hash data, executing the executable file to generate a check hash using the specified selected data from the copy as the hash data, and determining whether the software is valid based, at least in part, on a comparison of the check hash to an access hash generated by execution of the executable file by the untrusted computing system using the specified selected data from the untrusted computing system as the hash data.