Abstract: Disclosed are various examples for securing the transmission of files to and from a client device. In some examples, an initialization token is identified for a file that includes a number of portions. An algorithm is iteratively applied to the initialization token to determine that no repeated output occurs over a number of iterations corresponding to the number of file portions. Initialization data is transmitted from a client device to a management service that manages access to the file. The initialization token is included in the initialization data if no repeated output occurs when the algorithm is iteratively applied over the number of iterations.

Abstract: The present disclosure provides a verification system. The verification system is formed with a trusted execution environment, the verification system includes a processor set, and the processor set is configured to: obtain an infrared image to be verified of a target object; determine, in the trusted execution environment, whether the infrared image to be verified matches a pre-stored infrared template; in response to determining that the infrared image to be verified matches the pre-stored infrared template, obtain a depth image to be verified of the target object; and determine, in the trusted execution environment, whether the depth image to be verified matches a pre-stored depth template.

Abstract: Systems and methods for malware detection using multiple neural networks are provided. According to one embodiment, for each training sample, a supervised learning process is performed, including: (i) generating multiple code blocks of assembly language instructions by disassembling machine language instructions contained within the training sample; (ii) extracting dynamic features corresponding to each of the code blocks by executing each of the code blocks within a virtual environment; (iii) feeding each code block into a first neural network and the corresponding dynamic features into a second neural network; (iv) updating weights and biases of the neural networks based on whether the training sample was malware or benign; and (v) after processing a predetermined or configurable number of the training samples, the neural networks criticize each other and unify their respective weights and biases by exchanging their respective weights and biases and adjusting their respective weights and biases accordingly.

Abstract: A system for probe-based risk analysis for multi-factor authentication having a multi-dimensional time series data server configured to monitor and record a network's traffic data and to serve the traffic data to other modules and a directed computational graph module configured to probe connection destinations for a response, analyze any received responses, and determine a verification score needed before granting access based at least in part on the analysis of the received responses. A plurality of verification methods build up a user's verification score to required level to gain access.

Abstract: Embodiments of the disclosure provide a method and apparatus for encrypting and decrypting data. The method for encrypting data in a computer system can include: receiving, by a memory operation module, a first data and a second data for encryption; determining at least one storage area for a first encrypted data corresponding to the first data and a second encrypted data corresponding to the second data; generating at least one key based on the first and second data and the at least one storage area; and encrypting the first data and the second data using the at least one key to generate the first encrypted data and the second encrypted, respectively.

Abstract: A data management system manages secured data for a plurality of users. The data management system utilizes an access authorization system to authenticate users seeking access to the data management system. The access authorization system provides access tokens to authenticated users. The access tokens enable the authenticated users to access the data management system without again providing authentication data. The access authorization system includes, for each user, an access policy that governs whether the users can use the access tokens to access the data management system. The access tokens have a finite lifetime. If the users use the access tokens within the finite lifetime and if the users satisfy all of the access rules of the access policies, then the lifetime of the access tokens can be extended a finite number of times.

Abstract: A system and method allows a matching system to mediate requests for information among different computer systems without storing information that can be used to log into those computer systems.

Abstract: Aspects of the invention include receiving a request from an initiator channel on an initiator node to initiate a secure communication with a responder channel on a responder node. The receiving is at a local key manager (LKM) executing on the initiator node. A security association is created at the LKM between the initiator node and the responder node. An identifier of a shared key assigned for communication between the initiator node and the responder node is obtained, and a message requesting initialization of the secure communication between the initiator channel and the responder channel is built. The message includes the identifier of the shared key. The message is sent to the initiator channel.

Abstract: Systems and methods for providing policy-controlled communication over the Internet are provided. A system may include a client endpoint function configured to execute on a client device while coupled to a first VPN tunnel, a service endpoint function that operates a remote service of a plurality of remote services, and a mid-link server coupled to the first VPN tunnel and a second VPN tunnel. The mid-link server may include an inspection component that analyzes network packet traffic in accordance with a plurality of policies. The inspection component may inspect the network packet traffic for specific content and provide instructions to a router component and/or a mediation component of the mid-link server. The instructions may be a function of at least one policy that applies to the specific content.

Abstract: Provided are a method and apparatus for turning on a screen, a mobile terminal and a storage medium. The method comprises that: when a change in a moving state of a mobile terminal meets a preset unlocking condition, a structured light image sensor is activated for imaging; a depth map obtained by the imaging of the structured light image sensor is acquired; a face depth model is constructed according to the depth map; a position of pupils is identified from the face depth model; and when the position of the pupils is within a specified region of eyes, the screen of the mobile terminal is controlled to turn on.

Abstract: Systems and methods for providing policy-controlled communication over the Internet are provided. A system may include a client endpoint function configured to execute on a client device while coupled to a first VPN tunnel, a service endpoint function that operates a remote service of a plurality of remote services, and a mid-link server coupled to the first VPN tunnel and a second VPN tunnel. The client endpoint function may include a first VPN endpoint component, and the service endpoint function may include a second VPN endpoint component. The mid-link server may include a first VPN termination point that authenticates and terminates the first VPN tunnel and a second VPN termination point that authenticates and terminates the second VPN tunnel. The first VPN termination point may re-authenticate the client device based on a first characteristic of the first VPN endpoint component and/or a second characteristic of the second VPN endpoint component.

Abstract: When a software update is provided to a device that implements a facial recognition authentication process, a new authentication algorithm to operate the facial recognition authentication process may be included as part of software update. For a period of time, the new authentication algorithm may operate a “virtual” facial recognition authentication process alongside operation of the existing facial recognition authentication process using the existing (e.g., earlier version) authentication algorithm. The performance of the new authentication algorithm in providing facial recognition authentication (as assessed by the “virtual” process) may be compared to the performance of the existing authentication algorithm in providing facial recognition authentication during the period of time.

Abstract: A system includes an entropy device configured to generate and distribute input entropy data and an intelligent electronic device (IED) of an electric power distribution system. The IED is configured to perform operations that include receiving the input entropy data distributed by the entropy device, generating a set of keys using the input entropy data, and establishing a Media Access Control Security (MACsec) communication link using the set of keys.

Abstract: The exemplary embodiments disclose a system and method, a computer program product, and a computer system for encryption. The exemplary embodiments may include receiving an encryption request from a first smart device, preparing a response to the encryption request and generating a key, encrypting the prepared response with the generated key, sending the encrypted response to the first smart device, splitting the key into two or more pieces, sending the two or more key pieces to a second smart device, sending the two or more key pieces from the second smart device to the first smart device, assembling the two or more key pieces into the key on the first smart device, and decrypting the encrypted response on the first smart device using the assembled key.

Abstract: This disclosure provides a decoding method and apparatus in the communications field. The method includes: extracting at least one piece of prior information from at least one first transport block that has been successfully decoded, and assembling the at least one piece of prior information into a prior information set, where one piece of prior information includes header information of a transmission protocol layer of one first transport block; when a to-be-decoded second transport block sent by a transmit end is received, selecting first prior information from the prior information set, where the second transport block is a transport block obtained by the transmit end by coding a third transport block; and decoding the second transport block based on the first prior information and first demodulation information of the second transport block, to obtain the third transport block.

Abstract: In one embodiment, a domain controller includes a quarantine logic to quarantine unknown devices from unrestricted network access. The quarantine logic comprises a first quarantine point at a first layer of a multi-layer communication model. The domain controller also includes: a first logic to communicate with a domain name system (DNS) service to self-allocate and register a domain name with the DNS service, the domain name associated with a domain to be managed by the domain controller; a second logic to manage a group of devices of the domain; and a third logic to receive a provisioning request for a first device via an access point that comprises a second quarantine point at a second layer of the multi-level communication model. The second layer is a lower layer than the first layer, and the second quarantine point is more restrictive than the first. Other embodiments are described and claimed.

Abstract: A system for communicating images, comprises an imaging device configured to capture and image and generate a digital image file, the imaging device comprising a device identifier; a set of routines configured to label the digital image file, associated account information with the digital image file, associate the device identifier with the digital image file, and communicate the digital image file to a server; a server configured to receive digital image files and process the digital image file according to at least one of a label associated with the digital image file, account information associated with the digital image file, and a device identifier associated with a device that captured the digital image file.

Abstract: In examples, a non-transitory computer-readable storage medium stores executable code, which, when executed by a processor, causes the processor to receive a semiconductor package image, the image including semiconductor package surface codes, the codes including a semiconductor package identifier. The executable code causes the processor to transmit at least one of the semiconductor package identifier, the codes, or the image. The executable code causes the processor to receive information associated with the semiconductor package identifier. The executable code causes the processor to output the information via at least one of a display coupled to the processor, a speaker coupled to the processor, or the wireless transceiver.

Abstract: A communication system is provided that includes a first quantum key distribution device and a communication device. The first quantum key distribution device is configured to be coupled to a second quantum key distribution device over a quantum channel and to generate a quantum key based on a quantum state transmitted along the quantum channel. The communication device is communicatively connected to the first quantum key distribution device within a network. The communication device is configured to receive the quantum key from the first quantum key distribution device and transmit the quantum key to an end device in the network via a classical link to enable the end device to use the quantum key for encrypting and/or decrypting messages communicated through the network.

Abstract: Technologies for providing multiple device authentication in a heterogeneous network include a gateway node. The gateway node includes a network communicator to receive a request from a terminal node to authenticate a user of a set of heterogeneous nodes connected to the gateway node and broadcast a credential request to the nodes. Additionally, the gateway node includes a response combiner to combine responses from the set of nodes to generate a combined authentication message. The network communicator is further to send the combined authentication message to the terminal node for authentication. Other embodiments are described and claimed.