Abstract: Techniques are disclosed relating to the modification of user account functionality based on a physical state of a mobile device. For example, in some embodiments, a mobile device may detect one or more physical states associated with the device. The mobile device may compare the one or more physical states to a set of rules for a user account associated with a user, where a given one of the set of rules specifies one or more functionalities, of the user account, to modify in response to one or more of the rules being satisfied. Further, in response to the one or more physical states satisfying a first rule of the set of rules, the mobile device may send, to a server system associated with the user account, a request to modify one or more functionalities associated with the user account.

Abstract: An information processing device according to the present invention includes: a storage unit that stores a first unique value calculated for each portion of a program in advance; and an inspection unit that inspects whether or not there is a tampering in the portion by newly calculating a second unique value for the portion and comparing the first unique value with the second unique value.

Abstract: There is disclosed in one example a computing apparatus, including: a processor and a memory; instructions encoded within the memory to instruct the processor to: identify a downloaded file on a file system; inspect a metadata object attached to the downloaded file; parse the metadata object to extract an advertiser identification string from a GET code portion of a uniform resource locator (URL); query a reputation cache for a reputation for the advertiser identification string; receive a deceptive reputation for the advertiser identification string; and take a remedial action against the downloaded file.

Abstract: Aspects of the disclosure relate to a system and method for cryptographically transmitting and storing identity tokens and/or activity data among spatially distributed computing devices. The system may comprise a plurality of chains, such as an identity chain and an activity chain. In some aspects, identity data associated with a user may be used to generate an identity token for the user. The identity token may be transmitted to a plurality of computing devices for verification. Based on a verification of the identity token, the identity token may be stored in the identity chain. A request to perform an activity may also be received, and identity data associated with the user may be received in order to authenticate the user.

Abstract: An information handling system may include a processor and a basic input/output system communicatively coupled to the processor and embodied by executable instructions embodied in non-transitory computer readable media, the instructions configured to, when executed by the processor: extract from a boot manifest a list of files associated with operating system applications of the information handling system and respective signatures for each of the files; locate the files listed in the boot manifest on a partition of a storage resource accessible to the processor; attempt to verify signatures for each of the files as stored on the storage resource against their respective signatures set forth in the boot manifest; enable execution of a boot loader for the operating system and the operating system applications in response to successful verification of the signatures; and abort a boot process of the information handling system in response to unsuccessful verification of the signatures.

Abstract: A method for obtaining a representation of an environment includes requesting device context information from a user device. The request is sent to the user device from a virtual machine environment established by a database processor. The virtual machine environment is established by the database processor in response to a request received from the user device over a network for a representation of an environment. User preference information is requested and the device context information and the user preference information are received in the virtual machine environment. Based on the device context information, an environmental data set (EDS) is identified that includes information reflective of the environment. The EDS is received in the virtual machine environment and the EDS is modified based at least in part on the user preference information. Executable computer code is constructed for generating a representation from the modified EDS and sent to the user device.

Abstract: A multicast service processing method and an access point are disclosed. The method includes: generating, by an access point (AP), a first group addressed frame and an individually addressed frame based on a multicast packet, where the first group addressed frame is encrypted by a first multicast key, and the individually addressed frame is encrypted by a unicast key of a second terminal.

Abstract: A system for providing an application includes an interface and a processor. The interface is configured to receive an indication to provide an application to a device. The processor is configured to provide the application to the device. The application is configured to: receive a request for a list of valid credentials; determine a list of stored credentials; provide the list of stored credentials to a database system; receive an indication of revoked credentials from the database system; and determine the list of valid credentials based at least in part on the list of stored credentials and the revoked credentials.

Abstract: An application downloaded from the network onto a target (production) machine can be validated in a sandbox environment. An execution report can be generated during the validation. When the validated application is executed on the target machine, operations performed by the application are limited based on the execution report.

Abstract: A program verification system of the invention includes program verification means 51 for verifying whether a verification target program input as a program operating in a secure environment does not include a program execution function which is a function of executing a new program in the same environment by a command in the corresponding program and/or whether the verification target program or a protection mechanism of the secure environment as an operation source of the verification target program includes an external input attack defense function which is a function of defending against an attack caused by an external data input during execution of the program; and signature means 52 for giving a signature to the program based on a result of the verification by the program verification means 51.

Abstract: A data packet sending method, a network device, a control device, and a network system includes receiving a first data packet sent by a first device, where a packet header of the first data packet includes a first sequence number marker sequence, a first position marker sequence, a first accumulated value, and a verification value; obtaining a second data packet, where a packet header of the second data packet includes a second sequence number marker sequence, a second position marker sequence, a second accumulated value, and the verification value; and sending the second data packet to a second device.

Abstract: An extracting unit randomly extracts a block from among the blocks of instruction strings constituting the byte code of a first program and, at the time of execution of the first program, extracts the blocks which are invariably executed before the randomly-extracted block. A dividing unit randomly divides, into a plurality of blocks, the instruction strings constituting the byte code of a second program which enables detection of tampering of the first program. An inserting unit inserts the plurality of blocks, which are obtained by division by the dividing unit, at different positions in the block extracted by the extracting unit, while maintaining the execution sequence written in the second program.

Abstract: One or more implementations of the present specification provide a blockchain-based data authorization method and apparatus. The method can include receiving, by a blockchain node, an authentication transaction submitted by a privacy computing platform, where the authentication transaction queries whether a data user has obtained authorization of target data possessed by a data owner, and in response to determining that the data user has obtained authorization of the target data, executing, by the blockchain node, a smart contract invoked by the authentication transaction to provide an authorization token to the privacy computing platform that instructs the privacy computing platform to obtain the target data, and send a computational result of one or more predetermined computational operations based on the target data to the data user.

Abstract: Systems and methods mediate permissions for applications on user devices using predictive models. Data communications are monitored on a user device for permission requests and responses. A predictive model is trained with these permission requests and responses until a threshold is met. Then, a default permission response is provided on behalf of the user device in response to a permission request.

Abstract: The present invention relates to a computer having an isolated user computing unit for responding to a system seizing attempt by a malicious code and minimizing damage to a system. A computer according to a feature proposed by the present invention comprises: a security management computing unit for managing connected I/O devices and auxiliary memory device unit; and a user computing unit which is isolated from the I/O devices, communicates with the I/O devices via an intercommunication unit responsible for communication between the security management computing unit and the user computing unit, has a separate CPU and memory, and is connected to the security management computing unit. The security management computing unit manages the I/O devices, monitors and restores a system, and monitors and controls the user computing unit, and the user computing unit is isolated from the security management computing unit and executes a user program and a user OS.

Abstract: A method for avoiding a Bluetooth device from being traced, which comprises the following steps: parsing, by a target Bluetooth device, a second dynamic address to obtain a second random number and a second data; and generating, by the target Bluetooth device, a plurality of the third data successively according to the identity parsed keys in the identity parsed keys list save by the target Bluetooth device and a second random number, and determining whether there exists any third data which is the same as the second data, if yes, determining that there exists the second identity parsed key which is authenticated successfully; otherwise, determining that there isn't the second identity parsed key which is authenticated successfully.

Abstract: The variable domain data access control system and method described herein use the same variable domain to describe a data security model and a variable domain data model, such as a product configuration model. A variable domain is a set of resource data that can be described using a logical relationship data structure. The variable domain utilizes logical relationship expressions, such as a Boolean logic language, to define resource data in terms of parts, rules and/or attributes, and any other property that can be accessed for viewing, manipulation, or other purposes. The data security model represents an access control list (ACL) that includes security attributes as resource data and uses the same data structure and logical relationship expressions as an associated variable domain data model. An application, such as a configuration engine, can be used to create controlled access to the variable domain data model using the data security model.

Abstract: An example operation may include one or more of receiving, by one or more endorser nodes of a blockchain network, an invoke chaincode transaction proposal, executing chaincode, encrypting, by an application programming interface between the chaincode and a shared ledger, blockchain state to the shared ledger, decrypting blockchain state from the shared ledger, endorsing, by the one or more endorser nodes, one or more results from executing the chaincode, and creating a blockchain transaction from the one or more endorsed results.

Abstract: A device may provide a verification indicator to a device associated with a website. The verification indicator may be associated with verifying access to the website. The device may detect that the verification indicator has been associated with code associated with the website based on processing the code. The device may provide a script to the device. The script may be included in the code. The script may be associated with monitoring operations of the website. The device may receive data related to the operations. The device may analyze the data using a model. The model may be associated with making a prediction related to at least one of: a value to be received via the website, or traffic associated with the website. The device may perform one or more actions related to the website based on a result of the analyzing.

Abstract: Described is a system that provides a mechanism to securely deliver software updates to components of an isolated recovery environment. More specifically, the system provides the ability to include (or inject) a software update as part of a secure data transmission from a production environment to an isolated recovery environment. The data transmission may use existing infrastructure for synchronizing recovery data between the production backup system and isolated recovery system thereby preventing a potential new access point (or vulnerability) to the isolated recovery environment that a cyber security threat may attempt to exploit.