Abstract: The present disclosure is directed to systems and methods for mitigating or eliminating the effectiveness of a side channel attack, such as a Meltdown or Spectre type attack by selectively introducing a variable, but controlled, quantity of uncertainty into the externally accessible system parameters visible and useful to the attacker. The systems and methods described herein provide perturbation circuitry that includes perturbation selector circuitry and perturbation block circuitry. The perturbation selector circuitry detects a potential attack by monitoring the performance/timing data generated by the processor. Upon detecting an attack, the perturbation selector circuitry determines a variable quantity of uncertainty to introduce to the externally accessible system data. The perturbation block circuitry adds the determined uncertainty into the externally accessible system data. The added uncertainty may be based on the frequency or interval of the event occurrences indicative of an attack.

Abstract: Technologies for verifying the integrity of regions of physical memory allocated among multiple domains are described. In embodiments the technologies include or cause: the generation of a first integrity value in response to a write command from a first domain; the generation of a second integrity value in response to a read command; and verifying the integrity of read data targeted by the read command at least in part by comparing the first integrity value to the second integrity value.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for claim verification. One of the methods includes: receiving, from a first entity, a request for verifying a verifiable claim (VC) that comprises a digital signature; obtaining, based on the VC, a public key associated with a second entity; determining that the digital signature is created based on a private key associated with the public key; and verifying the VC based on the determination.

Abstract: For one embodiment, a computerized method for detecting exploit attacks on an interpreter comprises configuring a virtual machine including a user mode and a kernel mode and processing an object by an application operating in the user mode of the virtual machine. Responsive to the processing of the object, detecting a loading of an interpreter. Furthermore, responsive to the loading of the interpreter, inserting one or more intercept points for detecting one or more types of software calls from the interpreter or for detecting a certain type or certain types of activities occurring within the interpreter. Thereafter, an exploit attack is detected as being conducted by the object in response to the interpreter invoking a software call that corresponds to the one or more types of software calls that is considered anomalous when invoked by the interpreter or an anomalous activity being conducted within the interpreter.

Abstract: The disclosure relates to apparatuses and methods for a computer network comprising hosts accessible by directory users whose user identity information is maintained in a user information directory. The apparatus comprises at least one processor, and at least one memory for storing instructions that, when executed, cause the apparatus to manage information of configurations for attribute based filtering of access requests by the directory users for a plurality of hosts and separately from the user information directory.

Abstract: Embodiments of the disclosure provide methods and apparatuses for identifying fake traffic. The method can includes: collecting access traffic data of network traffic; generating feature data of the access traffic data; and sending the feature data to a server for identifying fake traffic in accordance with the feature data.

Abstract: Methods and apparatus consistent with the present disclosure may prevent a computer process from failing when a firewall located between a client device and a server identifies that a process at the firewall should be bypassed using fingerprint information associated with a connection attempt. When fingerprint information stored at a firewall matches previously received fingerprint information, the firewall may allow processes typically performed at the firewall to be bypassed, thereby, allowing communications to pass between the client device and the server without inspection. When that fingerprint information does not match previously received fingerprint information, the firewall may perform a process that causes the client device to fail the first connection attempt. Because of this, methods consistent with the present disclosure may allow communications from an application program to be passed through a firewall without relying on an ever growing list of trusted application programs.

Abstract: Remote access of a service provider to a secure enterprise computing environment through a firewall through the use of tokens.

Abstract: Methods and systems are provided for user authentication in communication systems. An identification token may be generated in response to a request from a user terminal to load a web page. The identification token may comprise a network address associated with the user terminal, and a time stamp indicating when the network address was used by the user terminal. User authentication information relating to the identification token may then be obtained to authenticate a user of the user terminal. The user terminal may be instructed to request the identification token in response to requesting the web page.

Abstract: Embodiments of the present application relate to a method, apparatus, and system for providing a security check. The method includes receiving a security verification request sent from a terminal, obtaining first verification element information based at least in part on the security verification request, generating a digital object unique identifier based at least in part on the first verification element information, sending the digital object unique identifier to the terminal, receiving second verification element information from the terminal, and in the event that the first verification element information and the second verification element information are consistent, sending security check pass information to the terminal.

Abstract: Various embodiments provide for the consolidation of policies across multiple identities that are respectively associated with multiple active directory (AD) groups to which a user belongs. Present embodiments provide for dynamically generating a new identity in the resource provider environment that includes permissions to all of the resources that may otherwise be distributed across multiple identities. Specifically, in accordance with various embodiments, when a user login is detected, the active directory is queried to determine the AD groups to which the user belongs. As mentioned, the user's AD groups are mapped to respective identities in the resource provider environment, in which each identity includes policy defining access to one or more resources. The policies of all the respective identities are consolidated and assigned to a new identity. The user may assume the new identity and access all the resources in tandem.

Abstract: Techniques and mechanisms are disclosed for configuring actions to be performed by a network security application in response to the detection of potential security incidents, and for causing a network security application to report on the performance of those actions. For example, users may use such a network security application to configure one or more “modular alerts.” As used herein, a modular alert generally represents a component of a network security application which enables users to specify security modular alert actions to be performed in response to the detection of defined triggering conditions, and which further enables tracking information related to the performance of modular alert actions and reporting on the performance of those actions.

Abstract: A computerized method that assists in preventing malware from evading detection through analysis of the virtual hardware components operating within a malware detection system is described. First, a virtual machine (VM) is provisioned in accordance with a guest image, which includes a guest operating system and one or more virtual hardware component. The virtual hardware component including an identifier, and the guest operating system includes a software driver that controls access to the virtual hardware component and features the identifier of the virtual hardware component. Responsive to processing an object within the VM and issuance of a request for an identifier of a hardware component, the identifier of the first virtualized hardware component (virtualization of the hardware component) is received. The first identifier of the first virtual hardware component being an identifier substituted for a prior identifier of the first virtual hardware component before creation of the guest image.

Abstract: The specification discloses an authentication method. The method includes receiving an authentication request sent from a target browser, the authentication request comprising information to be authenticated and a jump parameter used for implementing a jump between the target browser and the authentication client; after authenticating the information to be authenticated to obtain an authentication result, searching for identification information of the target browser that corresponds to the jump parameter from a mapping file according to the jump parameter, the mapping file comprising mapping relationships between identification information of different browsers and jump parameters of the browsers; sending a page jump request to the target browser according to the identification information of the target browser, the page jump request comprising the authentication result.

Abstract: Utilities (e.g., methods, systems, apparatuses, etc.) for use in generating and making use of priority scores for data generated by one or more data systems that more accurately prioritize those events and other pieces of data to be addressed by analysts and troubleshooters before others (e.g., collectively taking into account threats posed by origin host components and risks to impacted host components) to work the highest risk events and alarms first and to effectively and efficiently spend their alarm monitoring time.

Abstract: Disclosed herein are technologies regarding a communication device and server which are capable of cryptographic communication based on quantum cryptography. A communication device for quantum cryptography authentication includes: an optical communication unit configured to receive a series of first quantum signals generated by passing through a first quantum filter of the communication device; a quantum signal generation unit configured to generate the first quantum signals by setting up the first quantum filter in a reception path for a series of second quantum signals generated and sent by a server; and a processor configured to select the setup of the first quantum filter based on a series of randomly generated first quantum states, and to control the quantum signal generation unit to generate the first quantum signals by using the first quantum filter.

Abstract: Disclosed herein are a quantum cryptography-based cryptographic communication system and an authentication, payment and transaction system via a relay device between a communication device and a server. A relay device for quantum cryptography authentication includes an optical receiver unit, an optical transmission unit, and a processor. The processor includes a quantum signal control unit, a user authentication unit, and a random number generation unit. The optical receiver unit receives a series of second quantum signals generated in such a manner that a series of first quantum signals generated by a first quantum filter and sent from a communication device pass through the second quantum filter of the relay device or a reception side, and the optical transmission unit transfers the series of second quantum signals to a server.

Abstract: A client, a server, a method and an identity verification system are provided. The client is configured to generate a verification code and includes: a transaction initiating unit configured to initiate, in response to a predetermined identity verification event regarding a user, a random transaction between a first account and a second account in a data platform system, so that the random transaction is recorded in the data platform system; a verification code generating unit configured to generate, based on at least information about the random transaction, a verification code for verifying an identity of the user; and a sending unit configured to send the generated verification code to a server, so that the server verifies the identity of the user according to a record of the random transaction and the verification code, the data platform system being a decentralized distributed database and records therein being unchangeable and undeletable.

Abstract: Embodiments of the invention provide for malware collusion detection in a mobile computing device. In one embodiment, a method for malicious inter-application interaction detection in a mobile computing device includes filtering applications installed in a mobile device to a set of related applications and then monitoring in the mobile device execution of the related applications in the set. The method additionally includes computing resource utilization of one of the related applications executing in a background of the mobile device while also computing execution performance of a different one of the related applications. Finally, the method includes responding to a determination that the computed resource utilization is high while the computed execution performance is poor by generating a notification in the display of the mobile device that the one of the related applications is suspected of malware collusion with the different one of the related applications.

Abstract: A communication apparatus that transmits a challenge code on the basis of a received request signal and performs authentication of an authentication target apparatus transmitting the request signal on the basis of the challenge code and a response code generated on the basis of the challenge code includes a control unit configured to perform a predetermined fail-safe process when a request signal is received a set number of times or more from the authentication target apparatus before completion of the authentication after the transmission of the challenge code.