Abstract: Aspects of the technology described herein enable a client device to access a web service in a claims-based identity environment thorough an Internet Protocol (IP) address, rather than the web service's domain name service (DNS). In a claims-based identity environment, a client device will authenticate a relying party's server SSL certificate before providing the token to the relying party by following an authentication process. Current authentication processes include a name-chaining operation, which compares a subject field of a token provided with the Uniform Resource Identifier (URI) used to request the resource (e.g., RP application). When the IP address is used as the URI, then the URI in the certificate will not match the URI in the request and the authentication will fail. Accordingly, aspects of the technology use an alternative authentication method that allows access to a web service through an IP address, when the default client-side token validation is DNS-name based.

Abstract: Embodiments are described for performing file restores from remote high-latency storage tiers by reading available data from a local low-latency tier in a deduplication appliance. A request to restore a previously segmented and deduplicated file can be received by a storage appliance from an application, each segment having a fingerprint. The name of the file can be looked up in an index on the storage appliance, and a first batch of fingerprints of segments of the file can be retrieved from the index. Each fingerprint can be looked up in metadata in the index to determine whether the segment corresponding to the fingerprint is available locally and therefore need not be retrieved locally. A list of local and remote prefetch segments is generated, and a prefetch request is generated for each list, if non-empty. Use of the prefetch scheme can be dynamically turned on or off.

Abstract: An embodiment includes an apparatus comprising: an out-of-band cryptoprocessor coupled to secure non-volatile storage; and at least one storage medium having firmware instructions stored thereon for causing, during runtime and after an operating system for the apparatus has booted, the cryptoprocessor to (a) store a key within the secure non-volatile storage, (b) sign an object with the key, while the key is within the cryptoprocessor, to produce a signature, and (c) verify the signature. Other embodiments are described herein.

Abstract: A method of administering a computing system, including a plurality of computing devices. The method includes selecting an application for download to a computing device, prior to downloading the application, decompiling the application, searching for string patterns in the decompiled application, replacing the string patterns in the decompiled application with another string pattern, the another string pattern being configured to intercept at least one of a system event or an Application Programming Interface (API) call, and associating logic with the application. The logic is configured to interact with the application via the at least one system event or API call, the logic is configured to provide additional functions to the application, the logic is configured to be shared between the application and at least one other application, and the logic is stored separate from the application.

Abstract: Systems, methods, and software described herein provide security actions based on related security threat communications. In one example, a method of operating an advisement system includes identifying a security threat within the computing environment, wherein the computing environment comprises a plurality of computing assets. The method further provides obtaining descriptor information for the security threat, and retrieving related communication interactions based on the descriptor information. The method also includes generating a response to the security threat based on the related communication interactions.

Abstract: A secure Basic Input/Output System (BIOS) attribute system includes a secure server system coupled to a computing device through a network. The computing device receives a first BIOS attribute modification request, and authenticates the first BIOS attribute modification request using a first certificate that was previously stored in the computing device in response to validating the first certificate based on a key provided by the secure server system. In response to authenticating the first BIOS attribute modification request using the first certificate, the computing device modifies at least one BIOS attribute stored in the computing device.

Abstract: An example operation may include one or more of joining, by a host device, a blockchain managed by one or more devices on a decentralized network, the blockchain is configured to use one or more smart contracts that specify transactions among a plurality of end-users, creating on the blockchain the smart contract defining authentication parameters for an authentication of an end-user from the plurality of the end-users, executing the smart contract to perform the authentication of the end-user associated with a transaction based on the authentication parameters by generating an authentication challenge for the transaction, and recording an authentication log produced by the authentication challenge into a metadata of a transaction payload for analytics.

Abstract: This application relates to the field of communications technologies, and discloses a network authentication triggering system, method and a related device. The method includes: receiving a first message from a terminal, where the first message carries first identity information and identifier information, the first identity information is encrypted identity information, and the identifier information is used to identify an encryption manner of the first identity information; and sending a second message to a first security function entity, where the second message is used to trigger authentication for the terminal, and the second message carries the identifier information. This application provides a solution of triggering an authentication process when identity information is encrypted.

Abstract: A method of dynamically generating a domain based public group key and private member keys using a domain key agent, a domain key service of a domain key broker, and a domain key distribution center. The method includes: sending to the domain key service of a domain key broker a request for a private member key for the domain, wherein the request includes proof of possession of a vehicle private key associated with a vehicle certificate and a vehicle public key; receiving from the domain key service a private member key and a public group key; sending a message digitally signed using the member private key; verifying the digital signature on the received message using the public group key; and dynamically renewing the public group key and private member key based on the domain.

Abstract: A method for creating and registering authentication information is provided. The method includes steps of: (a) an intermediate server determining whether a specific user's public key is registered if (i) the specific user's public key and (ii) a hash value of the specific user's information or its processed value are acquired from a biometric authentication server which received a request for registration; (b) the intermediate server, if the specific user's public key is unregistered, creating and transmitting to a database a transaction whose outputs include (i) the specific user's public key and (ii) the hash value or its processed value (c) the intermediate server acquiring a transaction ID representing location information indicating where the transaction is stored in the database; and (d) the intermediate server notifying the biometric authentication server of a successful registration of (i) the specific user's public key and (ii) the hash value or its processed value.

Abstract: Disclosed embodiments relate to systems and methods for discovering and controlling sensitive data stored in temporary access memory. Techniques include identifying an application configured to perform one or more secure functions using sensitive data, wherein the application is configured to store or access the sensitive data in a temporary access memory accessible to the application; analyzing one or more processes associated with runtime activity of the application; detecting, based on the analyzing, an instance of the sensitive data, wherein the detecting is based on at least one of: analyzing input from a user to the application, or analyzing attributes of the application; and automatically implementing, based on the detecting, a control action to limit the accessibility of the sensitive data in the temporary access memory.

Abstract: A system for and method of transmitting verifiable e-mail includes a message ID sent to a recipient of the e-mail. A system for and method of transmitting encrypted files using email and other electronic communication channels includes a computer program for storing encrypted files supplied by a user, creating a link to 5 the encrypted files to be e-mailed to a recipient, allowing download of the encrypted files when an authorization code is provided after the link is used to go to a system server, wherein the authorization code is sent to a telephone of the recipient, via text or aurally.

Abstract: A system includes a processor controlling a vehicle module (VM) in communication with a telematics control unit (TCU) over a bus. In this embodiment, the processor is configured to receive an authentication request, including a counter value, from the TCU. The processor is also configured to respond to the authentication request based on comparison of the counter value to a stored counter value stored by the VM. The processor is further configured to receive a command corresponding to the authentication request and including the counter value, responsive to the approved authentication request and process the command based on comparison of the counter value to the stored counter value.

Abstract: System and methods are described for authenticating users across multiple environments within a cloud-computing environment. A system may receive an indication that a user authenticated within a first environment has performed an action specific to a second environment. The system determines whether a previous action was performed by the user specific to the second environment. In response to determining that no previous action was performed, the system retrieves a first token from an authentication database, wherein the first token is associated with authentication of the user within the first environment. The system then validates the first token, and then generates a second token associated with authentication of the user within the second environment.

Abstract: A method for validating an electronic device 2 includes receiving attestation information provided by the electronic device 2 attesting that the electronic device 2 has received a plurality of event attestations. Each event attestation provides a cryptographically authenticated attestation to the occurrence of a respective event during a lifecycle of the electronic device. A validation result is determined that indicates whether the attestation information is valid. Providing separate cryptographically authenticated attestations for respective events in the lifecycle of the device can simplify manufacturing of the devices in a multistage manufacture process compared to an approach using a single device-specific attestation attesting that the entire process is trusted.

Abstract: Systems, methods, and computer-readable media may be provided for securely authenticating device identification and/or user identification for low throughput device-to-device wireless communication.

Abstract: Providing verification of the identity of a digital entity may include including receiving information and a public key of the digital entity, the information having been previously attested to in an attestation transaction stored within a centralized or distributed ledger at an attestation address, the centralized or distributed ledger providing a record of transactions. The system may derive an attestation address using the information and the public key of the digital entity. The system may verify the existence of the attestation transaction at the attestation address in the centralized or distributed ledger and verify that the attestation transaction has not been revoked. The processor associated with the user may receive a cryptographic challenge nonce signed by the digital entity's private key; and may verify the digital entity's identity with the cryptographic challenge nonce signed by the digital entity's key.

Abstract: The systems and methods described herein allow consumers to lock or unlock their credit files at multiple credit bureaus in real-time or near real-time. The service may allow a consumer to provide identifying information, such as a personal identifier to lock or unlock credit files at a plurality of credit bureaus over a network. Upon receiving the personal identifier, the system may use the personal identifier to translate the identifier into a plurality of access codes for respective credit bureaus, for example by accessing a data structure, such as a database or table, that stores a personal identifier and access codes that are associated with a consumer. The system may then use the access codes to automatically initiate locking or unlocking of credit files for the consumer at the respective credit bureaus.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to analyze data related to a digital certificate and assign a reputation to the digital certificate, where the reputation includes an indication if the data is proper. The analysis of the data can include determining if code signing for the digital certificate matches binary code for the digital certificate, if the digital certificate has been grafted to the data by modifying a portable executable file header, or the digital certificate is the same as another trusted digital certificate associated with different data.

Abstract: An integrated circuit (IC) provisioned for asset protection has a primary circuit portion, such as a microprocessor or system-on-chip, that can be selectively disabled and enabled via an operability control input. The IC includes a secure register to store lock state indicia and unlock criteria, where a signal at the operability control input is responsive to the lock state indicia. In operation, a firmware data store receives and stores firmware code that includes a lock/unlock command, and firmware data that includes an unlock key. An authorization module verifies authenticity of the firmware code. A lock/unlock (LUL) module is operative to write lock state indicia to the secure register based on the lock/unlock command only in response to a positive verification of the authenticity of the firmware code by the authorization module, and to write lock state indicia to the secure register.

Abstract: The present disclosure relates to a sensor network, Machine Type Communication (MTC), Machine-to-Machine (M2M) communication, and technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the above technologies, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. A method for controlling contents and an electronic device thereof are provided. An operation method of an electronic device includes the operations of setting an access authority for one or more contents, if there is a request for an access of at least one application to the contents, resetting the access authority for the contents, and controlling the access by the application to the contents in accordance with the reset access authority of the application for the contents.

Abstract: Aspects described herein may allow for the application of generating captcha images using variations of the same object. A GAN model may generate objects and backgrounds of the captcha images and the model may be trained based on ground-truth images to obtain refined model parameters. Further aspects described herein may provide for generating variants of the objects based on the trained model and the refined model parameters. The synthetic captcha images may be created based on the backgrounds and variants of the objects. Finally, the synthetic captcha images and ground-truth images may be presented as security challenges and user access requests may be granted or denied based on responses to the security challenges.

Abstract: The invention is a method for managing a response generated by an application embedded in a secure token in response to a command requesting opening a proactive session. An applicative server relies on an OTA server to securely send the command to the application. The method comprises the steps of: the application retrieves a data from the command and derives a key using a preset function, the application generates the response to the command, builds a secured response packet comprising the response secured with the derived key and sends the secured response packet to the applicative server.

Abstract: A system and a method provide a lead verification service. A lead generator contacts a verification server when a visitor lands on a hosting site of the lead generator to enter lead information into a form. The verification server issues a reference key (token) to the lead generator and collects information about the visitor and the hosting site of the lead generator, using the reference key to identify the collected information. When the visitor submits the form, the lead generator sends the form data, which includes the entered lead information and the reference key received from the verification server, to at least one interested party. When the verification server receives a request for the collected information from the interested party, the collected information is retrieved based on the reference key included in the request and sent to the requesting interested party.

Abstract: A system, computer-readable storage medium, and computer-implemented method for signing a document involving generating copies of the document in response to receiving actions to perform on the document. In particular, a web service can transmit a document for signing to a client device such that the document is viewable through graphical user interfaces while the underlying content of the document remains non-editable by the client devices through the web service. Responsive to receiving actions, the web service can generate one or more copies of the document that may include modifications that correspond to the received actions.

Abstract: In a method of payment for service of a portable communication unit, a customer prepays a dealer for said service, the dealer forwards transaction order information about the pre-payment to a prepaid management center (PMC); and the PMC provides a bank the transaction order information. The bank, upon receipt of the transaction order information from the PMC, determines whether there are sufficient funds in the dealer account to cover the transaction. If there is insufficient cash on hand, the dealer is notified and is provided an opportunity to replenish the account so that the transaction may proceed. If there are adequate funds in the dealer account, the bank automatically transfers the amount of the purchase transaction in the SPS account, less the dealer's fee for the purchase. After funds are transferred from the dealer account, the PMC is notified of the transfer, at which time the PMC generates codes and issues the codes to the dealer.

Abstract: Method for managing data for connection to a device via a network. The method includes: receiving, by a referencing server, originating from the device, data for connection to the device and at least one authentication token constituting an authentication datum for the assembly constituted by the device and a user of the device; and referencing of the device by the referencing server by storage of the connection data received in association with at least one referencing key including the at least one authentication token.

Abstract: A method is provided for detecting an interception of a communications session established by a user over a network, comprising the steps of: (i) monitoring communications sessions by the user over a profile time period to capture information identifying distinct communications to one or more identified network addresses and their timing over the profile time period; (ii) monitoring communications sessions within the profile time period to capture information characterising the content of transactions initiated in respect of said one or more network addresses; (iii) using the captured information to generate a profile characterising communications sessions established in respect of said one or more network addresses over the profile time period; and (iv) monitoring communications sessions with said one or more network addresses within a configurable detection time period to determine one or more measures of deviation from the profile generated at step (iii) thereby to detect the presence of an interception oc

Abstract: A computer-based method is disclosed for checking a target computer system for unnecessary privileges. The method includes receiving, at a computer-based privileges checking system, a listing of all privileges available the target computer system; receiving, at the computer-based privileges checking system, information about end-user activities on the target computer system over a specified period of time; for each respective one of the end-user activities, querying a computer-based entry point finder for any privileges that were checked at the target system for that activity; and removing the privileges that were checked at the target system for the end-user activities from the listing of all privileges available at the target system to produce a listing of unnecessary privileges at the target system.

Abstract: Provided is an authentication system that achieves simple single sign-on used by an MFP. A management application includes a first authentication-request unit that transmits an authentication request to a management server and delivers a token to an execution platform. The other application includes a second authentication-request unit that sends an authentication request together with the token to another server. The application-execution platform includes a token-delivery unit that delivers the token to the other application. The management server includes a first authentication unit that returns a token to the first authentication-request unit, a token-creation unit, and a second authentication unit that performs authentication for an inquiry from the other server that uses a token. The other server includes a third authentication-request unit that transfers an authentication request, and transfers an authentication OK message to the second authentication-request unit.

Abstract: A method for secured data transmission of visually encoded data from a mobile end device to a processing unit includes supplying on a security element of the end device a datum to be transmitted. The datum is encrypted in session-specific fashion through the security element. From the encrypted datum visually encoded image data are generated in the form of a bar code or a sequence of bar codes. The visually encoded image data are displayed through the end device.

Abstract: Systems and methods for providing inter-application communication in a network of moving things. As non-limiting examples, various aspects of this disclosure provide configurable systems and methods for providing inter-application communication in a network of moving things, for example in which clients may register for participation, subscribe to topics, publish different types of messages, etc.

Abstract: The present application relates to a methodology of verifying secret keys in a distributed network comprising a plurality of nodes connected to a shared medium. Each node of the plurality of nodes is member of at least one group of a plurality of groups. Each group is associated with a secret group key. A verification request is broadcast to the plurality of nodes and verification responses broadcast from the plurality of nodes are received. Each verification response comprises one code sequence for each logical group, of which the broadcasting node is member. Each code sequence of the verification request is generated on the basis of a secret group key associated with a respective logical group from a predefined data sequence. The code sequences are collected and the integrity of the plurality of nodes is confirmed by comparing the code sequences.

Abstract: A forged command filtering system includes: a secure command generating device for performing a digital signature operation on a selected command to generate a command request; a command transmitting device for receiving and transmitting the command request; a target device; and a command authentication circuit. The command authentication circuit includes: a communication interface for communicating with the command transmitting device or the target device; a secure micro-controller for storing a signature verification key of the secure command generating device; a control circuit for cooperating with the secure micro-controller to authenticate the command request using the signature verification key; and a storage circuit for storing data required for the operations of the control circuit.

Abstract: A safety event is determined as affecting a user based at least in part context data collected at a user device associated with the user. In some aspects, context data is detected from sensors on the client device, the context data describing a present context of the user. A deviation of the present context from a historical context is determined to be beyond a threshold. Determining that the deviation is beyond the threshold can be determined to correspond to a safety event potentially jeopardizing safety of the user. In some aspects, an action can be launched in response to determining the safety event.

Abstract: Computing device and a method for loading module codes, the module codes required for executing an action, the method comprising: receiving, by the computing device, a request for executing the action, the action being executable using a first module code; acquiring, from the first predetermined index a first module code reference indicating a first module code location and the indication that executing the first module code requires a second module code; acquiring, from a second predetermined index, a second module code reference, the second module code reference indicating a second module code location; based on the first module code reference, acquiring the first module code from the first module code location; based on the second module code reference, acquiring the second module code from the second module code location; executing the action by running the first module code and the second module code.

Abstract: By implementing a mutable certificates approach, a server to which a digital certificate has been issued may update one or more certificate fields without the need for a new certificate or other intervention from the issuing certificate authority. A certificate authority uses extensions to identify fields that a server may update, and to identify a set or range of allowable values for those fields. A server may use the extensions to identify one or more fields to be updated, and the values to which those fields should be updated. The server may sign those field values with its private key. A client, upon receiving a digital certificate from a server with fields for updating, validates the field values using the server's public key, and then proceeds to update the certificate field values.

Abstract: A method including: parsing a first portion of data into at least one first data word having a default first word length; outputting, in a default word length mode, the at least one first data word; outputting a transition word indicative of transitioning to a variable word length mode; outputting, after the transition word, a first word length word indicative of a second word length; parsing a second portion of the data into at least one second data word having the second word length; and outputting, after the first word length word, the at least one second data word having the second word length.

Abstract: A method and a computing system for allowing just-in-time (“JIT”) access to a machine is provided. A system receives a request to allow JIT access to the machine. The system directs a port of the machine to be opened for a JIT access period. The system also directs the machine to alter security relating to applications allowed to execute on the machine for the JIT access period. During the JIT access period, the machine can be accessed via the port with the altered security relating to applications. After the JIT access period, the system directs the port to be closed and directs the security to return to the unaltered security.

Abstract: Systems and methods for timestamp-based matching of identifiers are provided. Information may be stored in memory regarding a plurality of identifiers each unique to an associated website or to an associated browser. Stored information may further include one or more maps each associating a device identifier with at least one immutable browser identifier or mutable browser identifier. The device identifier may be unique to an associated computing device. Information may be received from a computing device that has used a browser to download a website, where the downloaded website includes a reference to a browser identifier specific to the downloaded website. The received information may be determined to include a timestamp and an internet protocol (IP) address. The timestamp and IP in the received information may further be determined to correspond to a computing device associated with one of the stored maps, where the corresponding computing device is identified by a corresponding device identifier.

Abstract: An electronic device that implements each module of a plurality of modules to jointly perform a secure multiparty cryptographic process to generate authorisation data based on input data, the authorisation data being suitable for use in authorising the electronic device, wherein each module uses secure data that is not shared outside that module to generate intermediate data for use in the secure multiparty cryptographic process to generate authentication data.

Abstract: An in-vehicle infotainment system interoperability testing device for testing the interoperability between an in-vehicle infotainment system and an auxiliary device includes an in-vehicle infotainment system interface arranged to communicatively connect the in-vehicle infotainment system with the testing device. An auxiliary device interface is arranged to communicatively connect the auxiliary device with the testing device. A control is arranged to generate auxiliary device control signals based on at least one test instruction. The control signals are arranged to be transmitted to the auxiliary device, thus causing the desired interaction between the in-vehicle infotainment system and the auxiliary device. An in-vehicle infotainment system behavior logging is arranged to generate a log of behavior in response to the control signals by receiving at least one response signal from the in-vehicle infotainment system, thereby outputting results of at least one interoperability test.

Abstract: After an initial user sign-on with an identity provider, and in response to an intention of the user to use a third-party application executing on a client device of the user and requiring user sign-on, the identity provider provides a client script to the third-party application. The client script facilitates user and application authentication and invokes a trusted broker application that interacts with the identity provider to enable the user to use the third-party application. The use of the trusted broker application provided by the identity provider frees the authors of third-party applications from the need to modify their applications to explicitly sign in with the identify provider. For enhanced security, conformance to an organizational security policy is verified at time of sign-on, and an authenticatable link is used to invoke the third-party application to foil attempts by malicious software to substitute another application.

Abstract: Private information is frequently made public or semi-public, often without foresight as to the consequences of such a divulgence. Additionally, intentionally divulged information that is intended to be maintained as private is routinely sold to advertisers and information brokers. Example embodiments of the present invention relate to a method, an apparatus and a computer-program product for encrypting privacy-related information in a data stream. The method includes receiving a data stream transmitted from a source. A contextual analysis is then performed on the content of privacy-related portions of the data stream. The privacy-related portions of the data stream are then encrypted according to the contextual analysis before being forwarded to the intended destination.

Abstract: Techniques and apparatus for providing peer-based management of user accounts are described. In one embodiment, for example, an apparatus may include at least one memory and logic coupled to the at least one memory. The logic may be configured to receive a request from at least one first user account to unlock a second user account locked responsive to a fraud event, determine a safe authentication value for the fraud event, and unlock the second user account responsive to the at least one first user account being a safe authentication account and the safe authentication value being over a safe authentication threshold value. Other embodiments are described.

Abstract: There provided a method, including executing on a processor the steps of: monitoring DNS related network traffic including domain name-to-IP key value pairs, monitoring at least such non-DNS related network traffic that is targeting routable IP addresses, determining whether the monitored non-DNS related network traffic is related to a domain name, in the event that the monitored non-DNS related network traffic is determined to be related to a domain name, searching the monitored DNS related network traffic for a matching domain name, in the event that the matching domain name is found in the search, determining whether IP addresses related to the matching domain names also match, and in the event that the IP addresses related to the matching domain names do not match, determining that an internal name-to-IP resolution from a local configuration file is used for the domain name and triggering an alert.

Abstract: Example implementations relate to network namespaces. The multiple network namespaces host a set of virtual machines, with each network namespace being defined, at least in part, by a set of rules by which the individual virtual machines are to access the set of network resources. An agent is initiated to operate autonomously to detect at least one of network namespace corruption or network namespace failure for each of the multiple network namespaces.

Abstract: Systems and apparatuses for a secure mobile cloud framework (referred to as MobiCloud) for mobile computing and communication are disclosed. Embodiments of MobiCloud transfer each mobile node from a traditional strictly layer-structured communication node into a service node (SN). Each SN may be used as a service provider or a service broker according its capability. Each SN may be incorporated as a virtualized component of the MobiCloud. In some embodiments, MobiCloud mirrors an SN to one or multiple virtual images in the Cloud for addressing communication and computation deficiencies of mobile devices. Virtual images can create a visualized MANET routing and communication layer that can maximally assist the mobile nodes to enable pervasive computing services for each mobile device owner. A secure data processing framework is disclosed for the MobiCloud.

Abstract: In a system and methods for secure ledger assurance tokenization, a request circuit is structured to access a first block of a first blockchain. The first block includes a first block identifier of the first blockchain and first block content. The request circuit is structured to audit the first block content so as to generate a first audit result. A secure ledger assurance token (SLAT) generation circuit is structured to generate a first SLAT, the first SLAT comprising the first block identifier of the first blockchain and the first audit result. The cryptographic circuit is structured to cryptographically protect the first SLAT. The SLAT generation circuit stores the cryptographically protected first SLAT in a journal, where the cryptographically protected first SLAT is accessible by an authorized stakeholder to provide integrity and origin authenticity of the first audit result.

Abstract: In one embodiment, a binary translator to perform binary translation of code is to: perform a first binary analysis of a first code block to determine whether a second control transfer instruction is included in the first code block, where the first code block includes a return target of a first control transfer instruction; perform a second binary analysis of a second code block to determine whether the second code block includes the first control transfer instruction, where the second code block includes a call target of the second control transfer instruction; and store an address pair associated with the first control transfer instruction in a whitelist if the second control transfer instruction is included in the first code block and the first control transfer instruction is included in the second code block. Other embodiments are described and claimed.