Abstract: An embodiment discloses a method for controlling a vehicle virtualization structure-based device including the steps of receiving a request for use of a device from at least one container among a plurality of containers; and determining the use of the device according to a type of the device and a type of the container that transmits the request for use.

Abstract: In accordance with one or more embodiments, authorization and/or authentication protects against unauthorized use of devices and/or features. Devices managing authorization and/or authentication may be connected to communications services, such as the internet or a social network. A user using the communication services may configure a system to authenticate and/or authorize a future action. An authorizer may authorize and/or authenticate by responding via one or more devices and/or social networks to allow an individual to perform an action on a device, as a way of controlling what actions can be taken and who they can be taken by.

Abstract: A method and associated circuits protect data stored in a secure data circuit of a telecommunication device equipped with a near-field communication (NFC) router, a microcontroller, and the secure data circuit. In the method, each message received with the NFC router is parsed to retrieve a communication pipe identifier and an instruction code. The communication pipe identifier and the instruction code are compared to corresponding information in a filter table. Instruction codes of particular messages that attempt to modify a communication pipe by reassigning one end of the communication pipe from the port of the NFC router to a different circuit are acted upon. These messages are blocked from reaching the secure data circuit when the instruction code is not authorized in the filter table, and these messages are permitted when the instruction code is authorized in the filter table.

Abstract: Embodiments of the present invention disclose an AI processing method and an AI processing apparatus. The method is applied to the AI processing apparatus. An AI processor has at least two working modes, and security of the at least two working modes is different. The method includes: processing, by the AI processor, an AI processing request in a target mode. The target mode is one of the at least two working modes, and the target mode is a working mode determined based on the AI processing request. The AI processor has at least two working modes with different security, and may switch between different working modes.

Abstract: The disclosed embodiments relate to systems and methods for secure and efficient resource access using distributed directory caching techniques. Techniques include obtaining, from a directory service, client directory data associated with a client; providing the client directory data to a computing device associated with the client for caching on the computing device; identifying a request from the client; receiving, from the computing device, the client directory data that was cached on the computing device; and evaluating the request based on the received client directory data.

Abstract: Systems and techniques for real-time feature level software security are described herein. A request may be received from a computing device for data from the feature of the software application. The request for data may include authorization information of a user of the computing device. It may be identified that the feature of the software application contains code containing a reference to a security configuration service. A security configuration may be determined for the feature of the software application by comparing a resource identifier and a feature identifier of the feature of the software application to a set of security configurations of the security configuration service. The security configuration may provide access rules for the feature of the software application. A response may be sent to the computing device based on a comparison of the received authorization information of the user of the computing device to the determined security configuration.

Abstract: Systems and techniques for real-time feature level software security are described herein. A request may be received from a computing device for data from the feature of the software application. The request for data may include authorization information of a user of the computing device. It may be identified that the feature of the software application contains code containing a reference to a security configuration service. A security configuration may be determined for the feature of the software application by comparing a resource identifier and a feature identifier of the feature of the software application to a set of security configurations of the security configuration service. The security configuration may provide access rules for the feature of the software application. A response may be sent to the computing device based on a comparison of the received authorization information of the user of the computing device to the determined security configuration.

Abstract: The various implementations described herein include methods and devices for creating and using trust binaries and blockchains. In one aspect, a method includes accessing a trust store for the computing device, including obtaining a blockchain for the trust store. A first change to the trust store is identified. In response to identifying the first change, a first block is generated and inserted into the blockchain, where the first block includes a first encrypted digest for the first change and a first block digest. A second change to the trust store is identified. In response to identifying the second change, a second block is generated and inserted into the blockchain, where the second block includes a second encrypted digest for the second change, a second block digest, and the first block digest.

Abstract: A communication apparatus includes at least one memory that stores a set of instructions, and at least one processor that executes the instructions, the instructions, when executed, causing the communication apparatus to perform operations including verifying, by communicating with an external device, whether the external device is an external device that passed a predetermined certification, and displaying a screen for selecting an authenticator, wherein on the screen, a display item for an external authenticator verified as the external device that passed the predetermined certification and a display item for an external authenticator that failed to be verified as the external device that passed the predetermined certification are displayed in a distinguishable manner based on a result of the verification.

Abstract: Various embodiments for a system to utilize user's location pattern as an authentication parameter are disclosed. An embodiment operates by retrieving a location history of a user based on past locations of a user equipment (UE) device at various times and traffic data associated with the location history. A request to access a protected application is received and a present location of the UE device at a time associated with the request is determined. A locational pattern is generated based on both the location history of the user and the traffic data. The present location of the UE device is compared with the locational pattern, and it is determined that a level of authentication necessary to grant access to the protected application is satisfied based on both the comparing and a determination that the present location falls within the locational range generated based on the traffic data.

Abstract: A system includes a storage device to store a plurality of media segment files captured at a first location, and a management server storing first metadata sets respectively associated with at least one characteristic of the plurality of media segment files. The management server may be configured to: receive a message from a user terminal requesting a media segment file based upon the at least one characteristic; transmit a second metadata set corresponding to the at least one characteristic to the user terminal in response to the request message; and transmit, in response to a request for media segment files associated with the second metadata set, the requested media segment files to the user terminal.

Abstract: One embodiment provides a method, including: receiving, in an application on an information handling device, a password reset request from a user; accessing, subsequent to the receiving, a data store comprising a list of answers that are responsive to a list of security questions; constructing, using the data store, a temporary password, wherein the temporary password consists of at least one answer selected from the list of answers; and providing, to the user, a prompt containing an indication of the temporary password, wherein the prompt comprises at least one security question, from the list of security questions, that corresponds to the at least one answer. Other aspects are described and claimed.

Abstract: Methods and systems for establishing a chain of relationships are disclosed. An identity verification platform receives a first request for registration comprising an identification of a first user, identification of an entity, and a relationship between the first user and the entity; verifies the identity of the first user and the relationship between the first user and the entity; and verifies that the entity is legitimate. Once a relationship between a first individual, invited by the first user, and the entity is confirmed, the platform creates a custom badge representing the relationship between the first individual and the entity for display on the entity's website. The platform receives an identification of a selection by an end user of the custom badge and, responsive to receiving the identification of the selection, renders, on a domain controlled by the identity verification platform, a verification that the relationship between the first individual and the entity is valid.

Abstract: A method of activating a head-worn device is disclosed. The method includes activating the head-worn device and performing a partial bootup. When an instruction to perform a function is received, it is determined whether or not the instruction is permitted for partial bootup execution. The instruction is executed based on the instruction being permitted for partial bootup execution, and a bootup of the head-work device is completed based on the instruction not being permitted for partial bootup execution. The method may further comprise determining if the instruction requires user authentication in order to be executed, and based on the instruction being partial bootup compatible and not requiring user authentication, executing the instruction.

Abstract: An information processing method to be performed by an information processing apparatus according to an embodiment may include: causing an authentication processor to perform a login authentication based on an operation performed on an operation section; and causing an exclusive control executor that gives a usage right to use a function to the operation section after the operation section is authenticated by the login authentication and releases the usage right given to the operation section in a case where no response is received from the operation section for a predetermined time after the usage right is given to determine, based on a detection result by a status detector that detects a status of the information processing apparatus, whether or not to release the usage right given to the operation section after the predetermined time passes.

Abstract: An all-in-one computer includes a display, a Universal Serial Bus (USB) Type-C port, a plurality of USB Type-A ports, a USB hub, a demultiplexer, and a Power Delivery (PD) controller. The USB hub is coupled to the plurality of USB Type-A ports. The demultiplexer is coupled between the display, the USB Type-C port, and the USB hub. The PD controller is to control the demultiplexer and the USB hub to pass a display signal input to the USB Type-C port to the display and pass signals input to the USB hub from the plurality of USB Type-A ports to the USB Type-C port with a computing device coupled to the USB Type-C port.

Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.

Abstract: Using container-centric managed access, an administrator is enabled to define a set of future grants for each object that will be created in the future in a container managed by the administrator. When a user creates a database object, the system checks the future grants to determine if any apply to the user, the database object, or the combination. Any applicable future grants are applied to the database object before the user is allowed to modify it. As a result, the administrator is enabled to control the privileges associated with the database object even before the database object is created, while restricting individual object owners from managing privileges on their owned objects.

Abstract: There are provided systems and methods for a proxy and navigation code injection to prevent malicious messaging attacks. One or more proxy servers may reside in a perimeter network and be used to remove malicious links from messages transmitted to devices protected by the proxy server(s). The proxy server(s) may detect links to external (e.g., Internet-based) resources, such as websites and databases, and may extract data from the external resources. The proxy server(s) may generate static data that prevents processes on the external resources from being executed by devices protects by the proxy server(s). The proxy server(s) may further generate a link to the static data by adding a proxy server network address to the original link. Once the link is generated, it may be used to replace the original link to the external resource to prevent navigation to malicious data.

Abstract: Briefly, example methods, apparatuses, and/or articles of manufacture are disclosed that may be implemented, in whole or in part, using one or more processing devices to facilitate and/or support cryptographically associating a particular computing device with a new system owner based at least in part on a new system owner public key of a new system owner public/private key pair and a current system owner private key of a current system owner public/private key pair.

Abstract: A computing device is provided that includes a processor having a plurality of pins that are electrically coupled to a plurality of pins of a connector, and a memory device storing a state table that maps the plurality of pins of the connector to a plurality of connection types. The processor is configured to perform an authentication process for at least one connection type to determine whether an authenticated device configured for the at least one connection type is coupled to the connector. The authentication process is performed at least in part by sending an authentication signal to one or more of the plurality of pins of the connector mapped to the at least one connection type, and receiving an expected authentication signal response on one or more of the plurality of pins of the connector mapped to the at least one connection type.

Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.

Abstract: Aspects of the disclosure relate to malware detection at endpoint devices. A computing platform may send rule information to a browser extension including a set of rules defining reportable behavior of network traffic associated with a website. Subsequently, the computing platform may receive report information including an identification of a loaded web page associated with the website that exhibits the reportable behavior defined by at least one rule of the set of rules and an indication of which rules of the set of rules have been met. Based on receiving the report information, the computing platform may assign a risk score for the identified loaded web page. Thereafter, the computing platform may determine that the risk score is above a predetermined threshold, and in response, the computing platform may send commands to the browser extension directing the browser extension to close the identified loaded web page.

Abstract: An application accessing method can be applied to a terminal, and include: monitoring whether an application invokes privacy content; and authorizing the application with permission to access the privacy content, in response to monitoring that the application invokes the privacy content, and returning other information different from the privacy content. Therefore, the user can realize the purpose of protecting the security of the user's privacy information under the premise of normal use of the application.

Abstract: An electronic apparatus according an embodiment includes a first memory, a second memory, a gate device, and one or more hardware processors. The first memory stores information. The second memory stores state information indicating whether or not update on the information of the first memory is allowed. The gate device is provided on a bus and controls whether or not to permit access to the second memory based on a control instruction. In a predetermined mode, the one or more hardware processors output, to the gate device, a control instruction to permit access to the second memory, set the state information of the second memory to indicate an updatable state, and update the information of the first memory.

Abstract: A computer device, including at least a processor and a memory, can be configured to control process components on a computer device. An agent can intercept a request to instantiate a new process component in a user account of a logged-in user. The request can originate on the computing device from an instance of a particular process component amongst a set of process components. The user account can be assigned default user privileges by a privilege access management service. The agent can determine whether to permit the intercepted request. The agent can permit the intercepted request if the relationship is validated and if a trusted owner is identified amongst the set of identified owners.

Abstract: Methods, systems, and devices for authenticating software images are described. Software images may include different portions (e.g., different versions, different users) that may be authenticated using hashes associated with an underlying data structure of the portion of the software image. In some examples, hashes (e.g., first hashes) associated with the software image may be generated and stored using a tree structure, such that a previous hash may be used when calculating a hash associated with a new portion of the software image. To authenticate a portion of the software image, a command may be issued, and a second hash may be calculated using the current data structure of the software image. The second hash may be compared to the associated first hash, and the software image may be authenticated based on the hashes matching.

Abstract: An apparatus for releasing received command data includes a processor unit with a code generator, a cryptography module, and a comparison module. The code generator generates a transaction code. The apparatus has a transmitting unit which provides the transaction code via an unsecured data connection, a receiving unit which receives an external authentication code and command data via the unsecured data connection, and a memory unit which stores data of a predefined private key. Also disclosed is a transmission apparatus for command data. The transmission apparatus has a basic receiving unit which receives the transaction code, an input unit which receives the command data, a basic memory unit which stores the data of the predefined private key, a basic processor unit which has a basic cryptography module, and a basic transmitting unit which provides the external authentication code and the command data via the unsecured data connection.

Abstract: Concepts for defining and processing an expression of an enterprise workspace application are presents. Such concepts may associate an expression of an enterprise workspace application with a modified version of the expression and a state flag which is configured to define whether processing of at least part of the expression is to be based on (i.e. employ) the modified version of the expression. In this way, there may be provided concepts for protecting against malicious users setting triggers or overriding function definitions that cause other users to perform unexpected activities.

Abstract: A method includes receiving a request from an operator pattern service to perform an operation on a computing environment and determining whether the operator pattern service has permission to perform the operation on the computing environment. The method further includes in response to determining that the operator pattern service has permission to perform the operation, providing the request to the computing environment for the operation to be performed on the computing environment.

Abstract: Systems and methods for authenticating users in three-dimensional environments are described. In some embodiments, a virtual object and three-dimensional environment are transmitted. Virtual motion data of the virtual object is received. The received virtual motion data is compared against a pattern. Based on the comparison of the patterns, a device is authorized to access a resource. In some embodiments, a pattern may be extracted from the received virtual motion data.

Abstract: Provided is a storage device which communicates with a host device and configured to set a secure mode of a plurality of commands different in kind. An operating method of the storage device includes receiving a secure request indicating a protection of a first command and a protection of a second command of the plurality of commands, from the host device; setting a secure mode of the first and second commands, based on the secure request; receiving a first request indicating a request to execute the first command, from the host device; outputting a first response indicating failure of the first command to the host device, based on the first request; receiving a second request indicating a request to execute the second command, from the host device; and outputting a second response indicating failure of the second command to the host device, based on the second request.

Abstract: System and methods are disclosed that enable data sharing across networks, including peer-to-peer sharing of content over wireless networks using peer mobile devices. A database may store content associated with a first peer mobile device. A request from a requester peer mobile device for content associated with a user of the first peer mobile device may be received at a server. The encrypted request is transmitted by the server to the first peer mobile device which may decrypt the request. An authorization token may be transmitted by the first peer mobile device to the server which may then enable the requesting peer mobile device to access the requested content, which may be accessed from the first peer mobile device and/or a cloud storage system.

Abstract: A method and apparatus for a certificate authority system providing authentication to a plurality of devices associated with an organization are described. The method may include receiving, at the certificate authority system, a request from a device to sign authentication information of the device, wherein the device is associated with the organization. The method may also include sending a challenge to the device to perform an action with a system other than the certificate authority system, and receiving the response to the challenge from the device. Furthermore, the method may include verifying that the response was generated correctly based on the challenge, and signing the authentication information of the device with one or more keys of the certificate authority system as an authentication of an identity of the device.

Abstract: A method for detecting potential information fabrication attempt on a webpage, the method comprising: providing the webpage to a user device, by processing circuitry, the webpage comprising instructions executable by a webpage accessing software of the user device for detecting the potential information fabrication attempt; wherein execution of the instructions by the webpage accessing software results in: detecting the potential information fabrication attempt upon detecting that a first size of a viewport divided by a second size of a window of the webpage accessing software on a display screen of the user device has been reduced, resulting in a scaled-down viewport on the display screen.

Abstract: Systems and techniques are provided for trust agents. Trust agents may be enabled. A state determination may be received from each of the enabled trust agents. The state determination may indicate either a trusted state or an untrusted state. The received state determinations may be combined to determine a security state. A security measure may be enabled or disabled based on the determined security state.

Abstract: An information processing system includes a first external apparatus, a second external apparatus, an information processing apparatus, and an image forming apparatus. The information processing system further includes an issuance unit configured to issue, in the first external apparatus, an access token for accessing a cloud service, a first registration unit configured to receive the access token and register the access token in the second external apparatus in association with an identifier, a display unit configured to display a reauthorization instruction object on a browser of the information processing apparatus, and a second registration unit configured to, in a case where the reauthorization instruction object is pressed and the access token is issued again, register the reissued access token in the second external apparatus in association with the identifier.

Abstract: An information handling system includes a memory to cache a manifest that has authorized programming interfaces of a client application after the manifest was retrieved from the client application. A native service may receive a connection request from the client application, and verify that a digital signature of the client application is valid and untampered. The native service may also retrieve the manifest from the client application, receive an application programming interface request from the client application, and validate whether the application programming interface request is authorized based on the manifest. If the application programming interface request is authorized, then the application programming interface request is processed.

Abstract: The present disclosure generally relates to digital identification credential user interfaces.

Abstract: Systems and methods for authenticating a peripheral device prior to allowing the peripheral device access to components and data stored on user equipment. In some examples, the user equipment may include an authorization component that is configured to physically decouple a hardware interface from other components of the user equipment until the authorization component is able to authenticate the peripheral device. Both authorized peripheral devices and the user equipment may be provisioned with authorization data and/or credentials from a system outside the control of the individual users of the user equipment.

Abstract: Provided are a memory controller, a method of operating the memory controller, and a storage device including the memory controller. The method includes performing a first operation on a non-volatile memory; storing a first code path corresponding to pieces of codes executed as the first operation is performed in a history buffer; comparing the first code path with a plurality of reference code paths related to the first operation; and identifying whether the first operation is abnormally performed based on a result of the comparison.

Abstract: In a case where a standard authentication system is being connected to an image forming device, a cooperation processing unit of the image forming device uses a set value managed by a set value management unit thereby to cooperate with the standard authentication system. In a case where an extension authentication system is being connected to the image forming device, the cooperation processing unit of the image forming device uses a set value managed by a set value management service, which is an extension service that provides a function other than a standard function of the electronic device, thereby to cooperate with the extension authentication system. A program for the cooperation processing unit and a program for the set value management unit are included in firmware of the image forming device. A set value management program for the set value management service is not included in the firmware.

Abstract: Embodiments of the present disclosure relate to methods, devices, and computer readable medium for restoring a file in a virtual machine disk. The method comprises: receiving, from a client, a user's request regarding restoring a file in a virtual machine disk. The method further comprises: determining, based on the request and from a backup disk of the virtual machine disk, files accessible to the user. In addition, the method further comprises providing the client with information related to the files accessible to the user.

Abstract: Security policies may be utilized to grant or deny permissions related to the access of computing resources. Two or more security policies may be compared to determine whether the policies are equivalent, whether one security is more permissive than another, and more. In some cases, it may be possible to identify whether there exists a security permission that is sufficient to determine two security policies lack equivalency. Propositional logics may be utilized in the evaluation of security policies.

Abstract: A blockchain integrated station receives a startup instruction. The blockchain integrated station sends a signature verification request for a disk image stored in the blockchain integrated station to a cryptographic acceleration card included in the blockchain integrated station. The blockchain integrated station receives a signature verification result from the cryptographic acceleration card, where the signature verification result indicates whether a signature of the disk image passes a verification. In response to determining that the signature verification result indicates that the signature of the disk image passes the verification, the blockchain integrated station executes the disk image.

Abstract: A method of operating a data exchange includes creating a first listing referencing data of a first database of a plurality of databases, wherein the first listing comprises access controls and a data share associated with a first user, the access controls defining portions of the first database that are accessible by a second user, receiving a request from the second user for a bidirectional share between the portions of the first database that are accessible by the second user and portions of a second database controlled by the second user, and receiving an instruction from the first user to perform a database operation referencing data of the bidirectional share between the portions of the first database that are accessible by the second user and the portions of the second database controlled by the second user.

Abstract: A method and an apparatus for authority control, a computer device, and a storage medium, and relates to the field of the Internet technologies. The method includes: acquiring a configuration file according to a business scenario when a container is initialized, wherein the configuration file is managed outside the container; validating the configuration file in the container; receiving a user instruction; and identifying a type of the user instruction when the user instruction is an executable instruction. The method further including acquiring script content of a script file when the type of the user instruction indicates that the user instruction is the script file, wherein the script content includes at least one command statement; and performing a validity check on the at least one command statement based on the configuration file.

Abstract: For zero-touch provisioning of devices at scale using device configuration templates by device type, a secure element, a provisioning wizard, a provisioning client, an enrollment client, an update client, an enrollment service, an update publisher service, signing and encryption certificates, a method including generating device configuration templates for enrollment and update by device type, sending device configuration templates signed with a device owner signing certificate, and a device owner encryption certificate to the device manufacturer, generating a device configuration for a device based on the device configuration templates using a secure element on the device for immutable device identity, an extended configuration for the device, signing the device configuration with a device manufacturer signing certificate and a secure element signing certificate, encrypting the doubly signed device configuration with an owner encryption certificate, configuring bootstrap metadata, and configuring the device

Abstract: In some examples, a method comprises determining, at an electronic device having a first component of a first component type, a unique identifier associated with the first component. In some examples, in accordance with a determination that the unique identifier does not match the expected identifier of the component of the first component type in the electronic device, determining that the first component associated with the unique identifier satisfies one or more eligibility criteria. In some examples, in accordance with the determination that the first component associated with the unique identifier satisfies the one or more eligibility criteria, authenticating an association of the first component with the electronic device, including updating an installation counter associated with the first component, and updating the expected identifier for the component of the first type based on the unique identifier of the first component.

Abstract: A security system for software to be input to a closed internal network includes: a kiosk including a registration module configured to read the stored software of a connected portable storage medium, a vaccine module configured to detect malicious code in the software, and an authentication module configured to set inspection authentication for the portable storage medium whose software has been inspected for malicious code; and a client including a check module configured to check the portable storage medium for inspection authentication and authorize the execution of the stored software.