Abstract: Virtually every online account requires login credentials like username and password for access. Using different credentials for each account can reduce the likelihood of unauthorized access to these accounts. Remembering all the different credentials, however, can be a challenge and it is not uncommon for a user to mistakenly provide credentials to a site that are for another, sensitive site. Accordingly, a system for warning a user of such an error is provided. The system includes a browser plugin that responds to a user entering their credentials at a requesting site by looking up an identifier of a trusted site associated with the user's credentials. The identifiers of the requesting and trusted sites are compared, and if they do not match, the browser plugin blocks the user from submitting their credentials to the requesting site. Advantageously, the system reduces the likelihood that credentials to sensitive accounts are provided by accident.

Abstract: The present disclosure discloses a method and device for identity authentication. One example method includes retrieving stored fingerprint information for a user including a plurality of recorded fingerprints for the user, each recorded fingerprint associated with a different finger of the user; selecting a subset of the recorded fingerprints to be used to authenticate the user; prompting the user to provide fingerprint information corresponding to each finger associated with a recorded fingerprint in the selected subset; in response to prompting the user, receiving user-provided fingerprint information from the user; matching the user-provided fingerprint information against the selected subset of the recorded fingerprints; and determining that an identity authentication of the user succeeds when the user-provided fingerprint information matches the selected subset of the recorded fingerprints.

Abstract: Technologies are shown for function level permissions control for smart contract execution to implement permissions policy on a blockchain. Permissions control rules control function calls at a system level utilizing function boundary detection instrumentation in a kernel that executes smart contracts. The detection instrumentation generates a call stack that represents a chain of function calls in the kernel for a smart contract. The permissions control rules are applied to the call stack to implement permissions control policy. Permissions control rules can use dynamic state data in the function call chain. If the dynamic state data observed in function call chains does not meet the requirements defined in the permissions control rules, then the function call can be blocked from executing or completing execution. The permissions control rules can be generated for a variety of different entities, such as a domain, user or resource.

Abstract: A system for protecting a computer system interfacing with peripheral elements via a generic port associated with an open standard interface, the system comprising at least one protection device configured for installation between the computer system and its peripheral element/s and including a pair of computer-peripheral interfaces and a uni-directional data flow limiter (e.g. Uni-directional buffer) intermediate the computer-peripheral interfaces.

Abstract: A network device may detect, from an application associated with a user space of the network device, a request to configure a firewall provided by a kernel of the network device with a rule. The network device may intercept the request to configure the firewall before the firewall is configured with the rule. The network device, based on intercepting the request to configure the firewall, may analyze the rule to determine whether the rule modifies a critical functionality of the firewall. The network device may reject the request to configure the firewall based on determining that the rule modifies the critical functionality of the firewall.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for providing certifications.

Abstract: Techniques are provided for evaluating the security of data access statements. Specifically, in one embodiment of the claimed subject matter there is provided a technique for evaluating the security of data access statements, comprising: evaluating the criticality of multiple SQL statements contained in multiple sessions accessing a database; generating a critical item set from the multiple sessions, each element in the critical item set indicating one or more SQL statements contained in a session; extracting at least one association rule from the critical item set, each of the at least association rule indicating a sequence of SQL statements contained in a session; and calculating the criticality of each of the at least one association rule.

Abstract: Methods, systems, and apparatuses are described for secure communications. One of a plurality of keys with respective key types may be used to establish a secure communication between computing devices. Verification of an establishment of the secure communication may be sent to a trusted computing device.

Abstract: A system for protecting a computer system interfacing with peripheral elements via a generic port associated with an open standard interface, the system comprising at least one protection device configured for installation between the computer system and its peripheral element/s and including a pair of computer-peripheral interfaces and a uni-directional data flow limiter (e.g. Uni-directional buffer) intermediate the computer-peripheral interfaces.

Abstract: Managing authentication of a child device includes receiving, by a host device, sensor data from a child device, deriving simplified authentication data from the sensor data based on a capability of the child device, storing the simplified authentication data in an authentication profile for the child device, and transmitting the simplified authentication data to the child device, wherein the simplified authentication data is sufficient to allow the child device to authenticate a user without the host device.

Abstract: Implementations of the present disclosure discloses user identity verification method selection method and device. In an implementation, times and corresponding verification methods of successful user identity verifications are recorded, one or more verification methods of successful user identity verifications performed in a predetermined time period based on the recorded times and corresponding verification methods are identified. Whether at least one verification method is included in both the identified one or more verification methods of successful user identity verifications and a list of available verification methods are determined. One or more available verification methods different from the identified one or more verification methods are used for user identity verification if no verification method is included in both the identified one or more verification methods of successful user identity verifications and the list of available verification methods.

Abstract: An authentication management system receives a resource request directed to a software service, which may require password-based authentication. The system redirects the resource request to an authentication identity provider (IdP), and receives an authentication token generated by the authentication IdP. The redirecting of the resource request comprises transmission of an authentication request, which includes user identity information that can be authenticated by the IdP but does not include a password for the software service. In response to receiving the authentication token, the system causes a shadow account to be created with the software service. For password-based authentication, this may include setting a temporary, random password for the shadow account. The system is then able to generate authenticated connection information (e.g.

Abstract: There is disclosed in one example a computing apparatus, including: a processor; and logic encoded into one or more computer-readable mediums, the logic to instruct the processor to: capture first data from an intermediate data source across a first temporal interval; perform partial signal processing on the first data to classify the first temporal interval as either suspicious or not suspicious, wherein the first temporal interval is classified as suspicious if it is determined to potentially represent at least a portion of a cryptomining operation; classify second through N temporal intervals as either suspicious or not suspicious; based on the first through N temporal intervals, classify the apparatus as either operating a cryptomining function or not; and upon classifying the apparatus as operating a cryptomining function and determining that the cryptomining function is not authorized, take remedial action on the apparatus.

Abstract: A hybrid method and system for data encryption significantly reduces the computational cost of encryption and reduces the cost of the processors needed to perform encryption and decryption.

Abstract: The present disclosure discloses a method and device for identity authentication. One example method includes retrieving stored fingerprint information for a user including a plurality of recorded fingerprints for the user, each recorded fingerprint associated with a different finger of the user; selecting a subset of the recorded fingerprints to be used to authenticate the user; prompting the user to provide fingerprint information corresponding to each finger associated with a recorded fingerprint in the selected subset; in response to prompting the user, receiving user-provided fingerprint information from the user; matching the user-provided fingerprint information against the selected subset of the recorded fingerprints; and determining that an identity authentication of the user succeeds when the user-provided fingerprint information matches the selected subset of the recorded fingerprints.

Abstract: A method and an apparatus for allocating device identifiers is provided. The method includes receiving a first request, the first request comprising terminal device information and a user authentication password; the user authentication password being generated according to a second request sent before the first request; and generating a first device identifier corresponding to the terminal device using the user authentication password. The method and the apparatus can prevent the device identity from being falsified and improve security.

Abstract: A blockchain of transactions may be referenced for various purposes and may be later accessed by interested parties for ledger verification and information retrieval. One example method of operation may include identifying a number of data parameters to extract from a blockchain based on a request for analytic data, creating one or more queries based on the data parameters, executing the one or more queries and retrieving the data parameters from the blockchain, identifying one or more permissions of a user account associated with the request for analytic data, and populating an interface with analytic figures based on the data parameters retrieved from the blockchain.

Abstract: Included are embodiments for tokenizing sensitive data. Some embodiments of systems and/or methods are configured to receive sensitive data from a vendor, determine a token key for the vendor, and utilize a proprietary algorithm, based on the token key to generate a vendor-specific token that is associated with the sensitive data. Some embodiments include creating a token identifier that comprises data related to the token key sending the vendor-specific token and the token identifier to the vendor.

Abstract: A computing system may include a server configured to provide access to shared application sessions, a first group of client computing devices configured to remotely access shared application sessions from the server through a secure interface using a client security credential, and a second group of client computing devices configured to remotely access shared application sessions from the server through a secure interface anonymously without a client security credential. The server may further provide access to the shared application sessions for the first group of client computing devices based upon a first access policy, and provide access to the shared application sessions for the second group of client computing devices based upon a second access policy different than the first access policy.

Abstract: Methods, systems, and non-transitory computer-readable media for securely broadcasting shared folders from one client device to other client devices and synchronizing the shared folders over a local area network. A first client device, associated with a content management system, generates a secure identifier for a shared folder, using a shared secret key that is associated with the shared folder. The first client device announces the secure identifier over a local area network to other client devices on the local area network including a second client device. The first client device receives a synchronization request for the shared folder from the second client device. After authenticating, using the shared secret key, that the second client device has authorization to access the shared folder, the first client device synchronizes the shared folder with the second client device over the local area network.