Abstract: An information handling system includes a processor, a peripheral component interconnect express (PCIe) endpoint, and a PCIe downstream port. The PCIe downstream port blocks PCIe vendor-defined messages (VDMs) from the PCIe endpoint as a default mode, changes to a second mode in response to the PCIe endpoint being verified, and allows PCIe VDMs from the PCIe endpoint while in the second mode.

Abstract: Biometric authentication, decentralized learning frameworks, and adaptive security protocols and services for a distributed operator terminals network are described. In some embodiments, the terminals may be hardware terminals, kiosks, or clients. In some embodiments, a security analysis may be performed, and security scores may be determined, for visitors requesting operations at terminals. Security scores may be determined by a vendor, in communication with the operator terminals, based on aggregation of a plurality of factors, wherein each factor may be weighted. The factors may incorporate operator settings or preferences. In one embodiment, the factors include one or more facial recognition factors. The one or more facial recognition factors may be used for biometric authentication. The vendor may use the security scores to determine user privileges or permissions for the operations. The vendor may deliver instructions or messages to the terminals based on the determinations.

Abstract: Biometric authentication, decentralized learning frameworks, and adaptive security protocols and services for a distributed operator terminals network are described. In some embodiments, the terminals may be hardware terminals, kiosks, or clients. In some embodiments, a security analysis may be performed, and security scores may be determined, for visitors requesting operations at terminals. Security scores may be determined by a vendor, in communication with the operator terminals, based on aggregation of a plurality of factors, wherein each factor may be weighted. The factors may incorporate operator settings or preferences. In one embodiment, the factors include one or more facial recognition factors. The one or more facial recognition factors may be used for biometric authentication. The vendor may use the security scores to determine user privileges or permissions for the operations. The vendor may deliver instructions or messages to the terminals based on the determinations.

Abstract: Disclosed are an information processing device, information processing method, and a distributed component. The information processing device according to one embodiment comprises one or more processors. The processor is configured to generate a distributed component aimed at a three dimensional printing task. The distributed component is used for controlling, independent of the information processing device, execution of the three dimensional printing task after establishing a connection with a user equipment, and comprises decryption information of three dimensional model data used for the three dimensional printing task. The processor is further configured to control the arrangement of the distributed component to the user equipment.

Abstract: A middlebox includes at least one processor and a memory storing one or more executable instructions that, when executed by the least one processor, cause the at least one processor to receive, from a server, a middlebox key that includes an indication of a lifetime of the middlebox key, receive, from a client device, one or more data packets including encrypted header data and a client device identifier, and determine whether to permit a transmission of the one or more data packets to the server or prevent a transmission of the one or more data packets to the server based on the middlebox key, the encrypted header data, and the client device identifier.

Abstract: Methods, systems, and apparatus, including computer-readable media, for verified boot and key rotation. In some implementations, a device extracts a public key from a secure data storage area of the device. The device extracts a first certificate for an intermediate key and a second certificate for a signing key, the first certificate and the second certificate being extracted from a system image. The device verifies a signature of the first certificate using the public key. After verifying the signature of the first certificate, the device verifies the second certificate using a public key in the first certificate. In response to verifying the second certificate, the device loads the system image during a boot process of the device.

Abstract: An apparatus, intended for use in an authentication event, having a hardware processor, a memory, a receiver/transmitter unit, a stream block generation module adapted to enable the hardware processor to generate and store a plurality of stream blocks including at least a stream block and a first preceding stream block; a stream block streaming module adapted to enable the hardware processor to control the receiver/transmitter unit to output the stream block; and a moving window module adapted to enable the hardware processor to control the receiver/transmitter unit to output, as a stream proof, at least one of a moving window of the plurality of stream blocks in connection with an authentication event.

Abstract: An information processing apparatus includes: an information obtaining unit for obtaining information on intellectual property from a user terminal operable by a user where the information is entered through the user terminal; a determining unit for determining a possibility for obtaining a right related to the intellectual property based on the obtained information; a determination providing unit for providing the determined possibility to the user terminal; an amendment information generating unit for generating amendment information for the obtained information based on the determined possibility; an information storing unit for storing the obtained information in a user area associated with the user; and an information providing unit for providing the stored information in a browsable manner.

Abstract: Systems, methods, and computer-readable storage devices to enable secured data access from a mobile device executing a native mobile application that operates in connection with a server executing a headless browser are disclosed.

Abstract: A server receives an association request initiated by a user of a first account. Based on the association request, an account identifier of a second account is identified. The first account is associated with the second account based on the account identifier. In response to associating the first account with the second account, a partial permission is granted to the first account for accessing the second account.

Abstract: Techniques for generating syntax graphs corresponding to user-defined policy statement are disclosed. In one or more embodiments, a policy management service receives a user-defined policy statement that includes a requestor variable value, an action variable value, a resource variable value, and a location variable value. The user-defined policy statement describes an authorization policy. The policy authorization service converts the user-defined policy statement to a canonical policy statement, which involves: mapping the requestor variable value to a unique system-wide requestor identifier, and mapping the location variable value to a unique system-wide location identifier. The policy management service generates a syntax graph of the canonical policy statement. The syntax graph is traversable to determine whether the authorization policy is satisfied for a particular authorization request. The policy management service stores the syntax graph for use by an authorization service.

Abstract: A method manages software images in a blockchain-based environment of trusted devices. A trusted device creates a software image for sharing among members of a set of trusted devices that includes the trusted device. A blockchain mechanism stores the software image on a virtual machine that is in communication with the set of trusted devices, where the blockchain mechanism uses the set of trusted devices as peer members of the blockchain mechanism. A trusted device from the set of trusted devices receives, via the virtual machine, an access request for the software image from a requesting device from the set of trusted devices. The blockchain mechanism authorizes the access request by providing the software image to the requesting device.

Abstract: A dynamic denial of service (DDoS) mitigation system comprising a BGP address family exchange connected to at least one DDoS mitigation route reflector, and at least one DDoS mitigation route reflector being an address family identifier specific route reflector, where each DDoS mitigation route reflector advertises BGP content in a first address family to the BGP family exchange. The BGP address family exchange translates the BGP content from the first address family to a destination address family and announces the translated content to a destination route reflector, and wherein the destination address family includes a flow specification diversion route.

Abstract: Systems for dynamic authentication are provided. In some examples, a system may receive a request to process an event. In some examples, the request to process the event may include additional details associated with the event. The system may initiate dynamic authentication functions and may retrieve data from a plurality of sources. In some examples, the data from the plurality of sources may be analyzed using machine learning to dynamically generate authentication data, such as one or more authentication questions. The system may also generate one or more corresponding responses or answers to the one or more authentication questions. In some examples, the one or more authentication questions may be transmitted to a user device or other device and may be displayed to the user. The user may provide authentication response data that may be analyzed by the system to determine whether it matches the generated response or answer. If so, the user may be authenticated and/or the event may be processed.

Abstract: An account login method and apparatus and a storage medium are provided. The method includes receiving, from a first terminal, a login request including an identifier of a target network to which the first terminal is connected. One or more instant messaging accounts logged into by using the target network are obtained, and a target instant messaging account is selected from the one or more instant messaging accounts. A login authorization request is pushed to a second terminal on the target network, the second terminal corresponding to the target instant messaging account that is selected. In response to receiving a login authorization instruction from the second terminal, login information including the target instant messaging account is transmitted to the first terminal.

Abstract: Biometric authentication, decentralized learning frameworks, and adaptive security protocols and services for a distributed operator terminals network are described. In some embodiments, the terminals may be hardware terminals, kiosks, or clients. In some embodiments, a security analysis may be performed, and security scores may be determined, for visitors requesting operations at terminals. Security scores may be determined by a vendor, in communication with the operator terminals, based on aggregation of a plurality of factors, wherein each factor may be weighted. The factors may incorporate operator settings or preferences. In one embodiment, the factors include one or more facial recognition factors. The one or more facial recognition factors may be used for biometric authentication. The vendor may use the security scores to determine user privileges or permissions for the operations. The vendor may deliver instructions or messages to the terminals based on the determinations.

Abstract: The invention provides a method for mapping at least two authentication devices to a user account using an authentication server, where each authentication device connects to the authentication server using a secured communication channel; their mapping to the user account is recorded on the authentication server, and, when a transfer of data between the authentication devices mapped to the user account occurs, the data is passed over from the first authentication device to the authentication server using a secured communication channel and from the authentication server to another authentication device mapped to the account of said user using a secured communication channel, where the aforesaid secured communication channel is created by the second authentication device. This procedure allows the use of a single personal local authentication factor for multiple authentication devices and increases the security of authentication of devices with authentication servers.

Abstract: Methods, systems, and computer readable media for implementing bandwidth limitations on specific application traffic at a proxy element are disclosed. One exemplary method includes receiving, at a proxy element, a packet flow from at least one source client, identifying encrypted packets associated with a specific application traffic type from among the packet flow, and directing the identified encrypted packets to a bandwidth limiter in the proxy element. The method further includes applying a bandwidth limitation operation to the identified encrypted packets and decrypting the identified encrypted packets if an accumulated amount of payload bytes of the identified encrypted packets complies with the parameters of the bandwidth limitation operation.

Abstract: This disclosure provides techniques for recovering a root key from measurement of a circuit function. In some embodiments, a checkpointing feature is used to periodically mark measurements of this function and thereby track drift in the value of the root key over the life of a digital device; the checkpointing feature permits rollback of any measurement of the function in a manner that negates incremental drift and permits recovery of the root key for the life of a device (e.g., an IC circuit or product in which the IC is embedded). This disclosure also provides novel PUF designs and applications.

Abstract: The invention relates to a computer-implemented system and method for service-to-service authentication. The method may comprise deploying the SSA service, deploying a micro service, and providing an SSA client that serves as an interface between the micro service and the SSA service. The micro service can send a request to the SSA service for an authentication token. The SSA service then generates the authentication token for the micro service, which is signed by the SSA service using an SSA service private key. The authentication token can be encrypted so that it is secure when sent by the SSA service to the micro service. The authentication token carries information necessary for the micro service to access a second micro service directly through validation of the authentication token by the second micro service based in part on a private key of the micro service previously generated by the SSA service.