Abstract: Various features described herein may allow an authorized user to provide a guest with access to a secured location through use of an encoded image containing steganographically encoded access information. The encoded access information may be recognizable by a security system, and the security system may grant access to the secured location when the encoded image is presented to the security system. The authorized user may request the generation of the encoded image on an authorized computing device, and the encoded image may be provided to the guest on a guest computing device. When a monitoring device associated with the security system captures the encoded access information, the security system may, for example, open a door at the secured location.

Abstract: A method for processing a denial of service (DOS) includes: receiving a de-authentication/disassociation (D/D) frame by an access point (AP), determining by the AP a state of security association establishment between the AP and a client device, maintaining a connection between the AP and the client device if the security association is incomplete, sending a probe packet from the AP to the client device if security association is complete and the connection between the AP and the client device is in a non-PMF (protected management frames) setting, maintaining the connection if the client device responds to the probe packet, and terminating the connection if the client device does not respond to the probe packet.

Abstract: In an embodiment, the disclosed technologies include receiving a query that requests aggregate information about entity event data relating to digital content delivered digitally by an entity management system to entities of the entity management system, the query associated with a requester account; determining a first privacy allocation for the requester account; determining a first privacy value, the first privacy value computed based on the query and a selected privacy algorithm; deducting the first privacy value from the first privacy allocation to produce a first privacy balance; causing executing of the query on the entity event data and providing a result set in response to the query only if the first privacy balance indicates that the first privacy allocation has not been depleted.

Abstract: A technique for determining the safety of the content of beacon transmissions. A user device extracts beacon identification information from a beacon transmission. The user device queries the beacon registry to obtain the targeted content. The user device provides the targeted content and beacon identification information to a validation service. The validation service evaluates the targeted content and the beacon identification information for safety. The validation service determines a score based on that evaluation and sends the score to the user device. The user device alerts the user or performs background actions such as suppression of transmission of beacon contextual data to other apps on user device based on the score.

Abstract: Various systems and methods are provided for using dummy characters to provide enhanced security of a user's login credentials. The functionality disclosed herein provides specific steps for the creation, evaluation, storage, and use of such dummy characters in conjunction with a user's login credentials. Dummy characters can be thought of as characters that are not part of a user's actual password, but which are mixed in and around the actual characters when the password is being entered, in order to protect a user's true password from prying eyes and nefarious actors. Dummy characters can be associated with a specific user and/or a specific device or devices associated with a specific user. The functionality provided herein prevents a nefarious actor from simply repeating an entire password string (including the dummy characters) on a device that is not associated with the user whose credentials the nefarious actor is attempting to misappropriate.

Abstract: Aspects of this disclosure relate to authenticating a communication session. In some variations, a secured hardware storage area may be utilized to store at least one key credential. A communication session may be established from an enterprise associated application. To verify the authenticity of the communication session, a customer system and a host enterprise system may exchange a token. The token which may be signed with a key credential to validate a communication session. Additional validation data may be exchanged between operators of the customer system and a host enterprise system.

Abstract: The techniques described herein may be used to provide a user with access to distinct applications (with Lightweight Directory Access Protocol (LDAP) authentication) based on a single set of user credentials from the user. A server may receive user credentials from a user device. The server may authenticate the user of the user device by communicating with an LDAP server. After the user has been authenticated, the server may detect a request from the user device to access a first application with LDAP authentication. The server may create temporary credentials for the user, provide the temporary credentials to the application, receive an authentication request (that includes the temporary credentials) from the application, and authenticate the user based on a local copy of the temporary credentials. If/when the user requests access to a second application, the server may authenticate the user for the second application in a similar manner.

Abstract: A method and system for mitigating a malware attack are disclosed herein. A malware detection module iterates over a virtual memory address space associated with a process executing on a computer system. The malware detection module identifies a region of memory likely to be vulnerable to a malware attack. Responsive to identifying the region of memory, a thread hollowing module determines a specific process thread associated with the identified region of memory. The thread hollowing module renders the specific process thread inoperable.

Abstract: Techniques are provided for identifying and encrypting fields of an application object at an application layer in a multi-tenant cloud architecture, using an object metadata structure of the application object. Accordingly, transparent, per-tenant encryption capabilities are provided, while enabling transfer of encrypted object data between the application layer and a storage layer.

Abstract: A head related transfer function (HRTF), which can be considered as biometric data is used to authenticate a user from whom the HRTF is derived. The HRTF may be used for authentication in combination with other biometric data such as retina scan or fingerprint to render two-factor biometric authentication. The HRTF used for authentication is encrypted for security.

Abstract: Use of a trusted execution environment (TEE) as a safe build environment. A build task is initiated in a TEE of a compute instance. The build task generates a first software component.

Abstract: Disclosed are a quick account login method, a mobile terminal, and an apparatus with a storage function. The method comprises: detecting that a user carries out a first operation on a certain application on a terminal; popping up accounts which can be selected to log into the application; detecting a second operation that the user selects at least two of the accounts which can be selected to log in; and logging into the application using the selected accounts. In this way, the present disclosure simplifies the steps of selecting login accounts by a user, thereby quickly logging into the application using the accounts selected by the user.

Abstract: A method of unlocking a second device using a first device is disclosed. The method can include: the first device pairing with the second device; establishing a trusted relationship with the second device; authenticating the first device using a device key; receiving a secret key from the second device; receiving a user input from an input/output device; and transmitting the received secret key to the second device to unlock the second device in response to receiving the user input, wherein establishing a trusted relationship with the second device comprises using a key generated from a hardware key associated with the first device to authenticate the device key.

Abstract: A method and system for detecting ransomware and repairing data following an attack. The method includes, collecting file statistics for files in a file system, identifying an affected file based on collected file statistics, locking down of access to the file system in response to identifying the affected file, undoing of reconcile processing, repairing the affected files, and unlocking access to the file system. The system includes a computer node, a file system, a plurality of disc storage components, a backup client, a backup client, and a hierarchical storage client. The hierarchical storage client is configured to collect file statistics for files in file system, identify affected files based on collected file statistics for the file, lock down of access to the file system in response to an identified affected file, undo reconcile processing, repair the affected file; and unlock access to the file system.

Abstract: An apparatus for set intersection operation according to an embodiment includes a ciphertext acquisition unit configured to acquire a ciphertext for a first vector corresponding to a first subset of a universal set including a plurality of elements from an encryption apparatus, a transform unit configured to generate a second vector corresponding to a second subset of the universal set, a computation unit configured to generate a ciphertext for a third vector corresponding to an intersection of the first subset and the second subset, based on the ciphertext for the first vector and the second vector, and a ciphertext providing unit configured to provides the ciphertext for the third vector to the encryption apparatus.

Abstract: In accordance with a first aspect of the present disclosure, a method is conceived for enabling a biometric template in an authentication token, the method comprising: capturing, by a biometric sensor comprised in the authentication token, at least one biometric sample; creating, by a processing unit comprised in the authentication token, a biometric template from the at least one biometric sample and storing said biometric template in the authentication token; verifying, at a terminal device, said biometric template; verifying, by the terminal device, an identity of a user; enabling, by the terminal device, said biometric template if the biometric template and the identity of the user have been verified. In addition, a corresponding computer program, authentication token and terminal device are provided.

Abstract: In a system of networked IHSs (Information Handling Systems) supporting the use of roaming biometric profiles, an individual may utilize biometric authentication for gaining access to various IHSs within the system. An IHS configured to support roaming biometric authentication includes biometric sensors that support secure transmission and management of biometric prints collected by such sensors. Such biometric sensors may interoperate with a secure processing component of the IHS in order to prevent transmission and storage of unprotected biometric prints, while still supporting roaming biometric authentication. The biometric sensor utilizes an encryption key for encoding biometric prints where the key is selected based on a group affiliation of the individual, thus protecting biometric prints from other groups that use roaming biometric authentication while sharing the same network of IHSs.

Abstract: Confidential, secret data may be shared via one or more blockchains. Mortgage applications, medical records, financial records, and other electronic documents often contain social security numbers, names, addresses, account information, and other personal data. A secret sharing algorithm is applied to any secret data to generate shares. The shares may then be integrated or written to one or more blockchains for distribution.

Abstract: A service request is received by a terminal device. First biometric authentication information of a user associated with the service request is collected. The first biometric authentication information is compared with preset biometric authentication information. When the comparison shows that the first biometric authentication information and the preset biometric authentication information are consistent, a pre-stored digital signature certificate private key is read. The service request is digitally signed according to the digital signature certificate private key. A biometric information verification message is generated and sent message to a server. The server is configured to read a pre-stored digital signature certificate public key corresponding to the digital signature certificate private key. Authentication result information is receiving from the server after the server verifies and signs the biometric information verification message according to the digital signature certificate public key.

Abstract: Data storage operation commands are digitally signed to enhance data security in a distributed system. A data storage client and a compute-enabled data storage device may share access to a cryptographic key. The data storage client uses the cryptographic key to digitally sign commands transmitted to the data storage device, which can use its copy to verify a digital signature of a command before fulfilling the command. The storage device can also determine whether to perform a transformation, such that requests authenticated to a first identity might receive cleartext while a request authenticated to a second identity might receive ciphertext. The compute-enabled storage device can also receive unauthenticated calls and attempt to retrieve the appropriate key from a key management service or other such source.