Abstract: A processor-implemented method of performing authentication includes obtaining a first biometric information of a user according to a first modality; calculating a first score based on the first biometric information; filtering the first score; determining whether the filtered first score satisfies a second condition; and selectively, based on a result of the determining, authenticating the user based on the first score and a first condition corresponding to the first modality. The second condition is different from the first condition.

Abstract: Systems and methods for providing security to an integrated circuit/processor and the processor cores in an endpoint device using a dynamic security architecture environment (DSAE) are disclosed.

Abstract: A method for data decryption comprises receiving, over an AXI bus operating in burst mode, data access requests for data units stored in a memory, subdividing the requests received into requests for encrypted data units and requests for non-encrypted data units, forwarding both requests for encrypted data units and requests for non-encrypted data units towards the memory, retrieving the respective sets of data units over the AXI bus, and applying Advanced Encryption Standard, AES, processing to the requests for encrypted data units by calculating decryption masks for the encrypted data units and applying the decryption masks calculated to the encrypted data units retrieved. Subdividing the requests into requests for encrypted data units and requests for non-encrypted data units is performed depending on data start addresses and security information conveyed by the requests.

Abstract: An example operation may include one or more of initiating a session between one or more users, identifying an active game status associated with the one or more users during the session, creating a link to the active games status, storing the link in a blockchain, creating a message comprising the link to the active game status, and broadcasting the message to a plurality of potential users.

Abstract: In an example, a method includes acquiring, at a processor, object generation source data representing a three-dimensional object to be generated in additive manufacturing. A dataset which is representative of an aspect of the three-dimensional object may be determined from the object generation source data. Digital security may be applied to the object generation source data and the dataset. The digital security applied to the object generation source data may be different from that which is applied to the dataset.

Abstract: Convenient sharing of information among authorized network users may be facilitated by allowing a user to send information originating from multiple applications in aggregate form to another user, e.g., using a secure messaging service. In scenarios where data access is restricted, a server may check the recipient's access privileges prior to forwarding the information to her.

Abstract: Disclosed aspects relate to compliance configuration management for asset migration on a shared pool of configurable computing resources having a set of compute nodes. A migration request to migrate an asset coupled with a first compliance configuration from a source compute node to a target compute node may be detected. The first compliance configuration coupled with the asset on the source compute node may be compared with an expected compliance configuration for the target compute node. Based on and in response to the comparing, a mismatch of the first compliance configuration with respect to the expected compliance configuration may be determined. A set of response actions may be performed with respect to the migration request.

Abstract: A combining apparatus has an acquiring unit that acquires script codes included in a website and having been divided and written at plural locations in the website; and a code combining unit that combines a plurality of the divided script codes written therein, based on a dependency between data in the divided script codes written therein acquired by the acquiring unit, or a dynamic generation relation arising from execution of the divided script codes written therein.

Abstract: A method for associating an application program with a biometric feature, an association apparatus, and a mobile terminal, and relate to the field of communications technologies. The method includes obtaining a biometric feature association request of a first application, receiving a first request from the first application, where the first request is used to request to associate the first application with a biometric feature, obtaining type information of the first application, determining a second application installed on a mobile terminal, where type information of the second application matches the type information of the first application, and the second application is associated with a first biometric feature, and associating the first application with the first biometric feature. Hence, quick biometric feature association is implemented, and biometric feature association efficiency is improved.

Abstract: Techniques for multiple message retrieval for secure electronic communication are described. The techniques, for instance, utilize a server and computing devices employing a private information retrieval scheme to allow a receiving device to locate multiple electronic communications on a server, request delivery of the multiple electronic communications without the server being aware of which electronic communication are requested, and receive the electronic communications without the server being aware of which electronic communications were sent. For example, the server may utilize an efficient electronic communication storage structure for storing and retrieving multiple electronic communications.

Abstract: Security rules management mechanisms are provided. A cognitive computing system of the security rules management system ingests natural language content, from one or more corpora, describing features of security attacks, and ingests security event log data from a monitored computing environment. The cognitive computing system processes the natural language content from the one or more corpora and the security event log data to identify attack characteristics applicable to the security event log data. A security rule query engine evaluates existing security rules present in a security rules database to determine if any existing security rule addresses the attack characteristics. In response to the evaluation indicating that no existing security rule addresses the attack characteristics, a security rule generator automatically generates a new security rule based on the attack characteristics, which is then deployed to the monitored computing environment.

Abstract: Techniques for secure data management in a sensor data environment are provided. For example, a method obtains sensor data, at a gateway, generated by at least one sensor associated with a set of one or more sensors operatively coupled to the gateway. The method generates at least one data object comprising the sensor data and metadata corresponding to the sensor data, and sends the data object to a secure data pool for storage and for secure access by one or more clients.

Abstract: According to some embodiments, streams of monitoring node signal values may be received over time that represent a current operation of an industrial asset control system. A current operating mode of the industrial asset control system may be received and used to determine a current operating mode group from a set of potential operating mode groups. For each stream of monitoring node signal values, a current monitoring node feature vector may be determined. Based on the current operating mode group, an appropriate decision boundary may be selected for each monitoring node, the appropriate decision boundary separating a normal state from an abnormal state for that monitoring node in the current operating mode. Each generated current monitoring node feature vector may be compared with the selected corresponding appropriate decision boundary, and a threat alert signal may be automatically transmitted based on results of said comparisons.

Abstract: A user or a provider of an IHS (Information Handling System) may prefer to disable, on a temporary or permanent basis, hardware components of the IHS. For instance, a user may prefer to prevent all microphone inputs through disabling of the microphone device of the IHS. Disabling hardware components via the operating system of IHS is cumbersome, especially for temporary hardware configurations. Embodiments provide the capability for securely managing certain hardware components of an IHS without reliance on the operating system of an IHS, while providing assurances that a hardware component is actually disabled. Embodiments assure disabling of a hardware component by providing the ability to terminate power to the component, where the power is terminated based on commands transmitted by a trusted resource via an out-of-band signal pathway to the hardware component.

Abstract: Methods, systems, and computer program products for performing passive and active identity verification in association with online communications. For example, a computer-implemented method may include receiving one or more electronic messages associated with a user account, analyzing the electronic messages based on a plurality of identity verification profiles associated with the user account, generating an identity trust score associated with the electronic messages based on the analyzing, determining whether to issue a security challenge in response to the electronic messages based on the generated identity trust score, and issuing the security challenge in response to the electronic messages based on the determining.

Abstract: A network apparatus of a communication system classifies traffic flows containing packets based on packet features. The network apparatus provides a copy of a packet contained in a traffic flow to a cluster node, and controls the cluster node to select at least one detector node based on the features of the packet and to forward said copy to the selected detector node to find out based on said copy whether the packet is malicious or not. In response to receiving from the detector node a flow indication on the traffic flow, the network apparatus controls a switch node to perform at least one flow control action on the traffic flow, the action including one or more of flow removal, flow modification and flow installation.

Abstract: An apparatus receives a signal to perform secure erasure of a storage medium. The apparatus, responsive to reception of the signal, erases the storage medium by performing at least the following operations. An encryption key is erased. The encryption key is stored on the storage medium and is used to encrypt data on the storage medium. The apparatus generates a fake encryption key that is different from the encryption key and stores storing the fake encryption key on the storage medium. The encryption key and/or fake encryption key may be stored on the medium in multiple parts. The encryption key may be generated using random data from the medium. The apparatus may be the storage medium or a computer system that access the storage medium. The erasure can be performed in response to a request by a user. The medium may be an erasure-resistant storage medium.

Abstract: Disclosed are various embodiments of method and system for network access control. The method may involve traffic monitoring and vulnerability detection using process information. The system may analyze the vulnerability as a process malfunctioning where preventive action focuses on process blocking as opposed to host blocking, which can lead to improved performance and productivity of a network. Techniques may use process related information, connection information, and network packet information for network control. The information may be matched against a plurality of signatures to identify and detect a known vulnerability in network activities. On the basis of a match, a verification report may be established. Techniques may further check whether a verification report is applicable to a process associated with a network packet and allow or block the process running on the host based in the report.

Abstract: Remote administration of initial computer operating system setup options is facilitated by systems and mechanisms that provide such initial setup options to a computing device during an earlier stage of the operating system setup. An administrator defines, in a profile, how such initial setup options are to be set and when an operating system is being set up it communicates with licensing servers to validate the copy of the operating system. If authorized, and if set up by an administrator, initial setup options are provided to the computing device at such an early stage of the operating system setup. Processes executing on the computing device then utilize software licensing application program interfaces to not only validate the copy of the operating system, but also to set the initial setup options in the manner pre-specified by the administrator. A customized directory service login user interface is one such initial setup option.

Abstract: A network system that can easily augment security is provided. The network system includes an information device included in an internal network connected to an external network, the information device transmitting specific information including its own identification information and device information provided in advance, in conformity with a predefined protocol; and a management unit that monitors the internal network, and collects the specific information from the information device in conformity with the predefined protocol. The management unit collects specific information from an unknown information device, notifies a user of an authorization request for the unknown information device on the basis of the collected specific information, and determines whether or not to authorize access of the unknown information device to the internal network, in accordance with a response from the user to the authorization request.