Abstract: Methods, systems, and computer readable media may be operable to wireless hotspot activity of one or more access points supporting multiple radios. A DHCP relay agent may receive a DHCP request from a device seeking to join a hotspot service provided through a gateway. If the number of currently connected devices is less than the maximum connected device limit, then the agent may increase the number of currently connected devices by one, and relay the encapsulated DHCP request over a GRE tunnel. If the number of connected devices already meets or exceeds the allowed limit, then the DHCP relay agent may instruct the gateway or its access point to disconnect the new device.

Abstract: A method for project management using a blockchain includes: receiving a project request including a project stream comprised of a plurality of role assignments and an ordering for the role assignments, wherein each role assignment indicates a corresponding public key; generating a first digital token; transmitting the first digital token to a first computing device associated with a public key corresponding to a first role assignment based on the ordering; receiving data from the first computing device including a data file, return token, and digital signature; validating the return token based on the first digital token; validating the digital signature using the public key corresponding to the first role assignment; transmitting the data file to a node in a blockchain network; and transmitting a second digital token to a second computing device associated with a public key corresponding to a second role assignment based on the ordering.

Abstract: Additional security is provided for users by implementing a module that notifies an account holder when the account is accessed to change in password, logout or lock the account via notifications to smartphone apps, browser plugin, etc. User can use mobile apps or browser plugin from any device to immediately stop the access by logging out the user from the already logged in systems, lock the user account, or change the password.

Abstract: A computing device includes an interface configured to interface and communicate with a dispersed storage network (DSN), a memory that stores operational instructions, and processing circuitry operably coupled to the interface and to the memory. The processing circuitry is configured to execute the operational instructions to perform various operations and functions. The computing device receives (e.g., via the DSN and from a first other computing device) a storage request that is based on data object. The computing device extracts a remote address (associated with the first other computing device) from the storage request. The computing device processes the storage request to determine whether any principals are associated with the storage request, wherein the principals include DSN system entities.

Abstract: According to some aspects, disclosed methods and systems may include determining, by an electronic device, a value associated with a first parameter configured to dynamically change, and displaying, via a user interface, an object corresponding to the value associated with the first parameter. The methods and systems may also include receiving, via the user interface, an input intended to unlock the electronic device, unlocking the electronic device if the received input interacts with the object in a predefined manner, and maintaining the electronic device in a locked state if the received input does not interact with the object in the predefined manner.

Abstract: A system and method for a machine learning-based score driven automated verification of a target event includes: receiving a threat verification request; extracting a corpus of threat features; predicting the machine learning-based threat score; evaluating the machine learning-based threat score against distinct stages of an automated disposal decisioning workflow; computing the activity disposal decision, wherein the activity disposal decision informs an action to allow or to disallow the target online activity; receiving the machine learning-based threat score as input into an automated verification workflow; computing whether an automated verification of the target online activity is required or not based on an evaluation of the machine learning-based threat score against distinct verification decisioning criteria of the automated verification workflow; automatically executing the automated verification of the target online activity and exposing results of the automated verification to the subscriber for a

Abstract: Methods for authenticating a genuine presence of a human involve directing one or more modulated probes towards a body part of the human, receiving a response to the probes from the body part, and analyzing the response to determine whether it contains spectral characteristics that match a class of responses to such probes for the human body part in a human population. Replay attacks are countered by varying the modulation of the probe temporally, spatially, and spectrally each time authentication is performed. The probes may include electromagnetic radiation, acoustic beams, or particle beams that generate a detected reflection, absorption pattern, scintillation, or fluorescence response of the body part. The analysis of the response may be directed to one or more of temporal, spatial, and spectral variations in accordance with the nature of the probes and the modulation.

Abstract: Disclosed are an apparatus and method for encryption. The encryption apparatus includes a key table generator configured to generate at least one encryption key table from random values obtained from a seed value and generate at least one decryption key table from the at least one encryption key table; an algorithm generator configured to generate an encryption algorithm having a Misty structure that has a round function to which the at least one encryption key table is applied and a decryption algorithm having a Misty structure that has a round function to which the at least one decryption key table is applied; an encryptor configured to encrypt plaintext data with the encryption algorithm; and a decryptor configured to decrypt encrypted data with the decryption algorithm.

Abstract: User authentication techniques are provided using a scene composed of selected objects. An exemplary method comprises obtaining enrollment information from a user, wherein the enrollment information comprises a first scene comprised of a first selection of objects; initiating a challenge to the user in connection with an authentication request by the user to access a protected resource; processing a second scene comprised of a second selection of objects submitted by the user in response to the challenge, and wherein the processing comprises determining a likelihood that the submitted second scene comprised of the second selection of objects matches the first scene comprised of the first selection of objects submitted by the user with the enrollment information; and resolving the authentication request based on the likelihood. Objects in the first selection of objects are optionally selected from a catalog and arranged into the first scene.

Abstract: The present invention discloses a binary stream hash modulus encryption and decryption method, including: creating a clear-text set M according to a clear-text file; taking the clear-text set M as an initial set and performing several times of byte order iterative encryption on a reference string to obtain a cipher-text set C; wherein a key set P and an algorithm set A are combined during the iterative encryption; and calling the key set P for the cipher-text set C to perform several times of byte decryption on the reference string, wherein the key set P and the algorithm set A are jointly used during the encryption and shared during the encryption and decryption. By using the present invention, the file cannot be decoded even if intercepted by another person, an existing Internet platform is still used in a transmission environment, but transmitted information is encrypted information.

Abstract: Some external users in a public on-line community may post excessive numbers of items, causing annoyance to others and unnecessary loading on database resources. A robust moderation framework enables an individual community moderator or admin to specify a set of rules and actions to mitigate this problem. Scalable, performant rate limiting rules employ windowed counters, separately for each rule, with the counters maintained in cache memory resources outside the main database.

Abstract: A technique for over-the-top end-to-end (OTT E2E) information security in a data center providing IT infrastructure for an enterprise network. The technique provides a hardware-to-hardware and/or hardware-to-software PKI over-the-top encryption method that can be applied to both hardware devices and virtual devices. The hardware side may be implemented in a customer premises-based physical enclosure (e.g., a concentrator) having multiple ports. Each port has associated therewith an integrated circuit-based NID. This device provides OSI Layer 2 encryption offloaded to a PKI processor on this chip. Preferably, this process of handling encryption is transparent, with all handling of keys occurring automatically during a device discovery operation. Each key is configured for use for the single port for which the associated device is responsible. This approach allows separate keys on each port to curtail brute force decryption; in the event of key exposure, only one port at a time can become compromised.

Abstract: Provided is a password authenticating apparatus that can provide a hint for selecting a password without displaying a part of the password. The input-receiving unit receives input of a password as an input password. A password-header-comparing unit compares a header portion of the input password up to a number of header comparison characters with authentication information, and determines whether or not the header portion of the input password up to the number of header comparison characters matches a portion from the start of a registered password up to the number of header comparison characters. A screen-generating unit, when it is determined there is no match, generates a header-error screen providing guidance that the input password already does not match in the header portion as a display screen. A display-control unit causes a display unit to display the display screen generated by the screen-generating unit.

Abstract: Disclosed are examples of systems, apparatus, devices, computer program products, and methods implementing aspects of a decentralized content fabric for secure content publishing in an overlay network. In some implementations, a request to create digital content is obtained from a client. The request includes a call on a library contract associated with a content library. A transaction identifying the request is recorded in a ledger. A transaction ID and a content ID are sent to the client. An authorization token including the transaction ID and the content ID is then obtained from the client. Authorization of a content creator can be verified based on the authorization token. A write token can then be sent to the client. A content object part encrypted with a content encryption key set and designated for publishing to the overlay network can then be obtained from the client.

Abstract: Systems, computer program products, and methods are provided for categorizing data entries or segments from data files and storing the categorized data within category-specific blocks of a distributed ledger within a distributed trust computing network. Access credentials are generated that link/point to the those category-specific blocks containing data entries/segments that the credential holder is authorized to access. As such, the present invention insures that authorized entities (i.e., credential holders) that are accessing the distributed trust network for the purpose of verifying/authenticating data contained therein only have access to that portion/segment of the data file (e.g., specific data entries or the like) that they are authorized to access. In other words, the present invention, limits the authorized entity to only accessing data from the data file on a need-to-know basis.

Abstract: A method includes obtaining usage metrics for assets of an enterprise system and extracting sets of features from the obtained usage metrics, the sets of features characterizing relative importance of each of the assets for each of two or more designated time windows. The method also includes determining, utilizing the extracted features, an importance of each of the assets. The method further includes establishing a baseline behavior of the assets based on the extracted features, monitoring behavior of the assets during at least one additional time window, and modifying a configuration of a given asset responsive to detecting that the monitored behavior of the given asset during the at least one additional time window exhibits a threshold difference from the established baseline behavior of the given asset, wherein the modification is based at least in part on the importance of the given asset relative to one or more other assets.

Abstract: There is presented a method, a computing device and a biometric matching service, for the biometric authentication of a user. The method comprises capturing a biometric sample from a user and obtaining information to identify data sources relevant to the user. The method further comprises using the data sources relevant to the user to obtain a plurality of biometric samples potentially captured from the user. The method further comprises matching the captured biometric sample against the plurality of potentially captured biometric samples to determine whether the captured biometric sample represents the user.

Abstract: Systems, computer program products, and methods are provided for storing data files within a distributed trust computing network, such as a blockchain network, which acts as a source of truth for the digital copy. In response to storing the data file within the distributed trust computing network, a machine-readable code is generated that when read by an authorized entity provides access to the certified digital copy stored within the distributed trust computing network. In this regard the machine-readable code serves as a pointer to the distributed trust computing network and the storage location within the trust network and, in specific embodiments the code is dynamic so as to provide access privileges (e.g., security credentials required to access, the content authorized to access, duration period for accessing and the like).

Abstract: Encryption keys for an enterprise are stored at a perimeter device such as a gateway, and rules are applied at the network perimeter to control whether and how these keys are used for cryptographic processing of communications passing through the perimeter device. The encrypted status of communications, e.g. whether and how files are encrypted with the encryption keys, may also be used to assist in selecting appropriate security handling and routing of the communications.

Abstract: The data forwarding system includes a data storage device and a server. The data storage device is configured to store shared data uploaded by a first developer via a first terminal device. The server includes a processor which can load program codes to execute: a forwarding procedure for forwarding the shared data to a receiving device; a forwarding setting procedure for enabling the developer to apply forwarding settings to the shared data; a data processing procedure for executing the necessary data processing before forwarding the shared data; and a forwarding condition verification procedure for examining whether the shared data conforms to the forwarding settings.