Abstract: A method and a device for authenticating a user. A signal representative of at least one character traced by the user on a surface of a transmitter device is received by the authentication device. The transmitter device includes an antenna able to transmit a radio signal to a terminal of the user via a channel using the electromagnetic wave conduction capabilities of the body of the user when the hand of the user traces the at least one character on or close to the surface of the transmitter device. The authentication device checks whether the received signal corresponds to a previously stored control signal and, in the event of a positive check, confirms authentication of the user.

Abstract: A method includes providing an initial communication, by an access device to a user device. The access device can receive the user identifier and the access token and receive a secret associated with the user. The access device can determine, using the user identifier and/or the access token, if the transaction is authorized by an authorizing entity computer associated with the access device or by an authorizing entity not associated with the access device. If the transaction is authorized by the authorizing entity computer associated with the access device, the access device can transmit an authorization request message comprising the user identifier, the secret, and the access token to the authorizing entity computer. The authorizing entity computer validates the secret, retrieves a real credential of the user using the user identifier, and authorizes the transaction.

Abstract: An information processing method is provided. The method includes: receiving a connection request of establishing a call connection, the connection request including a communication identifier of a requester; upon determining the communication identifier of the requester meeting a privacy condition, verifying an identity of a responder; and determining whether to permit a response of the responder to the connection request based on a verification result of the identity of the responder.

Abstract: A system uses information submitted in connection with a request to determine if and how to process the request. The information may be electronically signed by a requestor using a key such that the system processing the request can verify that the requestor has the key and that the information is authentic. The information may include information that identifies a holder of a key needed for processing the request, where the holder of the key can be the system or another, possibly third party, system.

Abstract: A method for managing operation of a circuit includes activating a trigger engine, receiving signals from a target circuit, and detecting a hardware trojan based on the signals. The trigger engine may generate a stimulus to activate the hardware trojan, and the target circuit may generate the received signals when the stimulus is generated. The trigger engine may be a scan chain which performs a circular scan by shifting bit values through a series of flip-flops including a feedback path. The target circuit may be various types of circuits, including but not limited to a high-speed input/output interface. The hardware trojan may be detected based on bit-error rate information corresponding to the signals output from the target circuit.

Abstract: Data networking may include forwarding, via a client device, data across a first communication network to a virtual private network (VPN) server, wherein the data is destined for a remote server, forwarding a request sent outside the VPN server, via the client device, to access a second communication network detected by the client device, receiving, via the client device, a captive portal requiring authentication information, forwarding, via the client device, the authentication information to an authentication server to obtain access to the second communication network, wherein the authentication information is not forwarded to the VPN server, and forwarding and receiving additional data, via the client device, to the VPN server concurrently across the first communication network and the second communication network.

Abstract: In a networked environment, an application executed on a computing device may transmit a distribution rule associated with a resource. The distribution rule can require a key application to be enabled as hardware associated with a client device prior to access to a resource. The application may receive a request for access to the resource by the client device. In an instance in which it is determined that the client device complies with the distribution rule, the application may provide, to the client device, authorization to access the resource.

Abstract: A computer-implemented method, a computer program product, and a computer system for detecting, verifying and preventing unauthorized use of a Voice over Internet Protocol (VoIP) service. A computer rates a VoIP call based on a database including information of the caller number, in response to determining that no record of a caller number exists in a database including the information of unauthorized uses. The computer sets a predetermined time period for the VoIP call based on a rating of the VoIP call, adds the predetermined time period to a session initiation protocol (SIP) invite, and connects the VoIP call to a called party. In response to that the predetermined time period is reached, the computer interrupts the VoIP call and prompts the caller to conduct user verification. In response to that the caller is successfully verified, the computer reconnects the VoIP call to the called party.

Abstract: Examples described herein include virtualized environments including a virtualized file server. Examples of secure domain join processes are described which may facilitate joining a virtualized file server or portions thereof to a domain. In some examples, the secure domain join process itself, and/or an associated file server virtual machine, may have insufficient credentials to write objects into an active directory. The active directory credentials need not be shared with the file server virtual machine. Rather, in some examples, the secure domain join process may provide a user system with a list of actions to be performed using active directory credentials.

Abstract: Aspects include circuitry that includes a first global generation counter (GGC) that is increased upon decoding of a branch instruction and a second GGC that is increased upon a completion of the branch instruction. Upon a triggered rollback, the first GGC is reset. The circuitry also includes a generation tag memory associated with a register that receives loads during a side-channel attacks which is set to the first GGC upon a first load, and a determination unit to determine, for a second load from an address depending on the register of the first load, a generation tag value associated with the register of the second load as a function of the first GGC, the second GGC, and the generation tag value associated with the register of the first load. A wait queue is configured to block the second load, if the generation tag is larger than the second GGC.

Abstract: A computer-implemented method includes receiving permission data from an application server. The permission data is for an account to access a software application of a plurality of software applications, and the application server is configured to provide the software application. Responsive to receiving the permission data from the application server, storing the permission data in a native database. Receiving a request to grant the account access to the software application. Determining whether the database stores the permission data for the account to access the software application. In response to determining that the database stores the permission data, granting access to the account to access the software application.

Abstract: Methods, systems, and computer-readable media for automated packetless network reachability analysis are disclosed. An analysis is performed of network configuration data for a network comprising a host computer. Based at least in part on the analysis, one or more ports at the host computer that are reachable from another computer are determined. Based at least in part on the analysis, one or more routes to the one or more ports are determined. A report is generated that is descriptive of the one or more ports and the one or more routes.

Abstract: An information processing apparatus includes a memory storing, in an associated form, a unit of authentication and multi-step authentication corresponding to the unit and one or more processors configured to, when a type of the authentication of an authentication step in the multi-step authentication is to be set, display a unit of the type serving as a setting target on a display in a manner such that the unit of the type serving as the setting target is selectable.

Abstract: Embodiments are directed to a session management framework for secure communications between host systems and trusted devices. An embodiment of computer-readable storage mediums includes instructions for establishing a security agreement between a host system and a trusted device, the host device including a trusted execution environment (TEE); initiating a key exchange between the host system and the trusted device, including sending a key agreement message from the host system to the trusted device; sending an initialization message to the trusted device; validating capabilities of the trusted device for a secure communication session between the host system and the trusted device; provisioning secrets to the trusted device and initializing cryptographic parameters with the trusted device; and sending an activate session message to the trusted device to activate the secure communication session over a secure communication channel.

Abstract: A method including transmitting, by an infrastructure device to a manager device, an invitation link to enable the manager device to manage network services provided by the infrastructure device; transmitting, by the infrastructure device to the manager device based on verifying that the invitation link was activated by the manager device, seed information to enable the manager device to determine authorization information; determining, by the manager device, the authorization information based on utilizing the seed information; transmitting, by the manager device to the infrastructure device during a communication session, a manager request related to an action to be performed regarding the network services, the manager request being signed based on utilizing a first portion of the authorization information; and authorizing, by the infrastructure device, the manager request based on verifying that the communication session is currently active is disclosed. Various other aspects are contemplated.

Abstract: Security mitigation techniques are presented to protect a user device or a user thereof from attackers, especially in instances when they are most at risk. In an example embodiment, one or more mitigation actions may be performed when it is determined that a website is unsecured and a network with which the user device is connected is open Wi-Fi. The mitigation action may include generating a visual warning in a graphical user interface (GUI) of a web browser that is displaying the website, preventing the transmission of sensitive information, halting execution of scripts and resources of inactive web browser tabs or when there is a change in network connection, or not allowing execution of scripts or resources when the website is unsecured. In another example embodiment, transmission of sensitive information is prevented from being transmitted by an application over an open Wi-Fi network.

Abstract: Encrypted first data and encrypted second data may be received, where each data is from different client servers. A request to perform an operation with the first data and the second data may be received. Whether the operation is authorized to be performed with the first data and the second data at an enclave may be verified. In response to verifying that the operation is authorized to be performed with the first data and the second data at the enclave, the encrypted first data and the encrypted second data may be decrypted to the first data and the second data, respectively. Furthermore, the operation may be performed with the first data and the second data at the enclave.

Abstract: The technology disclosed herein enables network consensus management using trusted execution environments.

Abstract: A system and method for a dynamic-link verification process between an electronic device and a transaction or event. The first step is engagement by a mobile electronic device with an initiator that is linked with a specific verification event that triggers a text message to auto-populate on a mobile electronic device. The message comprising metadata about the user and the event or transaction. The second step is for the electronic device to send the auto-populated message to a message gateway thus initiating the verification of the user. The message gateway works with a management service and one or more databases to verify the identify and other aspects of the user based on instructions provided by the event host. Approval or denial of the transaction or request to gain entry is sent to the mobile device and the event host.

Abstract: Described embodiments include a system that includes a monitoring agent, configured to automatically monitor usage of a computing device by a user, and a processor. The processor is configured to compute, based on the monitoring, a score indicative of a cyber-security awareness of the user, and to generate an output indicative of the score.