Abstract: Techniques for time-based network authentication challenges are disclosed. In some embodiments, a system, process, and/or computer program product for time-based network authentication challenges includes monitoring a session at a firewall to identify a user associated with the session, generating a timestamp for an authentication factor associated with the user after the user successfully authenticates for access to a resource based on an authentication profile, intercepting another request from the user for access to the resource at the firewall, and determining whether the timestamp for the authentication factor is expired based on the authentication profile.

Abstract: A system for electronically sharing private documents using document pointers is disclosed. The system includes a processor and memory. A pointer database electronically coupled to the processor for storing a pointer to a document associated with a user and stored on a repository device of a plurality of repository devices remote from the server system, wherein the pointer comprises a unique identifier of the document and an associated location of that document on the repository device. A network communications interface electronically coupled to the processor is configured to electronically receive from a client device, an electronic authorization to share the document with a recipient third-party device of a plurality of recipient third-party devices, and, in response to the electronic request, transmit an encrypted information package including the pointer to the document to one of the client device, the repository, or the third-party device to facilitate the document sharing.

Abstract: Operation information corresponds to a first operation, where the operation information includes touch information and/or posture information of a terminal device, and manages the terminal device based on a matching degree between the operation information corresponding to the first operation and a first decision model, where the first decision model is determined based on operation information of an operation performed by a first user. According to a terminal device management method, because an operation of a user is habitual, a same user (namely, the first user) may generate a large quantity of similar operations in a process of operating the terminal device. Training is performed by using a plurality of operations of the first user, and a decision model is obtained. Based on the decision model, it can be determined whether an operation is performed by the first user.

Abstract: A retail environment having retail terminals with data entry point devices selectively encrypts input received by the data entry point devices and passes the encrypted data to a security module. The selective encryption is based on whether or not sensitive or confidential information, such as a personal identification number (PIN) associated with a debit card, is being input. To prevent hacking of the software of the retail terminal, content destined for display on the retail terminal is authenticated prior to display. In this manner, the retail terminal may be assured that confidential information is input only when desired, and thus may be encrypted only as needed.

Abstract: An information intermediating apparatus in an information transaction system including an information providing apparatus, an information acquiring apparatus and the information intermediating apparatus connected to a communication network, includes: a first receiver that receives second information, of first and second information necessary for restoring transaction object information, and first feature information indicating a feature of the first information; a second receiver that receives second feature information from the information acquiring apparatus, the second feature information being calculated from the first information transmitted to the information acquiring apparatus from the information providing apparatus; a feature information determination unit that determines whether an identity is present between the first feature information and the second feature information; and a transmitter that transmits the second information to the information acquiring apparatus, when the feature information d

Abstract: A monitoring system monitors authentication sessions both on the air interface between the terminals and the network, and on at least one wired network-side interface between network-side elements of the network. The monitoring system constructs a database of sets of network-side authentication parameters using network-side monitoring. Each set of network-side authentication parameters originates from a respective authentication session and is associated with the International Mobile Station Identity (IMSI) of the terminal involved in the session. In order to start decrypting the traffic of a given terminal, the system obtains the off-air authentication parameters of that terminal using off-air monitoring, and finds an entry in the database that matches the air-interface authentication parameters. From the combination of correlated network-side and off-air authentication parameters, the processor is able to extract the parameters needed for decryption.

Abstract: Aspects of the present disclosure relate to encryption management. An indication of a data set to be tagged with an encryption tag is received. A location for the encryption tag is determined. The encryption tag is stored at the location, where the encryption tag includes an encryption status indicator specifying whether or not the data is encrypted and an encryption algorithm indicator specifying an encryption algorithm used to encrypt the data.

Abstract: Provided herein are system, devices and methods for applying Multi-Party Computation (MPC) to authenticate a user accessing a secure resource using a plurality of computing nodes. The computing nodes, each receiving a respective one of a plurality of encrypted shares created using a plurality of keys to encrypt private data captured by a client device used by the user accessing the secure resource, engage in a secure MPC to compare between the encrypted shares and reference encrypted private data copies also encrypted using the plurality of keys without decrypting the private data since the keys are not available to the computing nodes. The computing nodes compute a match score based on the comparison and transmit it to a controller of the secure resource configured to grant or deny the client device access to the secure resource based on the match score.

Abstract: A method for managing data includes obtaining, by an indirection logic service, a data request for data, wherein the data request specifies a ledger entry, identifying an indirection logic entry stored in the indirection logic service based on the ledger entry, obtaining a selection of trust data from a client, wherein the ledger entry comprises metadata of the trust data, and initiating communication between the client and a local trust manager based on the selection of trust data, wherein the trust data was generated by the local trust manager.

Abstract: A system and method for validating an entity may include obtaining by at least a first system, a set of entity details related to the entity; associating with the entity, by the first system, a first trust level based on at least some of the entity details; and validating the entity based on the first trust level. A system and method for validating an entity may include providing at least one of first and second values to a respective at least one of first and second devices; providing the entity, by at least one of the first and second devices, with the at least one of first and second values; and using the at least one of first and second values, by the entity, to identify the entity to an identifying entity.

Abstract: A combination lock system includes a mobile communication device (10, 10?), a cloud server (20) and a combination lock (30, 30?). When the cloud server (20) determines that the mobile communication device (10, 10?) matches authentication information, the cloud server (20) outputs password information (22) corresponding to the authentication information to the mobile communication device (10, 10?), and the combination lock (30, 30?) obtains an electric energy and the password information (22) from the mobile communication device (10, 10?). When the combination lock (30, 30?) determines that one of the characters of the password setting module (31, 31?) matches one of the characters of the password information (22) corresponding to a corresponding arrangement order, the mobile communication device (10, 10?) displays display information.

Abstract: For example, a data set comprising a plurality of data fields, including at least one field containing personal information, can be received. Meta-information for the data set can be reviewed, which includes a categorization for the data set comprising a first parameter specifying field data type, and, for fields comprising personal information, a second parameter specifying personal data consent information. The data set may be converted into a columnar data storage format using the meta-information, and the at least one data field comprising personal information may be stored in at least one column marked as comprising personal information, and at least one personal information privacy control may be applied to the at least one marked column.

Abstract: A trust chain having client system and a remote system in a secure connection, wherein an intermediary system associated with the network flow path serves as a signing entity to establish an end to end transitive trust. The intermediate system is a corroborative entity in the operations technology realm of the client system. The remote system serves as the host for a plurality of services in the information technology realm. A two way handshake during the initial secure exchange protocol between a local client application and a remote service is extended to a three way handshake that includes a nonce issued by the remote service on the remote system and a digital signature for the nonce issued by a signature service on an associated intermediate system. The nonce signature is verified authoritatively at the remote system based on the signing certificate of the intermediate system for explicit proof of association.

Abstract: There is disclosed in one example a computing apparatus, including: a processor; and a memory having encoded therein executable instructions to instruct the processor to: divide a file-under-analysis into a plurality of features; build a plurality of categories from the plurality of features, including a category of unrelated features; construct a first decision tree from a first category of the plurality of features, the first category including related features; construct a second decision tree from a second category of the plurality of features, the second decision tree including unrelated features; and determine, based at least partly on the first decision tree and the second decision tree, that the file under analysis has malware content.

Abstract: In some examples, in response to detecting addition or update of a program component of a program, a system creates a blockchain entry for addition to a blockchain register, generates a hash based on the program component, and adds in the blockchain entry a signed hash produced by encrypting the generated hash. The system publishes the blockchain entry for the blockchain, the signed hash in a blockchain entry useable to detect tampering with the program component.

Abstract: A computer-implemented system and method for searching comprises handling a digital twin (DT) component corresponding to a physical component. The DT component comprises an access attribute (DTAA) that controls access to the DT component, and other attributes of the DT component. The method further comprises responsive to a trigger, determining a factor value based on a plurality of factors associated with the DT. Responsive to the factor value exceeding a factor value threshold, the method comprises modifying the DTAA to permit access to the DT by a user not previously having access.

Abstract: A method for controlling access to a computing device includes detecting one or more wireless devices configured as wireless access points. A handshake operation involving the computing device and a key device may then be performed. The method further includes receiving, at the computing device and during a calibration phase, wireless signals transmitted by the key device wherein during the calibration phase the computing device determines an approximate signal strength corresponding to a desired distance between the computing device and the key device. Subsequent to the calibration phase, other wireless signals transmitted by the key device are received at the computing device. The method further includes detecting, based upon a received signal strength of the other wireless signals, that the computing device and the key device are separated by at least the desired distance and, in response, electronically locking or otherwise inhibiting user access to the computing device.

Abstract: A server has a pool data store that stores ambient sound recordings for matching. A match engine finds matches between ambient sound recordings from devices in the pool data store. The matching ambient sound recordings and their respective devices are then analyzed to determine which device is a source device that provides credentials and which device is a target device that receives credentials. The server then obtains or generates credentials associated with the source device and provides the credentials to the target device. The target device accesses content or services of an account using the credentials.

Abstract: An example operation may include one or more of receiving sensory data, identifying one or more operations in a smart contract stored on a blockchain, performing the one or more operations based on the sensory data received, creating a blockchain transaction with a record of the one or more operations performed and the sensory data received, and committing the blockchain transaction to the blockchain.

Abstract: An approach is provided in which an information handling system loads a set of encrypted binary code into a processor that has been encrypted based upon a unique key of the processor. The processor includes an instruction decoder that transforms the set of encrypted binary code into a set of instruction control signals using the unique key. In turn, the processor executes a set of instructions based on the set of instruction control signals.