Abstract: In an embodiment, a method is configured to detect compromised credentials, comprising: generating a plurality of bloom filters, wherein each bloom filter corresponds to a particular subset of a set of compromised credentials; receiving an index value from a client computing device; in response to receiving the index value, determining a target bloom filter corresponding to the index value, and sending the target bloom filter to the client computing device; receiving a first value from the client computing device; in response to receiving the first value, generating a second value based on the first value, and sending the second value to the client computing device.

Abstract: A consensus method includes: when a first consensus node of a consortium blockchain performs a consensus operation on a consensus proposal, sending a verification signature to a second consensus node of the consortium blockchain, wherein the verification signature is configured to represent at least one consensus verification item set by the first consensus node sending the verification signature for the consensus proposal; receiving, by the first consensus node, a verification signature sent by at least one of the second consensus node or a third consensus node of the consortium blockchain for the consensus proposal; and after the first consensus node reaches a consensus on proposal data of the consensus proposal, generating a block recording the received verification signature corresponding to the consensus proposal and the proposal data, wherein the verification signature recorded in the block is configured to prove validity of the proposal data recorded in the block.

Abstract: An identity authenticator receives a first authentication credential from a first application at a first computing device. The identity authenticator then determines that the first authentication credential is associated with a second authentication credential for the first application at a second computing device based on a stored authentication identity. The identity authenticator then provides a stored execution state for the first application to the first computing device, wherein the stored execution state is associated, based on the stored authentication identity, with at least one of the first authentication credential or the second authentication credential.

Abstract: A security data processing device comprising a processor and memory, the processor configured to: receive a script comprising at least one instruction set for provisioning a type of programmable device, the instruction set(s) defining one or more cryptographic operations, each of the cryptographic operations referring to a parameter; store the script in memory; verify a signature associated with the script using an authorization key retrieved from memory; receive a programming request from a programming module of a programming machine in communication with said processor, said programming request requesting the programming of a programmable device and identifying an instruction set of the instruction set(s) in said script; for each cryptographic operation in the identified instruction set, determine a value for the parameter and perform the cryptographic operation using the value; and in response to performing each cryptographic operation, output programming information to the programming module for programmi

Abstract: A memory controller for a (DRAM) memory processes an (access) command for a target row in the memory, increments a count value for each victim row associated with the target row, and issues a (dummy activate) command for a victim row whose count value reaches a specified threshold. By tracking victim rows instead of target rows, the memory controller can thwart both single-sided and double-sided row-hammer attacks. The memory controller maintains the victim-row addresses and corresponding command counts in a TCAM memory to detect rows that may be prone to row-hammer attacks. If so, then the memory controller issues dummy activate commands to the corresponding memory rows to thwart such row-hammer attacks.

Abstract: A blockchain-based electronic signature method includes: receiving an electronic signature authentication request sent by an electronic signature client, wherein the electronic signature client is bound to one or more legal signature users, and the electronic signature authentication request includes biometric information of a signature user collected by the electronic signature client; in response to the electronic signature authentication request, authenticating whether the signature user is a legal signature user bound to the electronic signature client based on the biometric information; and if yes, returning an authentication result to the electronic signature client, so that the electronic signature client further prompts the signature user to perform an electronic signature operation in response to the authentication result; and receiving an electronic signature submitted by the signature user and collected by the electronic signature client, and publishing the electronic signature to a blockchain.

Abstract: In one embodiment, a method for providing access to wireless networks may include receiving, by a wireless network access provider from a user device, a request to access a wireless network. The method may include obtaining data representing a policy applicable to the access request, sending the access request, augmented with the policy, to an identity provider associated with the user and having no pre-existing relationship with the access provider, and receiving, from the identity provider, an access request response indicating whether or not the policy is met. The method may include communicating, to the wireless device, an indication that the access request has been accepted, if the policy is met, or an indication that the access request has been rejected, if the policy is not met. The access provider and identity provider may be members of an identity and access federation that communicate over a dynamically established secure connection.

Abstract: The embodiments herein disclose a system or a platform for multi-dimensional, multi-layered security control. The system includes Identity management module, Payload data handling module, heuristic network Management module, Application interface Manager, and an encapsulator or Modulator while leveraging a dynamic Validator. A Shielding protector is provided for safety of servers, devices, systems and clouds. The identity management module safeguards passwords, PINS, user information, and device data. The dynamic ID, time-based, multi factor elements is used to embed both ID and data. The Payload data handling module provides data wrapping, random-segmenting and flow-chains. The heuristic network Management module performs routing of watermarking, and obfuscation map tracker. The Application interface Manager works on DDMLSORI techniques to block out any unwanted Access while validating actual transactions using Qualifiers.

Abstract: In order to provide improved matching of records between different sources, systems and methods include generating a data link between a stored interaction profile of the user and activity data records that identify activities performed by the user. Online interaction data associated with the user is received, including tracking data indicative of online interactions with content. The online interaction data is stored in the stored interaction profile associated with the user. An activity model is used to predict correlation parameters representing groupings of online interactions of the online interaction data with activities performed by the user, where the prediction is based on the tracking data and each activity in the interaction profile. The interaction profile is updated with the groupings and user activities are authenticated based on the interaction profile.

Abstract: The invention relates to a method for controlling by a server called secure server the use of a first set of at least one data element of a data owner and provided by a communication device, the method comprising the steps of: receiving at least one digital signature representative of a process authorized by the data owner and adapted to carry out a series of at least one instructions using the first set of at least one data element; receiving from a process entity the series of at least one instruction, and a ciphered version of the first set of at least one data element which is communicated to the process entity by the communication device; verifying that the series of at least one instruction correspond to a process authorized by the data owner of the communication device by comparing the at least one digital signature received by the secure server with a digital signature obtained by the secure server using as an input the series of at least one instruction received by the secure server; and if the serie

Abstract: A system which includes at least one host, wherein the host is configured to implement at least one container group including a first container, a data communication module, an interface, and a malicious detection module, wherein the data communication module is configured to collect data based on data communication of the container group, and transmit collected data, or data representative thereof, to the interface, the interface being configured to transmit collected data, or data representative thereof, to the malicious detection module, for detecting malicious data.

Abstract: In an example, there is provided a method for attesting to a management state of a device platform configuration, based on a signed data structure that represents a device management status and a time-based value from a secure cryptoprocessor of the device. The signed data structure is sent to a management system for validation based on a comparison to the state of the cryptoprocessor at the time of signing the data structure.

Abstract: An electronic device includes a combinational logic circuit, one or more functional state-sampling components, one or more protection state-sampling components, and protection logic. The combinational logic circuit has one or more outputs. The functional state-sampling components are configured to sample the respective outputs of the combinational logic circuit. The protection state-sampling components are associated respectively with the functional state-sampling components, each protection state-sampling component configured to sample a same output of the combinational logic circuit as the corresponding functional state-sampling component, but with a predefined time offset relative to the functional state-sampling component. The protection logic is configured to detect a discrepancy between the outputs sampled by the functional state-sampling components and the respective outputs sampled by the protection state-sampling components, and to initiate a responsive action in response to the discrepancy.

Abstract: A hardware malware profiling and detection system is disclosed. In embodiments, the system includes a primary (e.g., trusted) system including template processors and hardware sensors. The template processors submit input vectors to the primary system and characterize the system response via power trace data collected by the hardware sensors. Based on the input vectors and power trace data, the template processors generate system templates and derive system challenges therefrom. The template processors submit the system challenges to a remote system under test and characterize the remote system response in real time via identical remote hardware sensors. The template processors correlate the real-time remote system response data with the system templates corresponding to the issued challenges to detect system anomalies or malware within the remote system or its components.

Abstract: An Integrated Circuit (IC) includes functional circuitry and protection circuitry. The protection circuitry is configured to maintain a counter value, which is indicative of a cumulative amount of hostile attacking attempted on the functional circuitry over a lifetime of the IC, to detect events indicative of suspected hostile attacks on the functional circuitry, to decide, responsively to a detected event, on an update of the counter value depending on a time difference between the detected event and a most recent power-up in the IC, and update the counter value in accordance with the decided update, and to disable at least part of the IC in response to the counter value crossing a threshold.

Abstract: A method for authenticating users contactlessly with decentralized identifiers (DID) using verifiable credentials is provided. The method includes steps of: an authentication supporting server, (a) on condition that a user DID is issued and a user public key is registered in a blockchain network, in response to a contactless authentication request, (i) retrieving the user public key from the blockchain network or from a user DID document sent by a resolving server and (ii) verifying a user signature value; and (b) (i) transmitting real-time feature point information and identity confirmation information to a certification authority (CA) server, (ii) allowing the CA server to transmit authentication result information, (iii) retrieving a CA server public key from the blockchain network or from a CA server DID document sent by the resolving server, (iv) verifying a CA server signature value, (v) registering the authentication result information, and (vi) transmitting a user verifiable credential.

Abstract: Techniques of data authentication in a distributed computing system are disclosed herein. One example technique includes receiving a request for performing an operation along with a data package that includes a security token, a first digital signature of the security token generated using an ephemeral private key, and an ephemeral public key with a second digital signature generated using a master private key stored at a secure location. The example technique can also include initially validating the second digital signature using a public key corresponding to the master private key, and upon validating the second digital signature, validating the first digital signature of the security token using the ephemeral public key included in the data package. Upon validating that the first digital signature of the security token, the request can be authenticated, and the requested operation can be performed.

Abstract: Providing authentication servers (e.g. a RADIUS server) combined with a distributed data store (e.g. a memory cache) for storing a time-limited trust relationship message to establish/enable a time-limited trust between the authentication servers during network roaming of a user device. This circumvents the need for the traditional method of synchronous authentication messaging sequences, permitting transmission of authentication messaging sequences in a more time-efficient asynchronous manner.

Abstract: The present disclosure describes a system for saving metadata on files and using attribute data files inside a computing system to enhance the ability to provide user interfaces based on actions associated with non-executable attachments like text and document files from untrusted emails, to block execution of potentially harmful executable object downloads and files based on geographic location, and to a create a prompt for users to decide whether to continue execution of potentially harmful executable object downloads and files. The system also records user behavior on reactions to suspicious applications and documents by transmitting a set of attribute data in an attribute data file corresponding to suspicious applications or documents to a server. The system interrupts execution of actions related to untrusted phishing emails in order to give users a choice on whether to proceed with actions.

Abstract: The present disclosure describes systems and methods for using for a simulated phishing campaign, information about one or more situations of a user determined from an electronic calendar of the user. A campaign controller may identify an electronic calendar of a user for which to direct a simulated phishing campaign, determine one or more situations of the user from information stored in the electronic calendar and select either a template from a plurality of templates or a starting action from a plurality of starting actions for the simulated phishing campaign based at least on the one or more situations of the user. The campaign controller may communicate to one or more devices of the user a simulated phishing communication based at least on the respective template or starting action.