Abstract: A method for managing documents includes obtaining, from a first computing device, a first signed document, and in response to obtaining the first signed document: identifying a first plurality of validity services associated with the signed document, sending a verification request to the first plurality of validity services, wherein each of the plurality of verification requests specifies the first signed document, obtaining a plurality of verification responses from the first plurality of validity services, and making a determination, based on the plurality of verification responses, that the first signed document is valid.

Abstract: To securely realize updating of a key shared between an apparatus on a transmission side and an apparatus on a reception side. A second apparatus encrypts a new shared key by an encryption processing unit, issues a signature for the encrypted new shared key from a signature processing unit, and transmits the signature and the encrypted new shared key to a first apparatus. When a signature processing unit fails in verifying the signature, the first apparatus performs control to prohibit at least one of processing executed after reception of the encrypted new shared key and required to store the new shared key into a storage unit.

Abstract: A method can include obtaining access card data from an access card. The access card can include accessibility data. The access card can be configured to electronically permit access to one or more systems by transmitting the accessibility data. The access card data can include at least a portion of the accessibility data. The method can further include storing the access card data. The method can further include transmitting the access card data to a penetration test system that is configured to test the one or more systems for at least one system vulnerability based, at least in part, on the access card data.

Abstract: Methods and systems for security monitoring and response include assigning an anomaly score to each of a plurality of event paths that are stored in a first memory. Events that are cold, events that are older than a threshold, and events that are not part of a top-k anomalous path are identified. The identified events are evicted from the first memory to a second memory. A threat associated with events in the first memory is identified. A security action is performed responsive to the identified threat.

Abstract: To provide an image data alteration detection device, an image data alteration detection method, and a data structure of image data that can easily detect an alteration in image data. Metadata in image data includes a first hash value calculated based on predetermined data, a second hash value calculated based on a character string of a script, and the script. An image alteration detection device calculates a third hash value based on the predetermined data and the script included in the metadata, calculates a fourth hash value based on a character string of the script included in the metadata, compares the first hash value included in the metadata with the calculated third hash value and the second hash value included in the metadata with the calculated fourth hash value, and detects that the image data is altered when one of the values is not equal.

Abstract: A computer implemented method of distributed wireless communications access security, the method comprising steps a computer processor of a server computer is programmed to perform, the steps comprising: receiving data characterizing a device, selecting a policy from a database of policies using the received data characterizing the device, for the device, the policy defining a criterion for determining which wireless access points are allowable, and communicating data defining the selected policy to the device, for the device to use for determining whether access to an active wireless access point is allowable.

Abstract: A method for processing blockchain data is applied to a terminal device provided with a trusted execution environment and includes: acquiring, from a blockchain, data to be verified of a target service, the data to be verified including circulation data generated during execution of the target service and recorded in the blockchain; determining, based on the target service, a relevant third-party authority for verifying authenticity of the data to be verified, and acquiring benchmark circulation data generated during the execution of the target service and recorded in the third-party authority; transferring the data to be verified and the benchmark circulation data to the trusted execution environment through a first trusted application on the terminal device; and determining whether the data to be verified meets a verification rule, and outputting a verification result of the data to be verified.

Abstract: An event can be associated with a monitored computing device and a command-line record. An event vector can be determined for each of a plurality of events based at least in part on at least a portion of the respective command-line record and on a trained representation mapping. A respective reduced event vector can be determined having fewer elements. The reduced event vectors can be clustered to determine cluster identifiers. A first event can be determined to be associated with a security violation based on a corresponding cluster identifier matching a cluster identifier of a second event that is associated with a security violation. In some examples, a cluster can include a relatively larger first group of events and a relatively smaller second group of events. That cluster can be determined to satisfy a criterion based on the numbers of events in at least one of the groups.

Abstract: Disclosed herein are systems and method for malicious behavior detection in processing chains comprising identifying a chain of related processes executing on a computing device; for each respective process in the chain of related processes: monitoring events generated by the respective process; storing snapshots of data modified by any of the events; determining a level of suspicion for the respective process by applying an artificial intelligence (AI) model to the snapshots of data; determining whether the chain of related processes is trusted based on the determined levels of suspicion; and in response to determining that the chain of related processes is not trusted, restoring objects affected by the chain from the snapshots.

Abstract: A system is provided for configurably signing a secure data image that includes software code that interprets cryptographic atomic code. In the system, a code signing engine includes an interpreter that interprets atomic code signing operations presented in a recipe defined by a system administrator according to configuration parameter values supplied with the input image.

Abstract: An electronic device includes clock generation circuitry, a combinational logic circuit, one or more functional state-sampling components, and protection logic. The clock generation circuitry is configured to generate a clock signal having a periodic clock cycle. The combinational logic circuit includes multiple internal nets and one or more outputs. The functional state-sampling components are configured to sample the respective outputs of the combinational logic circuit periodically in accordance with the clock signal. The protection logic is configured to receive one or more signals from the internal nets or outputs of the combinational logic circuit, to detect, in one or more of the received signals, a signal instability that occurs during a predefined portion of the periodic clock cycle in which, in accordance with a design of the combinational logic circuit, the signals are expected to be stable, and to initiate a responsive action in response to the detected signal instability.

Abstract: Examples in this application disclose data verification methods, media, and systems. One example method includes receiving, from a blockchain network by a trusted execution environment (TEE) in a blockchain node, a trigger instruction based on a timed starting logic identifying a starting time to execute a smart contract, where the timed starting logic is comprised in a chain code which comprises information of a blockchain account and is executable by the blockchain node to determine the information of the blockchain account, retrieving first encrypted data from a first institution, decrypting the first encrypted data, receiving a data sharing request comprising a user identity corresponding to user basic data from a second institution, retrieving the user basic data based on the user identity, performing verification processing of the user basic data based on the trigger instruction to obtain a verification result, and sending the verification result to the second institution.

Abstract: A method for mining a block in a decentralized blockchain consensus network (DBCN) includes sending, by a mining computing entity (MCE), a signing request for mining a new block of a blockchain to a trusted execution environment computing entity (TEE-CE), the signing request including block information, the block information including block height information, and comparing, by the TEE-CE, the block height information of the signing request with block height information from a last signing request and providing a matching, when the difference between the block height information of the signing request and the block height information from the last signing request satisfies a defined value. The method further comprises, upon providing the matching, signing, by the TEE-CE, the new block based on the block information, and providing, by the MCE, the new signed block to the DBCN.

Abstract: Disclosed is a method of authorizing a user for accessing a server and/or for receiving of an on-line service and the steps of: capturing biometric data of the user using the sensor on a ME; forming from the biometric data a biometric template on the IDS and storing the biometric template on the MED; and via the IDS allowing access to a server by the user providing to the IDS, via the MED, matching biometric data and a biometric template. On the MED, a local check can be made for a match between biometric data of the user that are captured using the sensor on the MED and biometric data read out of the memory.

Abstract: Techniques for transparently adding one or more security controls to a challenge-response-based protocol are provided. In one technique, a client device sends a request for a resource to a resource server. The client device receives a challenge as part of a challenge-response handshake and forwards, to a proxy server, the challenge as part of a cryptographic request that includes a key identifier and certain data. In response, the proxy server initiates one or more security controls and sends the key identifier and the certain data to a cryptographic device that generates output based on the certain data. The proxy server receives the output from the cryptographic device. The proxy server determines whether at least one of the security controls resulted in a success. The proxy server sends the output to the client device only in response to determining that at least one of the security controls resulted in a success.

Abstract: A method, system, and computer-usable medium are disclosed for performing packet processing of network traffic on a master security device of a plurality of security devices, such packet processing including connection tracking for the network traffic, and offloading packet inspection of the network traffic to one or more slave security devices of the plurality of security devices.

Abstract: A hosted secrets management transport system and method for managing secrets at one or more offsite locations that facilitates secret flow, secret retrieval, and secret replication. The method includes defining boundaries for two or more sovereignties, each sovereignty having an independent master record and each sovereignty including two or more regions; defining a primary region within the two or more regions; accessing, within the primary region, a master record hardware security module that is a primary source of secrets; defining a second region; accessing, within the second region, a backup record hardware security module that is where data backups of the secrets from the master record hardware security module are created; and executing live replication from the master record hardware security module to the backup record hardware security module in which the live replication that supports multi-tenancy secret management of multiple distinct companies at the same time.

Abstract: Arrangements of the present disclosure relate to a method for securing data located in a blockchain having a plurality of blocks. The method includes creating a pointer within a block of the plurality of blocks, the pointer pointing to a security vault located external to the blockchain. The method further includes copying the block, storing the copied block in the security vault using the pointer, and securing the security vault.

Abstract: The disclosure disclosures a blockchain-based verifiable inter-domain routing validation method, which includes: constructing a blockchain-based verifiable inter-domain routing system consisting of a verifiable inter-domain routing and a routing behavior validation subsystem; constructing, by a sender router R1, a routing behavior validation terminal of an autonomous domain to which the R1 belongs, and the routing validation blockchain system, a routing evidence and a routing evidence validation proposal, validating and endorsing the proposal, determining whether the proposal satisfies an endorsement policy, generating a routing evidence transaction, conducting consensus ordering on the transaction and updating a routing validation blockchain; and constructing, by a receiver router T, a routing behavior validation terminal of an autonomous domain to which the T belongs, and the routing validation blockchain system, a routing request validation message and retrieving whether a routing evidence corresponding to

Abstract: A system may receive a credential token and an access command. The access command may identify access logic to modify a datablock stored in a blockchain. The credential token may be mapped to a role token included in a role-based access control model. The system may determine a role-based access control framework authorizes the access command by identifying an authorization token in the role-based access control model, and the system may determine the role token is mapped to the identified authorization token in the role-based access control model. The system may determine the datablock includes the identified authorization token. The system may validate the identified authorization token. The system may authorize execution of the access logic to modify the datablock in response to the access command being authorized by the role-based access control framework, and validation of the identified authorization token included in the datablock.