Abstract: Logic on a first remote device receives a first transaction number and personal data transmitted from a second remote device. The first transaction number was received from a distributed public database in response to a transmission, from the second remote device, of a signed hash value and a first public key associated with a first private key on the second remote device. The signed hash value was created by signing a hash value with the first private key and the hash value was generated by hashing the personal data with a hashing algorithm on the second remote device. The logic uses the first transaction number to retrieve the signed hash value and the first public key from the distributed public database. The logic hashes the personal data using the hashing algorithm to create a generated hash value and verifies the signed hash value against the generated hash value.

Abstract: Various embodiments include a resource control system. The resource control system can receive consumption demand requests to access one or more electronic resources. The resource control system can assign license entitlements, each with varying quantity, to consumption demand requests to enable access to the electronic resources. An ambiguity resolution engine can make license entitlement assignments to consumption demand requests when a set of license entitlements can cover a target electronic resource specified by the consumption demand requests. The ambiguity resolution engine can rank license entitlements based on ratios of their resource costs and the consumption demand requests based on their electronic resource usage efficiency. The ambiguity resolution engine can assign the license entitlements by comparing the rankings of the license entitlements and the rankings of the consumption demand requests.

Abstract: In accordance with an example aspect of the present invention, there is provided an apparatus comprising at least one receiver configured to receive, via a first channel, a secret value and an identifier of a local node and, via a second channel, a random value, and at least one processing core configured to cause transmission to the local node of a first message comprising a hash value, the hash value being derived based on a set comprising the secret value, the random value, and an instruction.

Abstract: A method for unlocking a screen by using a fingerprint includes: sending, by a fingerprint sensor, a first notification to a control chip and concurrently sending a second notification to a display driver chip of a screen when detecting that a finger presses or touches a fingerprint recognition area; completing, by the display driver chip according to the second notification, preparation work before the screen is turned on; verifying, by the control chip according to the first notification, fingerprint information collected by the fingerprint sensor and pre-stored fingerprint information; and if the verification succeeds, unlocking the screen and turning on the screen.

Abstract: A system and method for facilitating controlled access by a client device to one or more services provided by a server are disclosed. The client device's access to the services provided by the server may be dynamically controlled by a controller, which may generate instructions to an agent to effectuate the access control. The agent may be configured to control one or more access components associated with the server. The instructions generated by the controller may instruct the agent to cause the access control components to grant or remove the client device's access to the services provided by the server. In some implementations, the controller may generate such instructions based on a status of a session established between the controller and the client device.

Abstract: Systems and methods for twin factor authentication, which may be applied to a controller, such as a baseboard management controller (BMC). The controller provides a service. When a first user attempts to access the service, the controller receives an access message for a first user to access the service, and searches for information of the first user and a second user corresponding to the first user based on the access message. Then the controller sends two security clearance requests based on the information of the first user and the second user, including a first security clearance request for security clearance from the first user, and a second security clearance request for security clearance from the second user. The twin factor authentication for the first user would be successful only when the controller receives security clearance from both the first user and the second user.

Abstract: A computer-implemented method includes crawling, by a web crawler, one or more webpages to gather information, resulting in gathered information. The computer-implemented method includes obtaining, by a honeypot logger, activity log data of one or more hackers that access a portion of honeypot content deployed by a honeypot. The computer-implemented method includes dynamically configuring, by a machine capable of learning, the honeypot using the activity log data and the gathered information.

Abstract: An apparatus is provided. The apparatus includes processing circuitry including a processor and a memory that contains instructions that, when executed by the processor, configure the processor to receive an activation request including identification data from a device, determine whether functionality of the device is authorized for activation based on the identification data, and in response to determining the device is not authorized for activation, cause transmission of a message configured to cause functionality of the device to remain deactivated while keeping communication capability of the device activated.

Abstract: Aspects of the present disclosure are directed to authenticating a user requesting access to a computing resource. To authenticate the user, activity data describing various activities are collected and stored. The activities may be categorized, for example, as work-related activities, personal-related activities, and social-related activities. The activity data may be utilized to generate challenge questions to present to the user. If the user answers enough of the challenge questions correctly, then the user may be successfully authenticated and granted access to one or more computing resources.

Abstract: Disclosed are systems and methods for limiting access of a user profile to dangerous content in a social network service. The described system produces a social graph for a given user profile in the social network service, and identifies clusters of objects (e.g., other user profiles, contents) within the social graph. The described system analyzes whether certain objects in the social graph should be characterized as suspicious based on their clustering and on a database of known forbidden objects. The described system may further learn and add unknown objects to the database of forbidden objects.

Abstract: A computerized method for detecting malware associated with an object. The method includes operations of analyzing an object to obtain a first set of attributes, where the first set of attributes include one or more characteristics associated with the object. Furthermore, the object is processed with a virtual machine to obtain a second set of attributes. The second set of attributes corresponds to one or more monitored behaviors of the virtual machine during processing of the object. Thereafter, a threat index is determined based, at least in part, on a combination of at least one attribute of the first set of attributes and at least one attribute of the second set of attributes. The threat index represents a probability of maliciousness associated with the object.

Abstract: Exemplary embodiments are disclosed of systems and methods for providing location-based security and/or privacy for restricting user access. In an exemplary embodiment, a system is configured to restrict and condition access to the system and/or data based on a user's selection of location-based data from a plurality of options presented by the system for selection by the user. The plurality of options include the location-based data and one or more other options that are selectable by the user.

Abstract: Devices and methods for detecting a compromised social media account are disclosed. A method includes: receiving, by a computing device, social media content corresponding to a plurality of social media accounts; determining, by the computing device, a plurality of affinity groups, each including two or more social media accounts from the plurality of social media accounts, based upon the received social media content; determining, by the computing device, whether or not a particular social media account of the plurality of social media accounts is compromised using the received social media content and the determined plurality of affinity groups; and in response to determining that the particular social media account is compromised, the computing device providing a notification indicating that the particular social media account is compromised.

Abstract: The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, and sends a key change indication to the UE, either directly or through some other network node. The UE can then derive the new NAS key from the old NAS key. In some embodiments, the AMF may provide a key generation parameter to the UE to use in deriving the new NAS key. In other embodiments, the target AMF may change one or more security algorithms.

Abstract: A computer-implemented service uses information associated with a client device to generate a first shared secret. The service receives, from the client, a claim of access to a second shared secret and determines whether the first shared secret and the second shared secret match. If the shared secrets match, the service uses the first shared secret to encrypt a one-time password. The service provides the encrypted one-time password to the client device. The client device transmits a claim of access to the one-time password, which the service uses to determine whether the claim of access to the one-time password indicates access to the one-time password. If the claim of access to the one-time password indicates that the client device has access to the one-time password, the service allows the client device to access the service.

Abstract: A method, receiver, and server enable content protection over broadcast channels. A method for receiving a media license includes receiving broadcast media data including at least a portion that is protected and requesting a message from a content decryption module (CDM) of the receiver. The method includes receiving a license signaling message including encrypted license data and identifying one or more hash codes in the license signaling message. Additionally, the method includes identifying the encrypted license data for the receiver based on a mapping between the one or more hash codes and a hash of the message from the CDM. A server for providing a media license sends, to a receiver or a group of receivers, a license signaling message including encrypted license data and a license message hash indicating a hash code used to identify the receiver or the group of receivers for the encrypted license data.

Abstract: A method and a user device (110) for authentication of the user device (110) as well as a method and an authenticator device (120) for authentication of the user device (110) are disclosed. The user device (110) generates (A030) a one-time password. The user device (110) sends (A040), to an authenticator device (120), the one-time password as an acoustic signal, wherein the acoustic signal comprises a frequency within an ultrasound range or an infrasound range. The authenticator device (120) receives (A050), from the user device (110), the one-time password. The authenticator device (120) validates (A060) the one-time password.

Abstract: A system is disclosed that includes a processor including watermark logic to output a first watermark to an output device that outputs a first watermark signal, based on the first watermark, to an acoustic transmission medium. The processor also includes recording logic to capture, at a first time period, an authentication submission comprising the first watermark signal convolved, via the acoustic transmission medium, with a first passphrase signal. The system also includes a dynamic random access memory (DRAM). Other embodiments are disclosed and claimed.

Abstract: The disclosure provides systems and methods for maintaining integrity of documents and activities associated with examinations. The systems and methods store such activities and documents in a distributed blockchain such that integrity is maintained through transparency and redundancy of the records and activities. The systems monitor for any anomalies and notify appropriate individuals when an anomaly is detected, as well as maintaining a log of such anomalies.

Abstract: Systems and methods for account security are provided. In one example embodiment, a first login request including a username and a password is analyzed to identify a first internet protocol (IP) address and a first request time associated with the first login request. A login history comprising login request data for the server computer is analyzed to identify a plurality of usernames, wherein each username of the plurality of usernames is associated with a corresponding login request from the first IP address within a threshold time period of the first request time. In response to determining a login success ratio is below a threshold login success ratio and a number of unique usernames in the analyzed data is above the unique username threshold, the system automatically performs a security action.