Abstract: A method for automatically converting electronic data is disclosed.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for blockchain-based cross-entity authentication are provided. One of the methods includes: obtaining, from a blockchain, a blockchain transaction comprising an authentication request by a first entity for authenticating a user, wherein the authentication request comprises a decentralized identifier (DID) of the user; in response to determining that the first entity is permitted to access authentication information of the user endorsed by a second entity, obtaining an authentication result of the user by the second entity in response to the obtained blockchain transaction, wherein the authentication result is associated with the DID; generating a different blockchain transaction comprising the authentication result; and transmitting the different blockchain transaction to a blockchain node for adding to the blockchain.

Abstract: An apparatus is provided including at least one platform; an intrusion prevention system configured to communicative couple with the at least one platform; a firewall configured to communicative couple with the at least one platform; at least one first data storage configured to communicative couple with the at least one platform; and at least one second data storage configured to communicative couple with the at least one platform. The at least one platform is configured to perform a plurality of operations that collective protect one or more networked devices.

Abstract: Provided are an application decryption method, a terminal and a non-transitory computer-readable storage medium and relates to a technical field of terminals. In the method, a touch operation is acquired through a display screen of a terminal; fingerprint information of the touch operation is acquired through a fingerprint sensor located at a position corresponding to the touch operation, the fingerprint sensor being arranged below the display screen of the terminal; a target application that is encrypted is decrypted in a case where the fingerprint information of the touch operation is matched with encryption fingerprint information of the target application.

Abstract: Methods and systems allow a user to log in to a device so that a number of apps become accessible on the device without the user repeatedly logging in to each different app as the user launches multiple apps. A mechanism of providing a master token with a quality score and providing sub-tokens for each app that can use the sub-token and the score quality to evaluate the level of security provided by the initial login allows each app to skip its own login process and provides a level of enhanced efficiency and convenience for the user. A method includes authenticating a user; creating a master token on the user device; creating a sub-token of the master token for an app launched on the device; the app skipping the login process of the app in response to the sub-token so that the app proceeds directly to validating a transaction.

Abstract: A method and system is provided that simplifies the key management by allowing personalization data protected for one chip model to be used to provision device with another chip model with different global hardware root keys. The solution minimizes the changes needed to be performed on the device during provisioning and remains secure.

Abstract: A method and a related system for a protection against unauthorized file encryption in a file system may be provided. The method may comprise providing an anti-ransomware file access unit, determining, by the anti-ransomware file access unit, an entropy value for a portion of a file to be written to the file system, and upon determining that the entropy value is equal or above a threshold value, performing a copy-on-write process to the file to be written, whereby the file is written to a copy-on-write storage area.

Abstract: A hosted application gateway server node may be communicatively coupled to backend systems, client devices, and database shards associated with database servers. Through the gateway server node, various services may be provided to managed containers running on client devices such that enterprise applications can be centrally managed. A sharding manager may manage relationships of database items across database shards. Each shard stores a copy of a table representing a split of a relationship. A shard ID mask is included in each item's ID. At query time, the shard ID can be extracted and used to query the correct database. This query routing mechanism allows navigation from one shard to another when multiple items are in a relationship (e.g., share the same resource such as a document). As such, embodiments can eliminate the need for APIs to join in data that span multiple shards.

Abstract: A data processing apparatus comprises branch prediction circuitry adapted to store at least one branch prediction state entry in relation to a stream of instructions, input circuitry to receive at least one input to generate a new branch prediction state entry, wherein the at least one input comprises a plurality of bits; and coding circuitry adapted to perform an encoding operation to encode at least some of the plurality of bits based on a value associated with a current execution environment in which the stream of instructions is being executed. This guards against potential attacks which exploit the ability for branch prediction entries trained by one execution environment to be used by another execution environment as a basis for branch predictions.

Abstract: A system, apparatus and method are presented for facilitating remote wager communications using a mobile communications device while the device is within range of one or more beacons within a venue. In various embodiments, one or more beacons broadcast a periodically changing wireless passcode that is received by a mobile communications device and transmitted to a gaming authentication server. The gaming authentication server determines a shared secret code and compares it to the wireless passcode or a portion thereof in order to determine if the mobile communications device can be authenticated for remote gaming within the venue.

Abstract: Methods and systems provide for detecting exploitation of kernel vulnerabilities which typically corrupt memory. The methods and systems are implemented, for example, via a host, which includes a hypervisor, which controls the operating system (OS) user space and the OS kernel space.

Abstract: A method in an internet server for implementing internet service, the method including exclusively binding a first socket handle object of a first process with a first port. The method also includes generating a first child process from the first process and creating a first duplicate socket handle of the first socket handle object in a first file, the first file being associated with an id of the first child process. The method further includes forming, using the first child process, a first child socket handle object from the first duplicate socket handle in the first file, thereby causing the first child socket handle object to be associated with the first port.

Abstract: The present disclosure is directed to a system, method, and computer program for detecting and assessing security risks in an enterprise's computer network. A behavior model is built for a user in the network based on the user's interactions with the network, wherein a behavior model for a user indicates client device(s), server(s), and resources used by the user. The user's behavior during a period of time is compared to the user's behavior model. A risk assessment is calculated for the period of time based at least in part on the comparison between the user's behavior and the user's behavior model, wherein any one of certain anomalies between the user's behavior and the user's behavior model increase the risk assessment.

Abstract: A disclosed method for applying firewall rules on packets in kernel space on network devices may include (1) intercepting, via a socket-intercept layer in kernel space on a routing engine of a network device, a packet that is destined for a remote device and then, in response to intercepting the packet in kernel space on the routing engine, (2) identifying an egress interface index that specifies an egress interface that (A) is external to kernel space and (B) is capable of forwarding the packet from the network device to the remote device, and (3) applying, on the packet in kernel space, at least one firewall rule based at least in part on the egress interface index before the packet egresses from the routing engine. Various other apparatuses, systems, and methods are also disclosed.

Abstract: Techniques for processing user logins are described. One example method includes receiving a first user input to zoom out a first application, wherein the first application is displayed on a first area of a screen of a device; zooming out the first application to be displayed on a second area of the screen; and displaying an icon of a second application on a third area of the screen, wherein a user has logged into the second application on the device; receiving a second user input to drag the displayed icon of the second application from the third area to the second area; transmitting login authorization information of the second application to the first application; and submitting, by the first application, the login authorization information to a server of the second application through a server of the first application; and authorizing logging into the first application on the device.

Abstract: A node, of a network of nodes with access to a distributed ledger, receives a request to verify the user has consented to a current version of terms (i.e., current terms) associated with a program. The node obtains, using the distributed ledger, historical consent data indicating a version of the terms to which the user has previously provided consent. The node performs a first verification procedure to determine the user has not consented to the current terms, provides an indication to a user device that the user has not consented to the current terms, and receives, from the user device, a message indicating an acceptance of the current terms. The node performs additional verification procedures to determine that the user is who consented to the current terms and updates the distributed ledger to include a record indicating that the user consented to the current terms.

Abstract: This specification describes techniques for processing service requests. One example method includes receiving an electronic credential request from a client, retrieving an electronic credential that corresponds to the user identifier, generating server signature information, and transmitting the server signature information and the electronic credential to the client. The server signature information includes the electronic credential and a user public key of the client. The electronic credential and the user public are signed using a server private key. The server signature information is configured to be cryptographically verified by the client and configured to enable the client to generate a two-dimensional barcode based on the electronic credential. The electronic credential included in the two-dimensional barcode is configured to be verified by a credential verification device. The credential verification end device is configured to generate the electronic credential based on the user identifier.

Abstract: In a distributed network hosting a shared pool of configurable computing resources there is provided one or more system instances of a blockchain. Each system instance comprises a virtual machine and a set of containers. The containers are members of the blockchain in that the blockchain's public ledger records encrypted copies of at least selected directories of each container. Each container that is in the set can thus verify whether any other container also belongs to the same set with reference to the public ledger, since the transactions recorded on the public ledger are encrypted copies of the set's containers. The use of a blockchain thus allows a system boundary to be defined around a set of containers by the initial specification of the blockchain. The system boundary can be defined to ensure that the set of containers comply with legal requirements, such as a geographic restriction.

Abstract: A communication system includes a communication device configured to execute a process related to a cyber security solution in accordance with policy information defining execution details of the process related to the cyber security solution. The communication system includes a change unit configured to change the policy information, wherein the change unit changes the policy information after a state of the communication device in a process of manufacturing the communication system transitions from a first state where the communication device is mounted to the communication system to a second state where a predetermined process is executed thereafter so that the execution details of the process related to the cyber security solution in the second state are expanded more than the execution details in the first state.

Abstract: A certificated quantum cryptography method is provided. The method is performed by a quantum cryptography server connected to a first communication device and a second communication device which perform quantum key distribution. The method includes step of receiving a first quantum public key generated by the first communication device and a second quantum public key generated by the second communication device and registering measurement outcomes of the first and second quantum public keys. When first basis information and second basis information acquired by performing quantum key distribution between the first and second communication devices are signed and exchanged, the method includes the step of receiving a third quantum public key and a fourth quantum public key.