Abstract: The application provides an example user interface switching method and an example terminal. The method includes, after the terminal triggers a trusted user interface (TUI) display request of a client application (CA) according to a first operation on a CA interface by a user, the terminal switches a display environment of the CA from a rich execution environment (REE) to a trusted execution environment (TEE) according to the TUI display request, and then displays a trusted application (TA) interface that is of the CA and that is in the TEE. The method also includes performing, by the user, an operation of inputting sensitive information on the TA interface.

Abstract: Techniques for encrypting content in a content distribution network are disclosed. The content distribution network may comprise a number of national and local sites, and a number of hubs at each local sites. A content segment encrypting device may be operative at a local site to encrypt and cache segments of content. The segment encrypting device may provide the segments to streaming devices that encode content for delivery downstream to network or user devices.

Abstract: Apparatuses, methods, systems, and program products are disclosed for data aggregation using a limited-use code. An apparatus includes a message module configured to intercept a message comprising a limited-use code. A message may be sent from a third-party server and intended for a user of a hardware device. A limited-use code may be used to verify an identity of a user for access to a third-party server. An apparatus includes a parse module configured to parse a message to determine a limited-use code. An apparatus includes a submission module configured to provide a limited-use code to a third-party server without user input. An apparatus includes an authorization module configured to prompt a user for authorization prior to intercepting a message, parsing the message for a limited-use code, and providing the limited-use code to a third-party server without user input.

Abstract: Various aspects of the subject technology relate to systems, methods, and machine-readable media for connecting to an independent software vendor (ISV). The method includes receiving, at an integrated platform, a request to initiate a data connection with the ISV. The request may include a web address of the ISV. The method also includes associating, through the integrated platform, the data connection with a unique identifier. The method also includes issuing an authorization code based on authentication of an authorization request for the data connection. The method also includes exchanging, with a connector service, the authorization code for tokens utilized for establishing the data connection with the ISV. The method also includes receiving access to the ISV through the integrated platform.

Abstract: Techniques and mechanisms described herein facilitate the management of digital rights for media content item presentation. According to various embodiments, a request for a content decryption key may be received at a media application implemented at a computing device. The request may be transmitted by a media content player implemented at the computing device. The request may be transmitted in accordance with a designated key exchange protocol. A license for an encrypted media content item corresponding with the requested content decryption key may be identified at the media application. Based on information included in the license, encrypted key material may be decrypted to create the requested content decryption key via a processor at the computing device. The requested content decryption key may be provided to the media content player.

Abstract: Various embodiments are generally directed to provide a semi-local authentication scheme. A server can transmit one or more encryption mechanisms to a user device, which in turn can transmit the encrypted mechanisms to one or more secondary devices associated with the user device, where the user device and the secondary devices share a local connection. The secondary devices can transmit the one or more encrypted mechanism utilizing one or more one or more decryption mechanisms supplied by the server, and then transmit the result of the decryption, e.g. decrypted codes, back to the user device, which in turn can then transmit a final decrypted code or codes to the server. Upon confirming receipt of the decryption from the user device, the server can authorize access (via the user device) to one or more devices, networks, applications, and/or components.

Abstract: A communication apparatus includes a first notification unit, a second notification unit, a reception unit, and a sharing unit. The first notification unit provides first information containing information unique to the communication apparatus and information on a predetermined channel for use in sharing a communication parameter for wireless communication with a different communication apparatus. The second notification unit provides second information containing the information unique to the communication apparatus but not containing information on the predetermined channel. When the first information is provided, the reception unit waits to receive a predetermined signal containing information corresponding to the information unique to the communication apparatus without shifting to another channel. When the second information is provided, the reception unit waits to receive the predetermined signal using a plurality of channels.

Abstract: This disclosure describes techniques for implementing a Single-sign-On Domain-Agnostic Proof-of-Possession (SODA-POP) token (or access token) to solve generation of multiple POPs for authentication of multiple domains that may belong to a single mobile network operator (MNO). The access token may be implemented by a JSON Web Token (JWT) that includes a map of key-value pairs as confirmation claims. The key-value pairs may include multiple domains/sub-domains and their corresponding public keys. These key-value pairs may be registered and added in the confirmation claims to automatically authenticate each one of the domains to access a corresponding service provider. To register a new domain, the new domain redirects a request back to an already registered domain, which updates the access token and then redirects the request back to the new domain. After registration, the updated access token may be used to access services at all registered domains without further reauthentication.

Abstract: Systems and methods for inter-service authentication are disclosed. In one embodiment, a system may include a plurality of services and a cloud platform. The first service may generate a token comprising a first service identifier for communicating with a second service, and may request, from the cloud platform, a private key for the first service. The cloud platform may provide the private key to the first service. The first service may sign the token with the private key and may communicate a request to the second service with the signed token. The second service may retrieve the first service identifier and may request, from the cloud platform, a public key for the first service identifier. The cloud platform may provide the public key to the second service. The second service may validate the token using the public key, and may grant the request in response to the validation.

Abstract: A method including encrypting, by a user device, a file based at least in part on utilizing a file symmetric key and a first encryption algorithm to determine a first-encrypted file; storing, by the user device, the first-encrypted file in a local memory; encrypting, by the user device, the file based at least in part on utilizing a synchronization key and a second encryption algorithm to determine a second-encrypted file, the second encryption algorithm being different from the first encryption algorithm; encrypting, by the user device, metadata associated with the file based at least in part on utilizing a metadata key to determine encrypted metadata; and transmitting, by the user device to a storage device, the second-encrypted file in association with the encrypted metadata is disclosed. Various other aspects are contemplated.

Abstract: A first message is received from a first communication device. The first message comprises an authentication token. For example, the authentication token may be a username/password. A determination is made if the first message also comprises a valid temporary password. The temporary password is used to prevent a Denial-of-Service (DOS) attack. In response to the first message comprising the valid temporary password, a determination is made if the authentication token is valid. In response to the authentication token being valid, the first message is responded to in a normal manner. If the first message does not contain the temporary password, the first message is handled based on a DOS message handling process.

Abstract: A method performed by a CMS and an edge node of a CDN is provided, including: sharing a server secret between the CMS and the edge node; using, by the CMS, the server secret to generate a signing key, the signing key being transmitted to a client system, wherein the client system receives a request for a content item from a user device, and wherein the client system uses the signing key to generate a signed URL for the content item, the user device being redirected to the signed URL; responsive to receiving the signed URL from the user device, then validating the signed URL by the edge node, wherein validating the signed URL uses the server secret to rederive the signing key based on the signed URL; responsive to successful validation of the signed URL, then providing the content item from the edge node to the user device.

Abstract: Systems and methods for securely accessing a legacy system are disclosed herein. In an embodiment, a method for securely accessing a legacy system via an enterprise system includes requesting issuance of a security token by an STS server of a security token service, causing, by an enterprise server of an enterprise system, association of a first user account with the security token upon reception of the security token, communicating the security token to an access server of a legacy access provider for authentication of the security token, enabling creation of a second user account after the legacy access provider authenticates the security token, accessing a legacy server of a legacy system via the first user account and the second user account, and causing at least the second user account to be deleted after a single use of the legacy system.

Abstract: A determination method includes determining an attack type of an attack code included in an attack request on a server, carrying out emulation of an attack by the attack code on the server in accordance with the determined attack type, extracting a feature related to a backdoor operation appearing in an attack code on the server in a case of succeeding in an attack on the server as a result of the emulation, and determining that an attack by the attack code has succeeded in a case where a communication log of the server has the extracted feature, by a processor.

Abstract: An example method comprises receiving, by a secure content system, an email from a sender to a recipient, scanning the contents of the email, evaluating the contents of the email based on a plurality of security rules, storing the sensitive data within a secure storage, generating a replacement email including a security link and not including at least the sensitive data, the security link providing a requester access to the sensitive data providing that a security function is satisfied, sending the replacement email including the security link to the recipient, receiving a request to access the sensitive data, the request being related to the security function challenging the requester using the security function, receiving, from the requester, a response to the security function, determining if the security function is satisfied by the response, and if the security function is satisfied, providing access to the sensitive data to the requester.

Abstract: A method and system for verifying that a user is the owner of a digital listing that is associated with a WiFi Access Point. The user claims ownership of the WiFi Access Point that is associated with a digital listing of an entity/item/place/business so that he online service provider can verify and register the user as owner of the WiFi Access Point. Once verified, the user owns the WiFi Access Point and its related digital listing and configures the listing. The system includes an item information system receiving the WiFi Access Point data and associated item data, and storing the WiFi Access Point data and the item data, an owner registration and transfer system receiving owner registration data and ownership change requests and storing the ownership history, and an authentication system receiving authentication requests and generating a response based upon the information stored in the system or a connected system.

Abstract: Techniques are provided for anomaly-based ransomware detection of encrypted files. One exemplary method comprises obtaining metadata for an encrypted file; applying an anomaly detection technique to the metadata to compare at least one attribute in the metadata to one or more corresponding historical baseline values for the at least one attribute; and determining whether the encrypted file comprises a ransomware encryption based on the comparison. In some embodiments, one or more of file extension attributes, file size attributes and file name attributes in the metadata are compared to the one or more corresponding historical baseline values to identify a ransomware attack.

Abstract: Presented herein are systems and methods for end-to-end encryption for session-less communications. A first server may receive, from a second server, a request to retrieve keys for a customer device to access a service. The request may include a device identifier and a first token encrypted using a first encryption key. The first server may determine, responsive to validating, that the customer device is to be issued a second token. The first server may identify least a portion of the first token decrypted using the first encryption key. The first server may generate a set of second encryption keys to be used by the customer device. The first server may package the second token to include (i) at least the portion of the first token and (ii) the set of second encryption keys. The first server may transmit, to the second server, a response including the second token.

Abstract: A computer-implemented method of transmitting messages within a mesh network comprises: receiving at a first node included within the mesh network a network message that is to be broadcast within the mesh network; determining a security key type based on at least one of a resource parameter associated with at least one neighbor node included in the mesh network or an attribute of the network message; securing the network message with a security key of the security key type to generate n secured network message; and broadcasting the secured network message to one or more other nodes included in the mesh network that are directly connected to the first node.

Abstract: A request for password generation is received from a host system. In response to receiving the request, a password derivation key is generated based on a key derivation seed. A password is derived from the password derivation key, and a wrapping key is derived from the password. The wrapping key is used to wrap an authorization state indication, which is stored in local memory. Encrypted data is generated based on an encryption of the key derivation seed using an asymmetric encryption key. The encrypted data is provided in response to the request.