Abstract: A system notification service control method, apparatus, a terminal device, and a storage medium are described. The system notification service control method may include detecting whether an application initiates a registration for a system notification reading permission; in response to detecting that the application initiates the registration for the system notification reading permission, determining whether the application meets a registration condition; and prohibiting the application from registering for the system notification reading permission when the application does not meet the registration condition.

Abstract: An always-listening-capable first computing device decoupled from a second computing device, comprising an electronic sensor and gate-keeping module. All data received by the communications module based on data from the electronic sensor passes through the gatekeeping module while a gatekeeping function is disabled, no data based on data from the electronic sensor passes through the communications module while the gatekeeping function is enabled, all data input to the gatekeeping module is received via an exclusive input lead from the electronic sensor, and all data output from the gatekeeping module is transmitted via an exclusive output lead to a component other than the electronic sensor. The first computing device retrieves responses to user input from a server different from a server that the second computing device would have retrieved data from but for prevented communication between the second computing device and the second server.

Abstract: In illustrative implementations, shape is used to encode computer passwords or other information. The passwords may be easy for a human to remember—and yet have an extremely high number of permutations (e.g., in some cases, greater than 1030 permutations, or greater than 10261 permutations, or greater than 106264 permutations). This combination of a password being easy for a human to remember—yet having a large number of permutations—offers many practical benefits. Among other things, the huge number of permutations makes the password extremely resistant to guessing attacks. In addition, in some cases, the passwords that are created with the shapes are highly resistant to attacks by keystroke logging, mouse logging, touch-gesture logging, screen logging, shoulder surfing, phishing, and social engineering. Alternatively, the shapes may be used to encode other information, such as information that uniquely identifies a product or a machine part.

Abstract: An always-listening-capable computing device is disclosed, comprising a camera for recording video of human actions, a module for communication with a remote server, and a gate-keeping module that, when enabled prevents the communication module from transmitting data external to the device. The device determines, based on the content of the video, a user desire or situation requiring human attention and transmits messages as appropriate for satisfying that desire or addressing that situation. Additional methods for handling user input directed to a recipient other than the device and for ensuring data security via controlling the device's network access are also disclosed.

Abstract: An always-listening-capable decoupled accessory for a computing device is disclosed. The accessory comprises an electronic sensor, configured to record user input comprising an utterance or gesture, and a gatekeeping module implemented by a processor, wherein all data received by the communications module based on data from the first electronic sensor passes through the gatekeeping module while a gatekeeping function is disabled, wherein no data based on data from the first electronic sensor passes through the communications module while the gatekeeping function is enabled, wherein all data input to the gatekeeping module is received via an exclusive input lead from the first electronic sensor, and wherein all data output from the gatekeeping module is transmitted via an exclusive output lead to a component other than the first electronic sensor. The processor determines that user input comprises a first input content and in response automatically transmits a message to the computing device.

Abstract: A method exchanges messages with different security classes between security-relevant devices. Key pairs containing a private key and a public key corresponding to the private key are assigned to each security class, wherein the keys and key pairs of each security class differ from each other. Each security-relevant device has all the public keys for decrypting messages for each security class and the relevant private keys for encrypting messages corresponding to a security class that is lower than or equal to the security class of the security-relevant device. Upon receipt, the security class for the message is identified by decryption by use of the public key.

Abstract: According to a first aspect of the present invention, therein is provided a method of determining or generating a unique identifier for a device, the device exhibiting quantum mechanical confinement, the method comprising: measuring a unique quantum mechanical effect of the device that results from the quantum mechanical confinement; and using the measurement to determine or generate the unique identifier.

Abstract: A document management system includes a memory for storing machine-readable code and a processor configured to execute the machine-readable code. The processor stores a first document, a first hash of the first document, and a first key in the memory. The first document is encrypted with the first key. The processor further receives a request for the first key. The request includes a second hash of a second document where the second document is purported to be a copy of the first document. The processor further compares the first hash to the second hash and sends the first key in response to the request when the first hash matches the second hash.

Abstract: A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

Abstract: Disclosed herein are system, method, and computer program product embodiments for secure data aggregation in databases. An embodiment operates by identifying a value column and a group column of a plurality of columns of a dataset. Two distinct group values of the group column are identified. A first group value is replaced with a first substitute value, and a second group value is replaced with a second substitute value. A value of the value column of each of the plurality of records and the substitute values are encrypted. The plurality of encrypted records are uploaded to a server.

Abstract: Technologies for elliptic curve cryptography (ECC) include a computing device having an ECC engine that reads one or more parameters from a data port. The ECC engine performs operations using the parameters, such as an Elliptic Curve Digital Signature Algorithm (ECDSA). The ECDSA may be performed in a protected mode, in which the ECC engine will ignore inputs. The ECC engine may perform the ECDSA in a fixed amount of time in order to protect against timing side-channel attacks. The ECC engine may perform the ECDSA by consuming a uniform amount of power in order to protect against power side-channel attacks. The ECC engine may perform the ECDSA by emitting a uniform amount of electromagnetic radiation in order to protect against EM side-channel attacks. The ECC engine may perform the ECDSA verify with 384-bit output in order to protect against fault injection attacks.

Abstract: Technologies disclosed herein provide an apparatus comprising a sensor including a first processor configured to execute first instructions to identify, based on an index, a first encrypted key of a first set of encrypted keys, identify, based on the index, a second encrypted key of a second set of encrypted keys, and extract a first trusted symmetric key from the first encrypted key using a first decryption algorithm and a first decryption key. The apparatus further comprises a computing platform coupled to the sensor and including a memory element and a processor configured to execute second instructions stored in the memory element to receive the second encrypted key from the sensor and extract a second trusted symmetric key from the second encrypted key using a second decryption algorithm and a second decryption key, where the first trusted symmetric key matches the second trusted symmetric key.

Abstract: A method for processing a network service supported by a network infrastructure allowing virtualization of network functions. The network service is made up of a sequence, called an initial sequence, of at least one virtualized network function processing an incoming stream. The method includes: detecting an anomaly relating to the at least one virtualized network function; on the basis of the anomaly, detecting and identifying a network attack targeting the network service; identifying, in the initial sequence, at least one virtualized network function impacted by the attack; modifying the initial sequence so as to circumscribe the attack in such a way that the incoming stream is routed towards at least one virtualized network function, called the curative function, carrying out a processing of the incoming stream, called the malicious stream, as well as of functions implemented by the at least one virtualized network function impacted by the attack.

Abstract: System and method to produce an anonymized electronic data product having an individually-determined threshold of re-identification risk, and adjusting re-identification risk measurement parameters based on individual characteristics such as geographic location, in order to provide an anonymized electronic data product having a sensitivity-based reduced risk of re-identification.

Abstract: An interconnection unit includes a first connector configured to be coupled to an electronic device. There is a second connector configured to be coupled to a power station and to provide a path to the electronic device via the first connector. There is a low pass filter coupled between the first connector and the second connector and configured to allow the electronic device to receive power from the power station while maintaining data security of the electronic device.

Abstract: Disclosed are examples of searching for content associated with multiple applications. In various examples, a first application can obtain a search query and maintain a list of applications available to provide content. The first application can send a request to a second application identified in the list, the request including a key that indicates the first application is authorized to request the second application to search for content. The first application can obtain a search result from the second application based on the request and present the search result in a user interface in the first application.

Abstract: An anomaly detection method includes: extracting, for each of a plurality of learning packets obtained, all possible combinations of N-grams in the payload included in the learning packet; counting a first number which is the number of occurrences of each combination in the payloads of the learning packets; calculating, as anomaly detection models, first probabilities by performing smoothing processing based on a plurality of the first numbers; and when the score calculated for each of a plurality of packets exceeds a predetermined threshold that is based on the anomaly detection models stored in a memory, outputting information indicating that the packet having the score has an anomaly.

Abstract: An authorization code response is transmitted to a client, and the client uses a parameter included in the authorization code response and a parameter included in the authorization code response transmitted by a transmitting unit to verify that the authorization code response corresponds to an authorization code request.

Abstract: Implementations of the present specification include a computer-implemented method for achieving a consensus among a number of network nodes of a blockchain network. The blockchain network includes a primary node and one or more backup nodes. The method includes receiving a transaction request by the primary node, sending a number of first messages to the backup nodes by the primary node, receiving second messages from the backup nodes by the primary node, reconstructing the transaction request based on data in the second messages by the primary node, sending a third message to the backup nodes by the primary node, and executing the transaction request in response to receiving a predetermined number of third messages.

Abstract: Disclosed herein are a terminal apparatus, a server apparatus, and a method for FIDO universal authentication using a blockchain. The method includes sending, by the terminal apparatus, a FIDO service request for any one of FIDO registration, FIDO authentication, and FIDO deregistration for an application service provided by the server apparatus to the server apparatus; verifying, by the blockchain, a FIDO service response message, which is created as a result of local authentication of a user in the terminal apparatus in response to the FIDO service request; and processing, by the server apparatus, the FIDO service request based on whether the FIDO service response message is successfully verified by the blockchain.