Abstract: Virus scanning of container images can be managed. For example, container images can be received in a sequential order. The container images can then be analyzed to determine the contents of the container images. The container images can be arranged in a virus-scanning queue in an order that is different from the sequential order in which the container images were received based on the contents of the container images. The container images can then be scanned for viruses in the order in which the container images are arranged in the virus-scanning queue.

Abstract: A computer-implemented method for securing a user device is disclosed. A signed device authentication key is requested and received from a user application executing on the user device. The signed device authentication key is obtained via a software module installed on the user device and associated with a secure data processing provider. A device setup request is transmitted from the user device to the secure data processing system using the signed device authentication key. The device setup request comprises the signed device authentication key. The authenticity of the device setup request is verified at the secure data processing system based on the signed device authentication key.

Abstract: Disclosed herein are techniques for using a line-of-code behavior and relation model to determine software functionality changes. Techniques include identifying a first portion of executable code and a second portion of executable code; accessing a first line-of-code behavior and relation model representing execution of functions of the first portion of executable code; constructing, based on the second portion of executable code, a second line-of-code behavior and relation model representing execution of functions of the second portion of executable code; performing a functional differential comparison of the first line-of-code behavior and relation model to the second line-of-code behavior and relation model; determining, based on the functional differential comparison, a status of functional equivalence between the first portion of executable code and the code portion of executable code; and generating, based on the determined difference, a report identifying the status of functional equivalence.

Abstract: A user input system comprising a vibration motor, a sensor and a processor in communication with the sensor. The vibration motor is in contact with a surface and generates vibrations in the surface. The vibrations can be altered by a user touching the surface to create altered vibrations. The sensor is in contact with the surface and detects the altered vibrations. The processor receives and analyzes data corresponding to the altered vibrations. The processor determines, based on the analyzed data, whether a user's touch on the surface matches a stored vibration profile of the user.

Abstract: Disclosed is a computer-implemented method for analyzing server for security vulnerabilities. The method includes selecting a first server from a plurality of servers, wherein the first sever includes a plurality of accounts. The method includes identifying, by a password vulnerability scanner, weak accounts in the plurality of accounts including a first weak account. The method includes determining, by a user risk engine, a user risk score for a user associated with the weak account. The method includes determining, by a server risk engine, a server risk score for the first server, wherein the server risk score is based on a set of server factors and a set of data factors. The method includes generating, by a smart risk scorer, an overall risk score for the first server. The method includes categorizing, based on the overall risk score of the first sever, a risk level for the first server.

Abstract: A method for controlling access to a security module [of a mobile terminal by an application of the mobile terminal is described. The method includes sending by a current application of the mobile terminal a request to access the security module, said access request comprising the current identifier of an applet comprised in the security module. The operating system of the mobile terminal reads a look-up table comprising a set of access control rules, an access control rule comprising the identifier of an applet of the security module associated with a control value for an application of the mobile terminal, said access control rule indicating that said application of the mobile terminal is authorized to communicate with the applet of the security module.

Abstract: A method and system to utilize a user's activities pattern on a user equipment (UE) device as an additional authentication parameter are disclosed. The method includes monitoring, at the UE device, activities of the UE device, and generating, at the UE device, at least one pattern based on analysis of the monitored activities of the UE device. The method further includes receiving, at the UE device, a request to access a protected application. The method includes comparing, at the UE device, an activity of the UE device with an activity determined from the at least one pattern and a corresponding time data associated with the request to access the protected application. The method further includes determining, at the UE device, a level of authentication necessary to grant access to the protected application based on the comparing.

Abstract: Embodiments described herein provide methods and systems for securely communicating with electronic assets using an authenticated computer hub and a central server. The authenticated computer hub transmits a hub identity uniquely identifying the computer hub and communication results received from authenticated electronic assets, and receives an identity confirmation message and electronic asset identities to be authorized with control directives defining operational usage parameters. The authenticated computer hub has a user interface to display electronic assets granted access, and a short-range communication device to connect to authorized electronic assets to exchange information based on control directives.

Abstract: In a cloud-based multiple client encryption and deduplication environment, secret plaintext data of a client is encrypted to produce ciphertext in an enclave comprising a trusted execution environment which is inaccessible by unauthorized entities and processes even with administrator privileges. Encryption is performed with an initialization vector and an encryption key calculated in the enclave. The encrypted ciphertext is deduplicated prior to storage by comparing a hash of the corresponding plaintext data to hashes of previously stored plaintext data.

Abstract: A first service submits a request to a second service on behalf of a customer of a service provider. The request may have been triggered by a request of the customer to the first service. To process the request, the second service evaluates one or more policies to determine whether fulfillment of the request is allowed by policy associated with the customer. The one or more policies may state one or more conditions on one or more services that played a role in submission of the request. If determined that the policy allows fulfillment of the request, the second service fulfills the request.

Abstract: A system is provided for controlling computing process execution by users with elevated access privilege. In particular, the system may be configured to hook into the process command loop for a computing system within the network environment to monitor the users logged into the system as well as computing processes being executed. The system may further flag the users and processes according to their type. If the system detects a mismatch between the user and the process, the system may automatically suspend the process from being executed. In this way, the system may ensure that processes are executed only by their authorized users.

Abstract: An authentication system includes an electronic pen and an electronic apparatus. The electronic pen includes: a pickup unit in a first end portion configured to pick up color or image information of a part when the first end portion is pressed against the part; and a transmitter configured to transmit the picked-up color or image information to the electronic apparatus. The electronic apparatus includes: a receiver configured to receive the color or image information transmitted from the electronic pen; an authentication reference information storage device configured to store color or image authentication reference information; an authentication success or failure determining circuit configured to determine a success or a failure of authentication by comparing the color or image information with the color or image authentication reference information; and a control circuit configured to remove security protection of an authentication target when it is determined that the authentication succeeds.

Abstract: A device may generate a display of a firewall policy management GUI. The device may generate a display in the firewall policy management GUI of a list of existing firewall policies and a firewall policy interface that is adjacent to the list of existing firewall policies in a same view of the firewall policy management GUI. The device may generate a display in the firewall policy management GUI of at least one of a plurality of candidate sources for a new firewall policy, a plurality of candidate destinations for the new firewall policy, or a plurality of candidate security configurations for the new firewall policy. The device may display, in the firewall policy interface, at least one of a first column that includes two or more sources, a second column that includes two or more destinations, or a third column that includes two or more security configurations.

Abstract: The present disclosure relates to system(s) and method(s) for providing access of an application to a user. The system receives a captcha request from a user device. Upon receiving the captcha request, the system identifies a set of IOT devices in a vicinity of the user device. The system further identifies one or more actions associated with one or more IOT devices, from the set of IOT devices. Further, the system generates a captcha message on the user device. The captcha message comprises the one or more actions to be performed by a user. The system further verifies one or more results received from the one or more IOT devices. Further, the system provides an access of the target application to the user on the user device based on the validation of the one or more results.

Abstract: Integrated cybersecurity systems and method for providing client access to a website. The methods involve receiving website configuration information for the client access; receiving client enrollment data for the client access; receiving client input data from a client; defining integrated client confirmation; and providing the website with the client identification information based on the integrated client confirmation. The defining involves authenticating the client input data by comparing the client input data with the client enrollment data; authorizing the authenticated client by determining client authorization information associated with the client enrollment data based on the website configuration information; identifying the authenticated client by determining client identification information associated with the client enrollment data; and providing the website with the client identification information based on the integrated client confirmation.

Abstract: Various systems and methods are provided for defining a CAPTCHA generator that is configured to generate CAPTCHA challenges by using at least a first parameter and a first plurality of values associated with the first parameter; defining an adversary program, where the adversary program is configured to automatically attempt to solve the CAPTCHA challenges; performing a first feedback loop that includes generating a first plurality of CAPTCHA challenges, receiving feedback from a group of human users and feedback from the adversary program; and using the feedback received from the human user and the feedback received from the adversary program to modify a weight associated with a first value among the plurality of values in order to generate future CAPTCHA challenges that create less inconvenience for human users but which are more difficult for adversary programs.

Abstract: The present invention relates to a method for reaching a consensus for appending, at a current round (j), a new block of data to a permissioned ledger distributed through a network comprising network connected devices authorized by the ledger, called nodes, said method being performed by a tamper-proof computing device configured for managing securely digital keys and comprising a random number generator and a cryptoprocessor for generating signatures with said keys, and comprising, for a set of transactions to be validated, the steps of: receiving, from at least a first node (Nk), a candidate block (Bj,Nk) computed by said first node on transactions among said set of transactions, for each received candidate block, generating a random value by the random number generator, and generating a signed selection message comprising: an identifier of the current round (j), said received candidate block (Bj,Nk) and said generated random value by said cryptoprocessor, broadcasting said signed selection messages to th

Abstract: Systems and methods are provided for implementing stand-in network identities, whereby independent users are permitted to act on behalf of dependent users. One exemplary computer-implemented method includes receiving a request from an independent user to provision personal identifying information (PII) for a dependent user to a first communication device. The method then includes authenticating the dependent user at a second different communication device, receiving the PII from the dependent user in response to the authentication, and transmitting the PII to a secure data structure. The method further includes authenticating the independent user at the first communication device, retrieving the PII for the dependent user from the secure data structure in response to the authentication, and transmitting the PII to the first communication device, whereby the PII may be stored in a secure element at the first communication device for use by the independent user on behalf of the dependent user.

Abstract: A method for controlling access to a user's personal information includes obtaining, from an application executing on a device of a user of the application, personal information about the user of an application; determining a required permission from the user for at least one proposed use of the personal information; presenting, to the user, a first offer to provide access to at least one enhanced function of the application in exchange for the required permission; and responsive to the user providing the required permission, providing the user with access to the at least one enhanced function of the application.

Abstract: A user-promotion process allows a service provider to grant the security roles associated with a target user account to a requester by obtaining approvals from a quorum of approving users. The quorum requirements and the identity of the approving users may be established by the target user or an account manager. Upon receiving, from a promotion candidate, a request to assume security roles of a target user, the service provider identifies the approving users from the target user's account record. Approvals are requested from the approving users, and if a quorum of approvals is received by the service provider, the promotion candidate is allowed to assume the roles of the target user. If a quorum of approvals is not received, then substitute approving users may be identified based at least in part on those approving users that did not respond to the approval request.