Abstract: There is disclosed a method for facilitating transactions carried out by a mobile device, wherein: the mobile device executes a smart card application; the smart card application receives a cryptographic algorithm from a transaction server external to the mobile device; the smart card application further receives transaction data from said transaction server; the cryptographic algorithm encrypts said transaction data and stores the encrypted transaction data in a storage unit of the mobile device. Furthermore, a corresponding computer program product and a corresponding mobile device for carrying out transactions are disclosed.

Abstract: A system for transmission data protection includes user equipment (UE) and an access point. The access point sends a broadcast message that carries a public key for encryption. The UE receives and stores the public key for encryption. The UE obtains a global public key or a private key corresponding to the UE, and protects transmission data using the public key for encryption and the global public key or the private key corresponding to the UE.

Abstract: Implementations of the present disclosure relate to method and device for managing a storage system. The method comprises in response to receiving a write request at a storage system, determining whether storage units allocated to a logic storage unit of the storage system are sufficient for data associated with the write request. The method also comprises in response to determining that the allocated storage units are insufficient, allocating a new storage unit to the logic storage unit. The method further comprises updating metadata associated with allocation of the storage units of the storage system, the metadata indicating a mapping between the logic storage unit and the storage units. The method also comprises encrypting the updated metadata. Other implementations of the present disclosure also involve corresponding method, device and computer-readable medium for decryption metadata and recovering the logic storage unit using the decrypted metadata.

Abstract: The present invention discloses a service processing method and apparatus, and relates to the communications field. The method includes: receiving trigger information sent by an intermediary device; and assisting, based on the trigger information, the intermediary device in negotiating with UE and a network server, to enable the intermediary device to obtain a first key, where the first key is used by the intermediary device to decrypt ciphertexts sent by the UE and the network server, the ciphertext is obtained after the UE or the network server encrypts service information by using a second key, and the first key is corresponding to the second key. The present invention resolves a problem that an intermediary device cannot provide service optimization for user equipment and a network server because the intermediary device cannot decrypt ciphertext, and achieves an effect of expanding a usage scope of service optimization.

Abstract: Systems, methods, and articles of manufacture comprising processor-readable storage media are provided for implementing security for a network environment using a centralized smart security system. For example, a method includes implementing a network comprising a plurality of network devices which collectively generate data that is utilized by a computing system to execute an application, and implementing a centralized security system as a computing node within the network to manage security operations within the network and to establish secured and trusted communications between the network devices and the computing system. The network devices may comprise wireless sensor devices operating in a wireless sensor network, wherein the computing system executes an IoT (Internet of Things) application which processes the data that is generated by the wireless sensor devices.

Abstract: A method, apparatus and computer program product for selectively storing network traffic data are described. Network traffic is stored according to a first packet filtering policy in a first repository. The stored network traffic is scanned in the first repository according to a second packet filtering policy to identify a subset of network traffic for archiving. The identified subset of network traffic identified by the second packet filtering policy are forensically interesting packets concerning a security issue. The identified subset of network traffic from the first repository is then stored in a second repository.

Abstract: Novel tools and techniques for filtering network traffic in an anycasting environment includes receiving network traffic addressed to a plurality of anycasted servers at an edge router, the plurality of anycasted servers comprising one or more anycasted servers. The network traffic is received from the edge server at least one data scrubbing appliance. The at least one data scrubbing appliance filters out undesirable traffic from the network traffic. The at least one data scrubbing appliance “on-ramps” the filtered network traffic to the plurality of anycasted servers. The filtered network traffic is transmitted to the plurality of anycasted servers in a load balanced manner.

Abstract: Embodiments of the present invention relate to the field of electronic information technologies, and disclose a message display method, apparatus, and device. The method in the embodiments of present invention includes: receiving first input information; extracting key information in the first input information, matching the key information and a user name, and determining a target user name; and binding the first input information and the target user name, and sending, to a receiver terminal, the first input information and the target user name that are bound, so that the receiver terminal displays a reminder message according to the target user name. The present invention is applicable to a scenario in which a user needs to quickly browse information.

Abstract: Systems, methods, and apparatuses are provided for restricting access to a web resource. Website access information is obtained by monitoring accesses to a plurality of websites for each access, which may include a network identifier of an access requestor, a website identifier, and an access time for each request. Based on at least the website access information, it may be determined that a particular access requestor has accessed a number of different websites in a given time period. As a result, the particular access requestor may be classified as a web robot. A request to permit access to a web resource is received by the particular access requestor. In response to receiving the request to permit access to the web resource, the particular access requestor is prevented from accessing the web resource and/or a notification is generated that the particular access requestor is attempting to access the web resource.

Abstract: Systems and methods for multifactor authentication are disclosed. One illustrative system described herein includes: a network interface; and a processor coupled to the network interface and configured to: begin a transaction to allow a user to access a secure resource; receive, via the network interface, user data from a mobile device, the user data comprising behavior data associated with the user; compare one or more parameters of the behavior data to expected parameters; and if the parameters are within a required range, allow access to the secure resource; or if the parameters are outside of the required range, restrict access to the secure resource.

Abstract: A cryptographic proxy service may be provided. Upon determining that data associated with a network destination comprises at least some sensitive data, a cryptographic service may provide a security certificate associated with the network destination. The plurality of data may be encrypted according to the security certificate associated with the network destination and provided to the cryptographic service for re-encryption and transmission to the network destination.

Abstract: Implementations of the present disclosure provide techniques to improve security in blockchain networks. In some implementations, a linking request is received from a node. The node requests to be linked to a blockchain network. The linking request includes a digital code. One or more consensus verification messages are received from one or more blockchain nodes of the blockchain network. Each consensus verification message indicates whether a respective blockchain node approves or denies the linking request. A consensus verification result is determined based on the one or more consensus verification messages. In response to determining that the linking request is approved by the one or more blockchain nodes, the digital code is stored into the blockchain network as a digital certificate of the node.

Abstract: Systems and techniques are described for authenticating a user. A described technique includes receiving, by an identity management application running on a user computer, a request to authenticate a user to access a user application using the user computer. The technique includes determining, by the identity management application, that a mobile device associated with the user is connected to the user computer using a short distance wireless connection. The technique includes requesting, by the identity management application running on the user computer, authentication information for the user from the mobile device over the short distance wireless connection. The technique includes receiving, by the identity management application running on the user computer, the authentication information for the user from the mobile device over the short distance wireless connection.

Abstract: A digital data transmission system includes an identity-masking mechanism, a transmitter device provided with the identity-masking mechanism, and a receiver device having an identification data. The identity-masking mechanism is provided to convert a source or destination data into a source or destination identity-masking mark which is combined with a predetermined data, thereby forming a source-marked or destination-marked data with the source identity-masking mark. The source-marked or destination-marked data is transmitted from the transmitter device to the receiver device for verifying with the identification data. The receiver device cannot access the source-marked or destination-marked data if the verification is failed. The receiver device can access the source-marked or destination-marked data if the verification is passed.

Abstract: Implementations of the present disclosure provide techniques to improve security in blockchain networks. In some implementations, a linking request is received from a node. The node requests to be linked to a blockchain network. The linking request includes a digital code. One or more consensus verification messages are received from one or more blockchain nodes of the blockchain network. Each consensus verification message indicates whether a respective blockchain node approves or denies the linking request. A consensus verification result is determined based on the one or more consensus verification messages. In response to determining that the linking request is approved by the one or more blockchain nodes, the digital code is stored into the blockchain network as a digital certificate of the node.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for providing blockchain-based data authorization. One of the methods includes receiving, by a blockchain node, a data acquisition transaction submitted by a data user for obtaining target data possessed by a data owner, determining, by the blockchain node, that the data user has obtained authorization of the target data, and executing, by the blockchain node, a smart contract invoked by the data acquisition transaction to provide one or more of the target data and a computational result of one or more predetermined computational operations performed based on the target data to the data user.

Abstract: Examples relate to providing selective access to resources. In one example, a computing device may: receive, from a client application, a request to access a first resource server, the request including a client access token; identify a first set of permissions specified by a client topology, the client topology specifying: the first resource server; the first set of permissions for accessing, by the client application, the first resource server; a second resource server; and a second set of permissions for accessing, by the first resource server, the second resource server; provide the client application with a first access token specifying the first set of permissions and the first resource server; receive, from the first resource server, a request to access the second resource server, the request including the first access token; and provide the first resource server with a second access token specifying the second set of permissions.

Abstract: An authorizing party determines an authorization record set that needs to be revoked, where an authorization record included in the authorization record set corresponds to a token that is issued to an authorized party after the authorizing party grants access to the authorized party, and where each authorization record includes an authorization validation moment for a corresponding token. A time validity attribute of the authorization record set is configured. For a specific point-in-time, a value associated with the time validity attribute is set. A determination is performed as to whether the authorization record is revoked based on the authorization validation moment and the value associated with the time validity attribute.

Abstract: An authorizing party determines an authorization record set that needs to be revoked, where an authorization record included in the authorization record set corresponds to a token that is issued to an authorized party after the authorizing party grants access to the authorized party, and where each authorization record includes an authorization validation moment for a corresponding token. A time validity attribute of the authorization record set is configured. For a specific point-in-time, a value associated with the time validity attribute is set. A determination is performed as to whether the authorization record is revoked based on the authorization validation moment and the value associated with the time validity attribute.

Abstract: A memory device includes a memory block comprises a plurality of bits, wherein at least a first bit of the plurality of bits presents an initial logic state each time it is powered on; a start-up circuit configured to power on and off the memory block N times, where N is an odd integer greater than 1, and wherein the at least first bit presents an initial state after each respective power cycle of the memory block; and an authentication circuit, coupled to the memory block, and comprising an election engine that is configured to elect an initial state that occurs (N+1)/2 or more times after N power cycles that are performed by the start-up circuit, as a majority initial logic state for the first bit.