Abstract: A system performs mobile biometric identification system enrollment using a known biometric. The system receives a digital representation of a first biometric for a person. Prior to using the digital representation of the first biometric to identify the person, the system compares a received digital representation of a second biometric for the person to known biometric data for the person. When the digital representation of the first biometric has been thus verified, the system is operative to identify the person using the digital representation of the first biometric.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for session authentication. An example method includes determining, by decoding circuitry, a set of optical path lengths to use for measurement. The example method further includes receiving, by the decoding circuitry, a set of time-bin qubits. The example method further measuring, by the decoding circuitry and based on the determined set of optical path lengths, the set of time-bin qubits to generate a set of bits. The example method further includes generating, by session authentication circuitry, a session key based on the generated set of bits.

Abstract: Technology related to detecting and/or mitigating malicious client-side scripts is disclosed. In one example, a method includes sending a request for a page of a client application. In response to the request for the page, the page and a supervisory script of the page are received. The supervisory script of the page of the client application can be executed within a client environment. The supervisory script can override an operation associated with an architected application programming interface (API) of the client environment. During rendering of the page, a call to the architected API of the client environment can be serviced by performing a modified operation that is different than the architected operation associated with the architected API.

Abstract: An example operation includes one or more of computing, by a data owner node, updated gradients on a loss function based on a batch of private data and previous parameters of a machine learning model associated with a blockchain, encrypting, by the data owner node, update information, recording, by the data owner, the encrypted update information as a new transaction on the blockchain, and providing the update information for an audit.

Abstract: The present disclosure provides a network connection method, a mobile terminal, and an electronic device. The method includes: sending a wireless signal, detecting the wireless signal and indicating that the electronic device is discovered by the electronic device; obtaining a network connection confirm operation and providing a notification to the electronic device by the mobile terminal; decreasing, by the electronic device, a signal transmit power; prompting a user to move closer to the electronic device, indicating a detected signal strength of the electronic device, and sending a wireless network key to the electronic device by the mobile terminal, when a preset condition is met in a process in which the mobile terminal moves closer to the electronic device; and increasing, by the electronic device, the signal transmit power, and connecting to a wireless network. This method and apparatus can be used for artificial intelligence, smart home, Internet of Things, etc.

Abstract: A wireless communication network performs quantum authentication for a wireless User Equipment (UE). In the wireless communication network, network quantum circuitry generates and transfers qubits. UE quantum circuitry receives and processes the qubits and determines polarization states for the qubits. The UE quantum circuitry exchanges cryptography information with the network quantum circuitry and generates cryptography keys based on polarization states and cryptography information. The UE quantum circuitry transfers the cryptography keys to UE network circuitry. The network quantum circuitry exchanges the cryptography information with the UE quantum circuitry. The network quantum circuitry generates the cryptography keys based on the polarization states and the cryptography information and transfers the cryptography keys to network authentication circuitry.

Abstract: Systems and methods for authenticating a request to initiate an electronic transaction and systems and encrypting data relating to executed electronic transactions are provided. Such systems and methods include receiving an electronic request signal, retrieving verified data associated with a user account, extracting verification data, and comparing the verification data against the verified data to determine whether the electronic request signal is authentic or fraudulent. Furthermore, when the electronic request signal is determined as authentic, such systems and methods include executing the secured electronic transaction, converting a digital image into a digital text string, cryptographically hashing the digital text string to output a secret key, digitally encrypting transaction data using the secret key, and registering the transaction data as encrypted with one or more databases.

Abstract: Systems and method for managing and securing computer systems are disclosed, wherein a method comprises: making a function call to a target function of a software component; calling, by the target function, a gateway function; querying, by the gateway function, an activation setting; and terminating, by the gateway function, the function call to the target function if the activation setting indicates an inactive status.

Abstract: In various implementations, local identifiers associated with users may be utilized to enable access one or more functions in a Business Intelligence (BI) Environment. A mapping may be generated to associate local identifiers and users. The mapping may be utilized to enable access in the BI environment by retrieving the local identifier from a mapping and enabling access in the BI environment based on the local identifier. In various implementations, a user may access the system as another user.

Abstract: A communication method and a communications apparatus, where the method includes: after receiving an RRC resume request message from a UE, determining, by a target access network device, a first user plane security protection method between the target access network device and the UE based on a context information obtaining response from a source access network device; determining a first user plane security key between the target access network device and the UE; when receiving first uplink user plane data from the UE, performing user plane security deprotection on the first uplink user plane data based on the first user plane security key and the first user plane security protection method, to obtain uplink user plane data; and sending the uplink user plane data.

Abstract: There is provided an encryption device to ensure strong security without using a random number in a white-box model. The encryption device includes: an encryption part configured to encrypt an input value using a black-box model in which input/output values are able to be recognized from the outside and an intermediate value is not able to be recognized from the outside; and a key generation part configured to encrypt the input value to the encryption part to generate a cryptographic key of the encryption part using a white-box model in which the input/output value and the intermediate value are able to be recognized from the outside.

Abstract: There is provided a method and apparatus for controlling a privacy setting of at least one sensor. A signal is acquired from one or more sensors. A characteristic of one or more subjects is detected in the acquired signal. A privacy level is set based on the detected characteristic of the one or more subjects. A privacy setting of at least one sensor is controlled based on the set privacy level.

Abstract: In some examples, an alert relating to an issue in a computing arrangement is received. Contextual information is determined for the alert, the determined contextual information comprising spatial and temporal distributions of previous instances of the alert or similar alerts. The contextual information is communicated for use in addressing the issue in the computing arrangement.

Abstract: This disclosure provides a system and method for deploying and configuring a cyber-security protection solution using a portable storage device. The portable storage device may include a memory storing instructions to be executed by a computing device. When executed, the instructions may cause the computing device to implement a cyber-security protection solution that is configured to scan a second storage device and determine whether the second storage device is usable in a protected environment.

Abstract: A system detects deviation from a computer operating system boot and operating system load. The system identifies approved operating system boot modules, approved operating system load modules, essential operating system boot components, and essential operating system configuration information, which are then hashed to create an operating system boot profile. The operating system boot modules and the operating system load modules are then executed to start the operating system. The operating system boot profile is used to verify that that there has not be any deviation from the start of the operating system.

Abstract: This disclosure describes techniques for automating a system-level security review of a network-based service. The techniques may include generating and utilizing a machine-readable threat model to identify system-level security threats to the network-based service. The network-based service may be scanned upon being provisioned in a service-provider network, and the machine-readable threat model may be generated based on results of the scan. The machine-readable threat model may represent components of the network-based service, system-level security constraints configured to identify system-level security threats to the service, and mitigations to remedy violations to the system-level security constraints. The network-based service may be continuously, or periodically, scanned to identify changes in the network-based service.

Abstract: Systems and techniques for a physical access control systems with localization-based intent detection are described herein. In an example, an access control system may regulate access to an asset. The access control system is adapted to establish a first connection with a key-device. The access control system may be further adapted to receive a credential for a user over the first connection. The access control system may be further adapted to establish a second connection with the key-device. The access control system may be further adapted to determine an intent of the user to access the asset. The access control system may use location data derived from the second connection to determine the intent of the user. The access control system may be further adapted to provide the credential to an access controller, based on identifying an intent of the user to access the asset.

Abstract: Enforcing shadow stack violations at module granularity, rather than at thread or process granularity. An exception is processed during execution of a thread based on code of an application binary, which is enabled for shadow stack enforcement, that calls an external module. The exception results from a mismatch between a return address popped from the thread's call stack and a return address popped from the thread's shadow stack. Processing the exception includes determining that the exception resulted from execution of an instruction in the external module, and determining whether or not the external module is enabled for shadow stack enforcement. Based at least on these determinations, execution of the thread is terminated when the external module is enabled for shadow stack enforcement, or the thread is permitted to continue executing when the external module is not enabled for shadow stack enforcement.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for session authentication. An example method includes receiving, by decoding circuitry and over a quantum line, a set of qbits generated based on a first set of quantum bases. The example method further includes decoding, by the decoding circuitry and based on a second set of quantum bases, the set of qbits to generate a decoded set of bits comprising at least one wildcard bit. The example method further includes generating, by session authentication circuitry, a session key based on the decoded set of bits, wherein the session key is generated based at least in part on the at least one wildcard bit.

Abstract: Some embodiments are directed to an electronic cryptographic device arranged to perform a cryptographic operation on input data obtaining output data. The cryptographic device stores an internal state as sets of shares. Fourier coefficients corresponding to the sets of shares satisfy a predetermined relationship among them. The cryptographic operation is performed by repeatedly updating the internal state.