Abstract: An Internet resource provider (IRP) may authenticate a user and, upon a successful authentication, allow the user to perform one or more actions on webpages that are within an account of the user. The IPR may store the most recent actions of the user in a temporary access code (TAC) database. If the user has a problem, the user may select a TAC button on a webpage within the account of the user. The IPR may generate a TAC, store the TAC in association with the recent activities of the user in the TAC database and transmit the TAC to the user. The user may contact and provide the TAC to a customer support service center. The customer support service center may authenticate the user based solely on the TAC and determine the one or more recent actions of the user in the TAC database. The customer support service center may provide assistance to the user based at least partially on the one or more recent actions of the user.

Abstract: A method of cleaning up a virus program, in an electronic terminal including at least one processor, is provided. An operable interface is displayed on a terminal locked page in response to a first operation instruction on the terminal locked page, the terminal locked page being a page of the virus program and displayed on a screen of the electronic terminal. A second operation instruction on the operable interface is obtained, and identifier information of the virus program is obtained in response to the second operation instruction. The virus program is controlled to run by displaying an auxiliary page on the screen of the electronic terminal in a bring-to-front manner. The virus program is cleaned up based on the identifier information.

Abstract: A method for securely sharing validation information of one or more data files stored on different cloud servers using distributed ledger technology includes requesting access to the data files and calculating a hash thereof. A structured Merkle tree is constructed using the hash and additional hashes of other data files for which a user has not granted access, but has used to construct a corresponding Merkle tree for which the user has committed a root value to a main blockchain. It is checked whether the root value of the Merkle tree is the same as the one the user has committed, and whether the hash of the data files is stored in a block of a satellite blockchain linked to the main blockchain and operated by a subset of nodes of the main blockchain that trust one another.

Abstract: Embodiments include method, systems and computer program products for validating an event record. The method includes securing, by a processor, a log of one or more events being performed a computer by adding tamper detection to the log. Securing includes generating, by the processor, a first event record in response to an event being performed by the computer and generating, by the processor, a second event record in response to the first event record being generated. The second event record includes a first signature and a second signature corresponding to the first event record. The processor, in response to a request to detect tampering of the first event record, validates the first event record based on the first signature and the second signature in the second event record.

Abstract: A method for detecting and mitigating effects of abnormal MTC device behavior includes, at a telecommunications network node comprising one of an MME, DRA, or SCEF, receiving CP information from which core network (CN) assistance information for tuning an evolved node B (eNB) to minimize MTC device state transitions is derivable, forwarding the CP information or CN assistance information derived from the CP information to another network node, deriving, from the CP information, a rule for policing behavior of the MTC device, storing the rule in memory of the telecommunications network node, monitoring uplink communications from the MTC device, determining, using the stored rule derived from the CP information, that the MTC device is not behaving in accordance with an expected behavior; and, in response performing a network security action that mitigates an effect of traffic from the MTC device on the network.

Abstract: A processor includes a processor core. A register of the core is to store: a bit range for a number of address bits of physical memory addresses used for key identifiers (IDs), and a first key ID to identify a boundary between non-restricted key IDs and restricted key IDs of the key identifiers. A memory controller is to: determine, via access to bit range and the first key ID in the register, a key ID range of the restricted key IDs within the physical memory addresses; access a processor state that a first logical processor of the processor core executes in an untrusted domain mode; receive a memory transaction, from the first logical processor, including an address associated with a second key ID; and generate a fault in response to a determination that the second key ID is within a key ID range of the restricted key IDs.

Abstract: There is provided an elliptic curve cryptographic scheme for permitting secure communications between two or more cryptographic correspondent devices, with a simple side-channel attack countermeasure. The cryptographic scheme includes: transforming a point to Jacobian projective coordinates; constant-time scalar multiplication of the point by a parameter; and transforming the resultant of the scalar multiplication to affine coordinates. The scalar multiplication including: performing iteratively to the value of the parameter either one of: doubling of the point and multiplying any two random field elements; or mixed addition of the point.

Abstract: Provided is a signature generation device, etc., generating signature information with high accuracy. The signature generation device calculates hash values for at least a partial area in individual files; calculates a similarity degree between the calculated hash values and classifies the plurality of files into groups based on the calculated degree; specifies common strings among, at least, some of the files in strings included in files of a group, the strings being symbol strings or bit strings; and generates signature information being a criterion for determining whether or not at least a part of the common string in the specified common strings is included.

Abstract: An item is encrypted to create a unique hash-value for the item. From this hash-value, an item can be uniquely identified. The hash-value for the item is stored in a first blockchain. When the item is included in a transaction, a transaction entry is stored in a block of the first blockchain. When an item participates in a group of items, a group of items is formed. The group of items is encrypted to create a unique hash-value for the group of items. The hash-value for the group of items may be based on hash-values from the items included in the group of items. The hash-value for the group of items is stored in a second blockchain that is distinct from the first blockchain. When the group of items is included in a transaction, a transaction entry is stored in a block of a second blockchain.

Abstract: Examples of techniques for location validation for authentication are disclosed. In one example implementation according to aspects of the present disclosure, a computer-implemented method includes presenting, by a processing device, a location-based security challenge to a user. The method further includes responsive to presenting the location-based security challenge to the user, receiving, by the processing device, media from the user. The method further includes validating, by the processing device, the media received from the user against the location-based security challenge to determine whether the user is located at an authorized location. The method further includes responsive to determining that the user is located at an authorized location, authenticating, by the processing device, the user to grant access for the user to a resource.

Abstract: A wearable electronic device includes one or more processors identifying one or more companion electronic devices operating within a wireless communication radius of the wearable electronic device. One or more sensors identify the wearable electronic device being within a predefined distance of a companion electronic device. A wireless communication circuit, responsive to the one or more processors, delivers an authentication credential to the companion electronic device in response to the one or more sensors identifying that the wearable electronic device is within the predefined distance of the companion electronic device. The one or more sensors thereafter detect a gaze of an authorized user of the wearable electronic device being directed at the companion electronic device, where the wireless communication circuit delivers an actuation command to the companion electronic device.

Abstract: Disclosed is a method for continuously authenticating a user based on motion input data. The method includes recording motion input data from a keyboard such as starting coordinates, ending coordinates, and timestamps of key-up actions to determine that a key has been pressed, recording a timestamp of motion input at the starting coordinate, mapping the timestamp of said motion input at the starting coordinate to a key-down action for the key press, determining which key of said virtual keyboard said key-down action refers to, and granting or denying access to a device if the timing of the key which was pressed and released in the key-down action and the corresponding key-up action matches the press and flight timing of a key which was pressed and released in a previously-recorded key-down action and a previously-recorded key-up action.

Abstract: The present disclosure provides systems, methods, and computer program products for controlling and securing access to a computing environment comprising a plurality of resources that access data. An example method can comprise (a) segmenting the data into a plurality of data segments; (b) associating a user of a plurality of users of the computing environment with one or more data segments of the plurality of data segments; and (c) providing an access control system that defines access to the plurality of resources comprising a first resource. The first resource can be associated with one or more data segments of the plurality of data segments. The method can further comprise (d) determining whether the user has permission to access the first resource using the access control system. The determining can comprise verifying whether the user and the first resource are associated with at least one same data segment.

Abstract: Techniques related to enhanced security modes for securing a network are disclosed. The techniques include a machine readable medium, on which are stored instructions, comprising instructions that when executed cause a device to receive an indication of a security mode of a plurality of security modes, the security mode comprising a set of security settings associated with a set of network connected devices, of a plurality of network connected devices connected to a local network, and wherein the set of security settings comprises at least blocking network access of the set of network connected devices, select the set of network connected devices based on the indicated security mode, and directing an application of the set of security settings to the selected set of network connected devices.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for identifying copyrighted material based on embedded copyright information. One of the methods includes generating, by a computing device, a unique identifier (ID) based on copyright information associated with the textual content, wherein the text and the copyright information are recorded on a blockchain of a blockchain network; adding, by the computing device, one or more function words to the textual content without altering a meaning of the textual content; and embedding, by the computing device, the unique ID in the function words to produce an information-embedded textual content that enables retrieval of the copyright information from the blockchain based on the unique ID.

Abstract: A trusted device responsible for evaluating trustworthiness of unknown devices is provided. Trust evaluation rules usable to determine whether to authorize unknown devices to access a resource are received. A request to access the resource and device evaluation attributes are received from an unknown device. The trustworthiness of the unknown device is evaluated based upon the device evaluation attributes using the trust evaluation rules. In response to determining that the unknown device is trustworthy, a credential for accessing the resource is provided to the unknown device, and the device evaluation attributes of the unknown device and an identification of the unknown device are sent to a registrar for the resource.

Abstract: Priority scanning of files written by malicious users in a data storage system is described herein. A data storage system as described herein can include a user lookup component that obtains identities of users that have made at least one modification to a first file stored on the data storage system, resulting in a set of modifying users; a comparison component that compares respective modifying users of the set of modifying users to respective malicious users of a set of malicious users; and a scan priority component that, in response to the comparison component identifying at least one match between a modifying user of the set of modifying users and a malicious user of the set of malicious users, assigns a first scan priority to the first file that is higher than a second scan priority assigned to a second, different file stored on the data storage system.

Abstract: Techniques for assessing risks of IoT devices. A system utilizing such techniques can include a packet analysis based IoT device risk assessment system and an IoT device risk assessment system. A method utilizing such techniques can include extraction of IoT device risk factors from a device profile of an IoT device and application of assessment weights to the IoT device risk factors to assess a risk level of an IoT device.

Abstract: Implementations of this specification provide data transceiving operations and devices. An example method performed by a network interface controller (NIC) includes receiving to-be-sent data from a host; sending the to-be-sent data to a first data processing module that is outside of the NIC; receiving first processing result data from the first data processing module; using a network interface of the NIC to send the first processing result data to a data receiver; receiving to-be-received data from a data sender; sending the to-be-received data to a second data processing module that is outside of the NIC; receiving second processing result data from the second data processing module; and using a host interface of the NIC to send the second processing result data to the host.

Abstract: An electronic device including a first memory configured to store authorization information; a first processor configured to access the first memory; a second memory; and a second processor configured to access the second memory. The first processor is configured to check state information related to a battery state of the electronic device while the electronic device is in a first state; if the state information satisfies a first specified condition, provide authorization information to an external device in the first state so that the external device performs authorization using the authorization information; and if the state information satisfies a second specified condition, copy the authorization information into the second memory in the first state and convert the electronic device to a second state in which power consumption thereof is less than that in the first state.