Abstract: A system and method provides access to one or more web services by capturing a human perceptible rendering on a separate device, identifying a code from the human-perceptible rendering captured and granting access to the one or more web services, responsive to the code identified and an identifier of the user.

Abstract: A user is authenticated to a defined space, by entering identification data and phone data that respectively identify the user and the user's phone to a server, by sending an application from the server along a wireless connection to the user's phone after entry of the identification data and the phone data by executing the application received by the user's phone to create a virtual symbol of virtual characters in the user's phone, by posting a security symbol in the defined space, by capturing a security image of security characters from the security symbol with the user's phone, by comparing the security characters with the virtual characters, and by authenticating the user to the defined space when the virtual characters match the security characters.

Abstract: Described herein are various technologies pertaining to a patient portal interface application for a hub application that is displayed concurrently on a display with a graphical user interface (GUI) for a client electronic health record application (EHR). The hub application facilitates access to supplement applications, wherein at least one of the supplement applications is a patient portal interface application. The patient portal interface application communicates with a patient portal server to facilitate presentment of patient portal data to a user of the client EHR. The patient portal interface application provides a current context of the EHR to the patient portal server, and receives contextually-based patient portal data from the patient portal server. The contextual patient portal data is then displayed by way of a GUI of the patient portal interface application.

Abstract: A system includes an authentication unit configured to authenticate the user based on the user information received at the access by the access unit, and a setting unit configured to set an authentication token indicating that the user has logged in and identification information indicating that the user has logged in via the integrated entrance server into cookie information on the web browser in response to a success in the authentication of the user by the authentication unit, and wherein a transition of the web browser in the system is controlled based on the cookie information on the web browser.

Abstract: An electronic apparatus that writes encrypted data includes a first memory; a second memory configured to update encryption information including address information indicating a write location on the first memory and a parameter for use in encryption when data is encrypted and written to the first memory, and store the updated encryption information; an encryption and decryption unit configured to encrypt the data, based on the encryption information; and a processor configured to control the encrypted data to be written to the first memory, thereby increasing a safety level.

Abstract: A method performed by a processor of an aspect includes accessing an encrypted copy of a protected container page stored in a regular memory. A determination is made whether the protected container page was live stored out, while able to remain useable in, protected container memory. The method also includes either performing a given security check, before determining to store the protected container page to a destination page in a first protected container memory, if it was determined that the protected container page was live stored out, or not performing the given security check, if it was determined that the protected container page was not live stored out. Other methods, as well as processors, computer systems, and machine-readable medium providing instructions are also disclosed.

Abstract: Aspects of the present disclosure relate to binding a hardware security module to a software component. A secret can be cryptographically linked to the software component. The secret linked to the software component can be protected such that the secret is only accessible by a trusted firmware. The software component can then be installed in a secure software context. The protected secret can be transferred to the trusted firmware. A control block can be maintained by the trusted firmware in the secure software context, wherein the control block comprises the secret. The hardware security module can then be configured by the trusted firmware such that the hardware security module only responds to requests from a component having access to the secret.

Abstract: Disclosed herein are methods, systems, and computer-readable media for blocking attempts at runtime redirection and attempts to change memory permissions during runtime. The present disclosure describes features that enable runtime detection of an attempt to redirect routines or change memory permissions, and determining whether to allow or deny the attempt. Such features may include changing memory write permissions on memory segments, such as those segments used by dynamic loaders after call associations have been saved or otherwise created. Other features may include swapping the addresses of system routines (e.g., open, read, write, close, etc.) to new routines that perform the same function as well as additional functionality configured to detect attempts to redirect or change memory permissions. Once detected by the new routine during runtime, a determination may be made to deny or allow the call based on a policy.

Abstract: The attack vectors for some denial-of-service cyber attacks on the Internet's Domain Name System (DNS) are bad, bogus, or unregistered domain name DNS requests to resolve domain names that are not registered in the DNS. Some other cyber attacks steal sensitive data by encoding the data in bogus domain names, or domain names otherwise not registered in the DNS, that are transferred across networks in bogus DNS requests. A DNS gatekeeper may filter in-transit packets containing DNS requests and may efficiently determine if a request's domain name is registered in the DNS. When the domain name is not registered in the DNS, the DNS gatekeeper may take one of a plurality of protective actions. The DNS gatekeeper drops requests determined not to be legitimate, which may prevent an attack.

Abstract: A packet gateway may protect TCP/IP networks by enforcing security policies on in-transit packets that are crossing network boundaries. The policies may include packet filtering rules derived from cyber threat intelligence (CTI). The rapid growth in the volume of CTI and in the size of associated CTI-derived policies, coupled with ever-increasing network link speeds and network traffic volume, may cause the costs of sufficient computational resources to be prohibitive. To efficiently process packets, a packet gateway may be provided with at least one probabilistic data structure, such as a Bloom filter, for testing packets to determine if packet data may match a packet filtering rule. Packet filtering rules may be grouped into subsets of rules, and a data structure may be provided for determining a matching subset of rules associated with a particular packet.

Abstract: A print substance cartridge for a printing device includes a supply of print substance for the printing device, a non-volatile memory, and logic. The memory store authentication values by which the print substance cartridge is authenticated by the printing device, and/or a cryptographic key from which authentication values are able to be generated within the print substance cartridge. The memory stores hash values corresponding to authentication values and by which the authentication values are verified by the printing device. The logic is to, in response to a request from the printing device for an authentication value, provide the requested authentication value to the printing device. The logic is to, in response to a request from the printing device for the hash value corresponding to the authentication value, provide the hash value corresponding to the authentication value to the printing device.

Abstract: Methods and systems are disclosed for carrying out penetration testing campaigns of a networked system. These include having a reconnaissance agent software module (RASM) installed on a first network node detect an occurrence of a risky event in the node, an event that would allow an attacker of the penetration testing campaign to compromise the node if a specific Boolean condition is satisfied; in response to detecting the risky event, the RASM sends queries to a second network node requesting information, receives answers to the queries including at least one or more portions of the requested information, and, based on the received information, determines that the specific Boolean condition is satisfied and concludes that the node could be compromised by the attacker of the penetration testing campaign. Based on the above, a security vulnerability may be reported.

Abstract: Methods, apparatus, and processor-readable storage media for proactive user authentication for facilitating subsequent resource access across multiple devices are provided herein. An example computer-implemented method includes validating an authentication result received via a first user device; generating, in response to validating the authentication result, a proof of authentication that relates to the authentication performed via the first user device; outputting the proof of authentication to the first user device; receiving, via a second user device in connection with a request to access a protected resource, cryptographic information comprising at least a portion of the proof of authentication output to the first user device; validating the cryptographic information received via the second user device against the proof of authentication; and granting, to the second user device, access to the protected resource in response to validating the cryptographic information against the proof of authentication.

Abstract: Disclosed is a method for administering a communication channel between two host components of a mobile NFC device. The method includes a step of updating the whitelist of a first host component, then a step of notifying the update to a second authorised host component. The notifying step informs the second host component of the status of the whitelist of the first host component in order to prevent the transmission of requests to create a communication channel which would then be rejected. Also disclosed is a mobile NFC device.

Abstract: Methods, systems, and devices are provided for generating biometric signatures. The system can detect, at an electronic device, one or more biometric acoustic signals. The system can generate a biometric signal input of the one or more biometric acoustic signals. The system can apply a machine learning model to conduct feature extraction of the biometric signal input having one or more biometric acoustic signals. The system can generate a biometric user signature of the user from the machine learning model. The system can perform one or more privacy preserving hashing functions to the biometric user signature to generate a hashed biometric user signature. The system can determine whether the hashed biometric user signature satisfies a predetermined threshold with an enrollment hashed signature of the user. And the system can authenticate an identity of the user upon detecting that the hashed biometric user signature satisfies the predetermined threshold.

Abstract: A first mobile application is received. A reversing operation is performed on the first mobile application. A static analysis engine is used to determine a plurality of libraries included in the mobile application. Each library included in the plurality of libraries is categorized. A determination that the first mobile application is similar to a second mobile application based at least in part on a comparison of the respective categorizations of the respective libraries included in the respective first and second mobile applications. Commonality in the libraries of the two mobile applications can be used for a variety of purposes including detecting repackaging and also common authorship.

Abstract: A device may collect environmental information surrounding the device. Based on the collected environmental information, the device may automatically identify a potentially secured location that has lower security risk. When a potentially secured location is identified, the device may prompt the user to setup a security profile having reduced security requirement for the secured location. The device may store and associate the security profile with the secured location. The device may activate the security profile with reduced security requirement when the device is in the secured area. Further, the security profile may require that certain features of the device be disabled when the device is in the secured location.

Abstract: A data communication method for wireless power charging and an electronic device using the same is provided. An electronic device performing authentication for wirelessly receiving power supplied from an external electronic device includes a wireless charging receiver module and a processor configured to control the wireless charging receiver module to exchange authentication data with the external electronic device and receive the wireless power supplied from the external electronic device based on a result of the authentication, the authentication data being split into at least one packet. Other embodiments are possible.

Abstract: A method of unlocking an electronic device, an unlocking device and system and a storage medium are provided. The method includes: acquiring at least one image to be authenticated, in which the image to be authenticated is an RGB image or an infrared image; obtaining an RGB image authentication result of the image to be authenticated by RGB object authentication of the image to be authenticated in a case where the image to be authenticated is the RGB image, and obtaining an infrared image authentication result of the image to be authenticated by infrared object authentication of the image to be authenticated in a case where the image to be authenticated is the infrared image; and determining whether to unlock the electronic device according to at least one of the RGB image authentication result and the infrared image authentication result.

Abstract: Methods and systems for tag-based identification include receiving a set of parameters at a user device from a remote server. A counterfeit-proof identification tag is read using a sensor in the user device using the set of parameters. Features of the counterfeit-proof identification tag are extracted in accordance with a feature extraction function, using a processor, to generate a tag bit sequence. A challenge function is applied to the extracted features to generate a result. The result is transmitted to the remote server to authenticate the counterfeit-proof identification tag. The counterfeit-proof identification tag is authenticated with a tag database at the remote server.