Abstract: A collection and assignment unit collects attribute information for each file and assigns attribute information to a file to which attribute information is not assigned, when checking a file in a present information processing device. A reception unit receives attribute information of a tracking target file from a distribution device that distributes a pattern file. A search unit searches for a file associated with the attribute information of the tracking target file that is received. A transmission/procedure unit transmits, when there exists information regarding the file associated with the attribute information, the information regarding the file associated with the attribute information of the tracking target file to the distribution device and/or performs a procedure on the file.

Abstract: Devices and techniques for secure transmission of content over third-party networks are provided. Keys are established for secure transport of content between a source and recipient via a third party. The source generates a content package that includes an encrypted payload, and a payload handler. In some instances, the content package may also include user interface code for obtaining a secret from the recipient. The content package may be signed (e.g., the message content hashed and the result of the hash added to the content package). The content package is transmitted over a connection to a content delivery service for delivery to recipient(s) via another connection. The content delivery service receives the package and forwards the package to recipient(s) without decrypting the payload. A recipient receives the package from the content delivery service, validates the package and decrypts the payload. The payload may be presented to a display application.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for blockchain-based consensus management, are provided. One of the methods includes: obtaining a request for creating a consensus template, wherein the request comprises information about a plurality of participating entities associated with the consensus template; generating, based on the request, a dataset representing a hierarchical structure of the participating entities associated with the consensus template; creating a blockchain transaction for registering the consensus template to a blockchain, wherein the blockchain transaction comprises the dataset representing the hierarchical structure of the participating entities; and sending, to one or more blockchain nodes associated with the blockchain for adding to the blockchain, the blockchain transaction for registering the consensus template to the blockchain.

Abstract: A computer-implemented method of authenticating a user with a computing device is disclosed. The method involves displaying a grid of selectable visually-distinguishable graphical elements on a device display, receiving from a user of the device a drawn pattern across the selectable graphical elements, comparing the received drawn pattern to information representing a stored authentication pattern for the user, and unlocking access to functions on the device if the received drawn pattern substantially matches the stored authentication pattern.

Abstract: User data from a received service processing request initiated by a user for processing a service is parsed. Whether the user data is included in a trusted user list or a risky user list stored in a server for processing the service is determined. Whether the user data matches historical behavior data associated with the user based on a behavioral profile comparison rule model if the user data is not included in the trusted user list or the risky user list is determined. A risk type associated with the user data is determined if the user data fails to match the historical behavior data. A risk identification rule model associated with the risk type is determined based on the service requested. Risk identification is performed based on the user data using the determined risk identification rule model. The service is processed by the server based on a result of the risk identification.

Abstract: A trusted threat-aware microvisor may be deployed as a module of a trusted computing base (TCB). The microvisor is illustratively configured to enforce a security policy of the TCB, which may be implemented as a security property of the microvisor. The microvisor may manifest (i.e., demonstrate) the security property in a manner that enforces the security policy. Trustedness denotes a predetermined level of confidence that the security property is demonstrated by the microvisor. The predetermined level of confidence is based on an assurance (i.e., grounds) that the microvisor demonstrates the security property. Trustedness of the microvisor may be verified by subjecting the TCB to enhanced verification analysis configured to ensure that the TCB conforms to an operational model with an appropriate level of confidence over an appropriate range of activity. The operational model may then be configured to analyze conformance of the microvisor to the security property.

Abstract: A system for automatic authentication of service requests includes authentication of a remote access device. This authentication may be accomplished automatically prior to text or audio communication between a customer and a service agent. In some embodiments, authentication is accomplished automatically by authentication of the remote access device or accomplished by asking the customer questions. A single authentication of the remote access device may be used to authenticate a service request transferred between service agents. The authentication of the remote device may include, for example, use of a personal identification number, a fingerprint, a photograph, and/or a hardware identifier.

Abstract: Methods and associated systems are provided to perform a security posture assessment (PA) of a device based on a PA process implemented on a server but not statically stored on the device. The method includes generating, by the server, commands to be performed by a dynamic command executor on the device. The dynamic command executor is configured to dynamically launch and execute system modules on the device, based on the commands, to perform operations in the PA process. The commands and the results may be exchanged between the server and the device via a secure communication connection. The commands may be sent in a message with an encryption key that encrypts the messages, and the received command results may also be encrypted using the encryption key. By not statically storing the PA process on the device, the PA process is protected from reverse engineering attacks.

Abstract: A method for secure data exchange is provided.

Abstract: Techniques and apparatuses for issuance of license upgrades for hardware components in the field, as well as the hardware components, are described. In one embodiment, for example an apparatus may include processor circuitry and memory in communication with the processor circuitry, wherein the memory contains a configuration data block and license data block, the configuration data block being read from the memory via a licensing apparatus and the licensing data block being written to the memory by the licensing apparatus. The processor may include executable code to process the licensing data block to facilitate an upgrade of the capabilities of the processor circuitry.

Abstract: A management server includes a transfer unit and a transmission unit. The transfer unit conceals, in a case where personal information is included in usage history data of an apparatus, the personal information, and transfers the usage history data to a server. The transmission unit transmits, in a case where analysis data of the usage history data is transmitted to a terminal, restoration information for restoring the concealed personal information included in the analysis data to the terminal.

Abstract: Some embodiments are directed to a method for peering between first and second modules each installed in a different device, the device of the first module includes a human-machine interface, and the two devices can be linked by an unsecure communication channel. The method can include: receiving via the human-machine interface a command setting the device of the first module in operating mode so the first module takes control of a part of the communication means of the first device in order to set them in a secure operating mode and takes control of the human-machine interface; establishing a temporarily secure communication between first and second modules; displaying on the human-machine interface a status signaling the set-up of the secure communication; receiving via the human-machine interface a peering acceptance command; and exchanging of keys/secrets between the modules through the temporarily secure communication channel to perform the peering.

Abstract: A VXLAN Tunnel End Point (VTEP) sends an authentication request packet to an authentication server upon receiving a user access request from a user terminal, so as to cause the authentication server to perform an authentication for a user. The VTEP receives authorization information of the user for which the authentication is passed. The authorization information is sent by the authentication server, and includes a Virtual Switch Instance (VSI) identifier or a Virtual eXtensible LAN (VXLAN) identifier. The VTEP creates an Attachment Circuit (AC) interface on a user port connecting the user terminal of the VTEP. The VTEP associates the AC interface with the authorization information.

Abstract: Aspects of the disclosure relate to an electronic document sharing and signing (DSS) ecosystem for electronic document authentication and authorization. The DSS ecosystem may preferably provide a communication platform between a first user information database associated with a first entity and a second user information database associated with a second entity. The DSS ecosystem may include a signer information database. The signer information database may be coupled to the first user information database and the second user information database. The signer information database may be configured to be readable by the first entity and writeable to by the first entity, and readable by the second entity but not writeable to by the second entity. The signer database may include a list of signatory names associated with the first entity, and a plurality of electronically signed documents. Each of the documents may include an electronic signature applied by a signatory whose name appears on the signatory list.

Abstract: A system is provided comprising one or more application layer audit proxies arranged to obtain application layer network traffic sent in a network. Each of the application layer audit proxies configured to: receive application layer network traffic sent as part of a communication session between a producer entity and a consumer entity; record information about the application layer network traffic to an audit log in a distributed permissioned database comprising a blockchain of immutable data blocks; and forward the application layer network traffic to the producer entity or to the consumer entity.

Abstract: The present technical solution refers to the area of arrangement of network data exchange schemes among a plurality of devices, particularly, for data exchange among devices of the Internet of things (IoT). The technical result is the increase of protection of the information exchange of data among devices by the method of arrangement of the trusted interaction environment and provision of each participant of the information exchange in the trusted environment with the protected security module in the environment of which all necessary operations are performed for implementation of data exchange with the use of a set of symmetrical access keys. The claimed solution is implemented by means of ensuring the trusted environment of data packets exchange among IoT devices in which each of IoT devices is equipped with the security module containing symmetrical sets of keys used for encryption, signing and check of the transmitted data packets.

Abstract: A fingerprint recognition method and device for a touch screen, and a touch screen. The fingerprint recognition method for a touch screen includes: determining a fingerprint code input by a user; and comparing the fingerprint code input by the user with at least two pre-set fingerprint codes, and when the fingerprint code input by the user is the same as a fingerprint code in the at least two pre-set fingerprint codes, executing an operation corresponding to the fingerprint code. The fingerprint recognition method and device and the touch screen can improve the security of the touch screen, so as to ensure the personal and property safety of a user.

Abstract: User data from a received service processing request initiated by a user for processing a service is parsed. Whether the user data is included in a trusted user list or a risky user list stored in a server for processing the service is determined. Whether the user data matches historical behavior data associated with the user based on a behavioral profile comparison rule model if the user data is not included in the trusted user list or the risky user list is determined. A risk type associated with the user data is determined if the user data fails to match the historical behavior data. A risk identification rule model associated with the risk type is determined based on the service requested. Risk identification is performed based on the user data using the determined risk identification rule model. The service is processed by the server based on a result of the risk identification.

Abstract: A system for managing an unmanned aerial vehicle (UAV) include one or more storage media storing offline data that comprises verified information associated with a user, an input device configured to receive an input from the user, and one or more processors, individually or collectively configured to determine whether a connection to an online database is established and, if the connection to the database is not established, process the input and the offline data; and manage a flight of the UAV according to the processing of the input and the offline data.

Abstract: In some examples, a method may include detecting a vulnerability in an application during execution on a first computing device. The method may include triggering a breakpoint based on the detecting, thereby pausing the execution of the application before execution of a portion of code that exploits the vulnerability. The method may include communicating a message indicating occurrence of the breakpoint. The method may include receiving a connection request from a second computing device in response to the message. The method may include resuming execution of the application from the breakpoint subject to a signal from the second computing device.