Abstract: Examples described herein include systems and methods for authenticating a voice-activated device. An example method can include receiving, at an application server, a request from a user device to authenticate the voice-activated device. The application server can provide a first temporary key and session ID to the user device. The method can further include communicating the first temporary key from the user device to the voice-activated device, such as by reading it aloud or having the user device communicate the key in some manner. The voice-activated device can then provide the key to the application server, which generates a second temporary key and sends it back to the voice-activated device. The second temporary key can then be transferred to the user device, which closes the loop by providing the key back to the application server. The application server can then authenticate and provide access to the voice-activated device.

Abstract: The method includes creating a signed output instruction for outputting a vehicle certificate, having a data record characterising the vehicle, using the blockchain, in the case of a valid signature, receiving the vehicle certificate, outputting the vehicle certificate, wherein the output vehicle certificate includes a machine-readable code, wherein the machine-readable code includes a private cryptographic key of an asymmetric key pair, wherein a public cryptographic key of the asymmetric key pair is identified in the blockchain as a check value for checking a signature of a read request for reading vehicle data of the vehicle certificate from the blockchain.

Abstract: A method according to one embodiment includes transmitting, by an enterprise system, a data request for user data stored in a software wallet to a software wallet provider, transmitting, by the software wallet provider, an authorization request to an end user device of the user in association with the data request, creating, by the end user device, a transaction signed with a first private cryptographic key to generate a signed transaction, transmitting, by the end user device, the signed transaction to the software wallet provider, signing, by the software wallet provider, the signed transaction with a second private cryptographic key to generate a multi-signed transaction, transmitting, by the software wallet provider, the multi-signed transaction to the enterprise system, and validating, by the enterprise system, the multi-signed transaction using a public cryptographic key associated with the first private cryptographic key and the second private cryptographic key.

Abstract: Disclosed is an electronic authentication system and method of supporting multi-signature. The method includes: designating a user group including a plurality of users to participate in multi-signature; further including a virtual user in the user group according to a predetermined policy or a request of one or two or more users of the plurality of users; generating a communication channel for communication with the user group; receiving a public key for each user of the user group through the communication channel, and sharing the received public key with the user or virtual user of the user group; and sharing a local signature generated by the user of the user group through the communication channel.

Abstract: According to one embodiment, an Information Handling System (IHS) includes a memory to store a secure event log associated with one or more attributes of the IHS, and computer-executable code to obtain a system time from a system clock of the IHS, obtain a network time from a network time protocol (NTP) server, and compare the system time against the network time. When the obtained system time does not match the obtained network time, set a system clock attack chain vector in the secure event log and generate an Indicator of Attack (IoA) report based at least in part, on the system clock attack chain vector.

Abstract: A building management system, such as a small or medium business, having one or more control devices. Assigning codes to devices, and reading and listing them may aid in configuring the devices. Templates may be used for dynamic configuration of devices and equipment. Representing terminal assignments and wiring diagrams of control devices may be intuitive in that they resemble real hardware for ease of complete installation. The present system and approach may provide an intuitive way of securely registering devices with cloud usage, for example, involving a mobile phone with no manual entry of data so that a user can complete this process with ease. An intuitive, automatic and asynchronous device configuration downloading may be seen, such as to multiple control devices in a single shot. There may be seamless configuration data synchronization, for example, in view of replacement devices, or so the latest data is readily available.

Abstract: A centralized document system generates a document package in response to a request by an originating entity. The document package includes at least one document for execution by a first receiving entity. The first receiving entity can specify a set of permissions for a second receiving entity to perform actions to documents within the package on behalf of the first receiving entity. Accordingly, the system may provide the document package to both the first and second receiving entities for the first receiving entity to execute the at least one document. Before providing the document to the second receiving entity, system may determine whether there is a sensitive document in the package and whether to delegate the document to the second entity. Accordingly, the system may prevent a sensitive document package from being provided to the second receiving entity for execution.

Abstract: Devices, methods, and non-transitory computer-readable media for user authentication with biometric data in conjunction with autofill assistance. In one example, an electronic computing device includes a memory including a user account and an electronic processor communicatively coupled to the memory. The electronic processor is configured to receive a request to access the user account and biometric data associated with the request, determine whether an autofill assistance occurred while the biometric data was captured, responsive to determining that the autofill assistance occurred while the biometric data was captured, identify data associated with the autofill assistance in the biometric data, generate second biometric data by excluding the data associated with the autofill assistance from the biometric data, and perform user authentication based on the second biometric data.

Abstract: In an approach, a processor receives a query relating to mobile number porting on a mobile network that includes a hierarchy including a mobile network operator and a mobile virtual network operator, the query requiring access to customer private data. A processor identifies a minimal number of participants in the mobile network with access to the customer private data. A customer provides a response to the query.

Abstract: Methods, computer-readable media, software, systems and apparatuses may receive, from a user device, notification of a user enrolling in a privacy incident protection application, receive, from the user device, user account information associated with one or more user accounts of the user, where the user account information includes a plurality of contextual settings, determine a risk footprint associated with the user based on the user account information, monitor the one or more user accounts, receive an indication of an incident based on monitoring the one or more user accounts and based on the risk footprint, and transmit an incident notification to a data server provider associated with the incident. The incident notification may include instructions to perform a mitigation action associated with the incident.

Abstract: A device configured to receive a data sample about a configuration for one or more network devices in a public network. The device is further configured to compare one or more threat indicators to the data sample where each threat indicator is associated with a configuration setting. The device is further configured to identify a first network device in the public network that comprises a configuration that matches a threat indicator and to generate a bad actor profile for the first network device. The device is further configured to receive data traffic for a second network device in a private network and to block data communications between the second network device in the private network and the first network device in the public network in response to determining that the first network device is associated with the bad actor profile.

Abstract: DLL hooks are protected by mapping the starting address of the new executable to a sample of the former executable. Attempts to read the starting address are responded to with the sample of the former executable. Attempts to write to the starting address are responded to with confirmation of success without actually writing data. Debuggers are detected upon launch or by evaluating an operating system. A component executing in the kernel denies debugging privileges to prevent inspection and modification of DLL hooks.

Abstract: A client device that is not originally compliant with a particular security standard (e.g., FIPS) is brought into compliance through the addition of a standard-compliant software-based cryptographic library. In order to adapt the cryptographic library to integrate with the hardware-backed keystore, a non-hardware-backed software keystore is used to store keys used by the cryptographic library. Additionally, in order to provide appropriate security for the software keystore, the software keystore (and/or the keypairs within the software keystore) is protected by a password, and the password is in turn protected by the hardware-backed keystore. Thus, to obtain the password needed to obtain a keypair from the software keystore that is in turn needed to use the cryptographic library, a user must authenticate with the operating system, e.g., by providing biometric credentials.

Abstract: Systems and methods for enhanced mobile device authentication are disclosed. Systems and methods for enhanced mobile authentication are disclosed. In one embodiment, method for electronic device authentication may include (1) a server comprising at least one computer processor communicating a one-time passcode to an electronic device over a first communication channel; (2) the server receiving, from the electronic device over a second communication channel the one-time passcode encrypted with a private key associated with the electronic device; (3) the server decrypting the one-time passcode using a public key; (4) the server validating the one-time passcode; (5) the server generating a device identifier for the electronic device; and (6) the server persisting an association between the device identifier and the electronic device.

Abstract: Methods, systems, and computer program products for implementing an administrative unit management process. An object membership request that includes a membership access change for an object for one or more administrative units of a plurality of administrative units is received at a management service from a client device. Membership evaluation information associated with the object is obtained from a directory service for the plurality of administrative units. A membership change action is determined based on the membership evaluation information. Instructions are provided to at least one administrative unit of the plurality of administrative units to implement the membership change action. A membership change notification is sent to the client device.

Abstract: A primary request is received that includes a primary identity. The service is within a service container group project hosted by a cloud provider. A shadow request is generated from the primary request. The shadow request includes a shadow identity linked to the primary identity. The shadow request is authorized by verifying that the shadow identity has access to the service. A tenant token is generated for the shadow identity in response to authorizing the shadow request. An access token is obtained using native authorization of the cloud provider in exchange for the tenant token. Tenant data is accessed from a tenant data repository using the access token. A shadow response is obtained that is generated for the shadow identity and includes processed tenant data generated. A primary response is sent that is for the primary identity and is generated from the shadow response.

Abstract: An application for dynamic, granular access permissions can include a database interface, a user interface, a login process, an administrator, an event handler and an authorization process. The database interface can be an interface to an access control permissions database that stores roles, actions, or policies for users of the application. The login process can authenticate a user and determine a default set of access control permissions for that user when they are using the user interface. The administrator can provide access control permissions for a user by using the database interface. The event handler can dynamically modify access to functionality in the user interface based on an event. The authorization process can determine whether a request from the user interface is authorized before process the request. The authorization process can use access control permissions from the administrator and either a scope limited or a temporally limited access permission.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for classical-quantum encryption and decryption. An example method for classical-quantum encryption includes receiving, by communications hardware, a symmetric key and a plaintext message, generating, by a function generator, an analytic function using the symmetric key and the plaintext message, computing, by a cryptography unit, a ciphertext based on a Taylor series expansion of the analytic function, and outputting the ciphertext. An example method for classical-quantum decryption, the method includes receiving, by communications hardware, a symmetric key and a ciphertext, deriving, by a cryptography unit and using a quantum computer, an analytic function using the ciphertext, generating, by a function generator, a plaintext message using the analytic function and the symmetric key, and outputting the plaintext message.

Abstract: A security agent configured to initiate a security agent component as a hypervisor for a computing device is described herein. The security agent component may change a value of a processor configuration register, such as a Model Specific Register (MSR), in order to cause system calls to be redirected to the security agent, and may set an intercept for instructions for performing read operations on the processor configuration register so that a process, thread, or component different from the processor of the computing device may receive the original value of the processor configuration register instead of an updated value of the processor configuration register. The security agent component may also be configured to generate interrupts to offload task execution from the hypervisor to a security agent executing as a kernel-level component.

Abstract: Methods, apparatus, systems, and articles of manufacture for orchestrating personal protection across digital assets are disclosed. An example apparatus includes at least one memory, instructions in the apparatus, and processor circuitry to execute the instructions to monitor digital assets associated with a protection threat surface to detect a protection event, determine one or more protection vectors associated with the digital assets in response to detecting the protection event, the one or more protection vectors including one or more values corresponding to an impact of the protection event on an overall protection posture associated with the protection threat surface, and determine protection remediation action for the digital assets based on the one or more protection vectors.