Abstract: Embodiments of the present invention disclose a method, a computer program product, and a computer system for a drone-based network vulnerability detection system. According to embodiments of the present invention, a drone receives routes and protocols for detecting and resolving network vulnerabilities. The drone identifies one or more electronic devices connected to one or more networks within an area of interest and detects one or more network vulnerabilities of the one or more electronic devices. If the drone detects a vulnerability, the drone updates a command center and identifies a resolution to the one or more network vulnerabilities. The drone then resolves the one or more network vulnerabilities based on the identified resolution.

Abstract: Embodiments are related to computing systems and methods for event based transfer of DID delegated authority. An indication is received that a first DID user is attempting to use a delegated DID on behalf of a second DID user. The first DID user has previously been delegated authority to use the delegated DID by operation of a legal relationship or a legal agreement between the first and second DID users. A determination is made if an event has occurred that has changed the legal relationship or the legal agreement between the first and second DID users. If an event has occurred, the delegation of authority to use the delegated DID is automatically revoked such that the first DID user is no longer able to use the delegated DID. If an event has not occurred, the first DID user is allowed to continue to use the delegated DID.

Abstract: When a system receives sensitive data, it can request an encryption key from an encryption/decryption unit. A central processing unit (CPU) of the system can encrypt the sensitive data using the encryption key before writing the sensitive data to memory. Thus, the sensitive data is encrypted when written to memory.

Abstract: Methods and systems for detecting anomalous network activity. The system may receive network metadata regarding activity on a network and generate at least one of a z-score and a directionality magnitude related to the network activity. The system may then issue an alert upon detecting an anomaly exists on the network based upon at least one of the generated z-score exceeding a z-score threshold and the generated directionality magnitude deviating from a baseline directionality magnitude.

Abstract: Systems, methods, and computer-readable storage media for automatic port identification. The present technology can involve determining that a wireless device has connected to a network device on a network, and determining which of the ports on the network device the wireless device has connected to. The determining the port connected to the wireless device can involve determining respective traffic patterns to be provided to selected ports on the network device, determining a traffic pattern transmitted by the wireless device, determining that the traffic pattern transmitted by the wireless device has a similarity to a traffic pattern from the respective traffic patterns, and based on the similarity, determining that a port associated with the traffic pattern is connected to the wireless device. The present technology can also involve selecting a port policy for the port.

Abstract: A computer server is disclosed that may include a processing unit and a computer-readable memory that may store computer-executable instructions that are executable by the processing unit to cause the computer server to perform various operations. The computer server may receive location data from a mobile client device and may compare the location data to predefined secure location definitions, which may be trusted or private locations. The computer server may receive a request from the mobile client device to access network resources or services, and the computer server may determine, using a result of comparing the location data and the one or more predefined secure location definitions, an authentication process for providing the mobile client device with access to the network resources or services. The computer server may execute the authentication process and may provide the mobile client device with access to the network resources or services.

Abstract: A cloud computing environment receives a request from a client. The request relates to access of an application executing in the cloud computing environment and it encapsulates a certificate. This certificate is then translated into an authorization graph descriptor which, in turn, is used to traverse a certificate authorization graph to identify a match within a certificate repository. In response to the identification of the match, an access token is requested including the authorization graph descriptor. The access token is then encapsulated in the request which is then forwarded to an authentication service which provides access to the application if there is a match of the authorization graph descriptor against pre-defined authorization requirements. Related apparatus, systems, techniques and articles are also described.

Abstract: A system may include: a server comprising a rule cache; a user device communicably coupled to the server; a computer-readable medium comprising instructions that cause the server to: monitor a plurality of third-party data sources; obtain, via a queueing service, a plurality of pieces of content from the plurality of third-party data sources; for each piece of content, fetch a rule ID from a list of rule IDs on the user device, wherein the rule ID is fetched based on the content and a pre-selected setting on the user device; use the rule ID to fetch a rule from the rule cache, the rule comprising a script, the script comprising executable code; execute the script on the piece of content to determine if the piece of content matches the rule; and in response to determining that the piece of content matches the rule, send an alert to the user device.

Abstract: Improved systems and methods of authenticating a user using a mobile device to access a secure electronic portal are provided. A user may be enabled to quickly and securely log onto a website or other electronic portal using a handheld electronic device. In certain embodiments, multifactor authentication is utilized to improve the security of the authentication process.

Abstract: Embodiments of the present specification disclose data processing methods, apparatuses, and devices. A method can include: obtaining data use authorization information sent by a data requester; verifying the data use authorization information; in response to successfully verifying the data use authorization information, sending data authorized to be accessed by the data use authorization information to the data requester, wherein the data is obtained from a trusted institution and is stored in trusted hardware; and storing, on a blockchain associated with a blockchain network, a data sending record for the data.

Abstract: A method, performed by an EAP authenticator in a communication network, is disclosed. An identification of at least one EAP method supported by an EAP authentication server providing an EAP authentication service to the EAP authenticator is obtained, wherein the identification is obtained from a network entity of the communication network or from inspection of traffic through the EAP authenticator. The identification of at least one EAP method is provided to a device operable to request communication network access from the EAP authenticator. Also disclosed is a method, performed in an EAP authentication server in a communication network. A request for identification of EAP methods supported by the EAP authentication server is received, and a response to the request is sent identifying at least one EAP method supported by the EAP authentication server. An EAP authenticator, EAP authentication server and computer program are also disclosed.

Abstract: A super-shield system for protecting a computer from malicious software uses a whitelist to determine if a program is safe to run. As new malicious software is created, inadvertent attempts at execution of executables including such malicious software is prevented being that the new malicious software are not listed in the whitelist. When attempts are made to run unknown software, the executable is forwarded to a server where further analysis is performed to determine if the executable contains suspect code (e.g., malicious software).

Abstract: Methods and systems for providing configurable feature level controls for data. The data can be associated with data visualization and analysis in a distributed search engine environment. An example method comprises providing a user interface for enabling a selection of a type of access to grant for each feature of a plurality of features, the selection being on a feature-by-feature basis and the selection being assigned to selected roles; and in response to the selection of the type of access, automatically controlling the type of access to each of the features including determining whether a user has any role to which a particular feature has been assigned; and based on the determining, for users having any of the selected roles, permitting the type of access selected for the particular feature assigned to the selected roles. The types of access may comprise read-only, full, no access, or differing levels of access.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for post-quantum cryptography (PQC). An example method includes receiving data, a set of data attributes about the data, and a risk profile data structure indicative of a vulnerability of the data in a PQC data environment. The example method further includes retrieving PQC cryptographic performance information associated with a set of PQC cryptographic techniques. The PQC cryptographic performance information may comprise a set of PQC cryptographic performance attributes for each PQC cryptographic technique in the set of PQC cryptographic techniques. The example method further includes generating a set of PQC encryption attributes for encrypting the data based on the set of data attributes, the risk profile data structure, and the PQC cryptographic performance information. Subsequently, the example method includes encrypting the data based on the set of PQC encryption attributes.

Abstract: A server comprises a communications module; a processor coupled with the communications module; and a memory coupled to the processor and storing processor-executable instructions which, when executed by the processor, configure the processor to authenticate a user via a first authentication channel; receive, via the communications module and from a computing device associated with the user, a signal representing a request to transfer a first quantity of resources; determine that the first quantity of resources is less than a first threshold associated with the first authentication channel; obtain identity data associated with the request to transfer the first quantity of resources; determine, based on the identity data, that a request to transfer a second quantity of resources has been previously initiated by the user via a second authentication channel that is different than the first authentication channel; and determine that the sum of the first quantity of resources and the second quantity of resources i

Abstract: According to one embodiment of the present application, provided is an access management method of an access control device, comprising the steps of: receiving, from a user terminal, a first advertising packet including open authentication information; generating a key on the basis of at least a first random key; confirming the open authentication information on the basis of the generated key; and determining the opening of a door on the basis of the open authentication information.

Abstract: Traffic broadcast to a VLAN is restricted. To do so, a plurality of stations are associated with a BSSID (basic service set identifier). A first VLAN is configured by sending a first group key to each station from the plurality of stations that is a member of the first VLAN, wherein each VLAN is associated with a unique group key. One or more frames addressed to the first VLAN are received. The one or more frames are encrypted with the first group key to prevent stations without the first group key from being able to decrypt the one or more frames. The one or more encrypted VLAN frames are broadcast to the plurality of stations associated with the BSSID.

Abstract: According to aspects of the inventive concepts, provided is a method for erasing information based on a dual-security mechanism. A storage medium feature database, an information erasure feature database, and a firmware system feature database are built to match cases for to-be-erased electronic scrap. An erasure solution and a native system data package are generated based on the matching results. The information is erased and an erasure result is evaluated; and the information is recovered on the erased electronic scrap, and a recovery result is evaluated, to implement comprehensive double security evaluation. The information erasure validity of the electronic scrap is checked based on the evaluation results. If an erasure result is invalid, erasure solutions are corrected online based on the evaluation result, until the erasure result is valid and the electronic scrap with a native system recovered is obtained.

Abstract: A control apparatus, an access control method, and non-transitory recording medium storing a plurality of instructions. The control apparatus transmits to an administrator terminal, screen data for accepting input of requested settings including host information for identifying the access target server and condition information indicating conditions for controlling access to the access target server, receives the requested settings from the administrator terminal, stores access control settings associating the host information and the condition information based on the received requested settings, receives an access request to a particular access target server from the communication terminal, and transmits a response to the access request to the communication terminal based on a scheduled access time indicated by the received access request and a condition indicated by condition information associated with host information for identifying the particular access target server.

Abstract: A method for examination scoring via blockchain includes: receiving, by a receiver of a processing server, an answer submission from an external computing device, wherein the answer submission includes at least one digital signature and a plurality of exam answers; validating, by a processing device of the processing server, the digital signature using a public key of a cryptographic key pair; determining, for each of the plurality of exam answers, if the respective exam answer is correct or incorrect based on an answer key; generating, for each correct exam answer, a blockchain data value, wherein the blockchain data value includes at least the validated digital signature; transmitting, by a transmitter of the processing server, the generated blockchain data values to one or more nodes in a blockchain network for validation and addition to a blockchain associated with the blockchain network.