Abstract: A server comprises a communications module; a processor coupled with the communications module; and a memory coupled to the processor and storing processor-executable instructions which, when executed by the processor, configure the processor to authenticate a user via a first authentication channel; receive, via the communications module and from a computing device associated with the user, a signal representing a request to transfer a first quantity of resources; determine that the first quantity of resources is less than a first threshold associated with the first authentication channel; obtain identity data associated with the request to transfer the first quantity of resources; determine, based on the identity data, that a request to transfer a second quantity of resources has been previously initiated by the user via a second authentication channel that is different than the first authentication channel; and determine that the sum of the first quantity of resources and the second quantity of resources i

Abstract: According to one embodiment of the present application, provided is an access management method of an access control device, comprising the steps of: receiving, from a user terminal, a first advertising packet including open authentication information; generating a key on the basis of at least a first random key; confirming the open authentication information on the basis of the generated key; and determining the opening of a door on the basis of the open authentication information.

Abstract: Traffic broadcast to a VLAN is restricted. To do so, a plurality of stations are associated with a BSSID (basic service set identifier). A first VLAN is configured by sending a first group key to each station from the plurality of stations that is a member of the first VLAN, wherein each VLAN is associated with a unique group key. One or more frames addressed to the first VLAN are received. The one or more frames are encrypted with the first group key to prevent stations without the first group key from being able to decrypt the one or more frames. The one or more encrypted VLAN frames are broadcast to the plurality of stations associated with the BSSID.

Abstract: According to aspects of the inventive concepts, provided is a method for erasing information based on a dual-security mechanism. A storage medium feature database, an information erasure feature database, and a firmware system feature database are built to match cases for to-be-erased electronic scrap. An erasure solution and a native system data package are generated based on the matching results. The information is erased and an erasure result is evaluated; and the information is recovered on the erased electronic scrap, and a recovery result is evaluated, to implement comprehensive double security evaluation. The information erasure validity of the electronic scrap is checked based on the evaluation results. If an erasure result is invalid, erasure solutions are corrected online based on the evaluation result, until the erasure result is valid and the electronic scrap with a native system recovered is obtained.

Abstract: A control apparatus, an access control method, and non-transitory recording medium storing a plurality of instructions. The control apparatus transmits to an administrator terminal, screen data for accepting input of requested settings including host information for identifying the access target server and condition information indicating conditions for controlling access to the access target server, receives the requested settings from the administrator terminal, stores access control settings associating the host information and the condition information based on the received requested settings, receives an access request to a particular access target server from the communication terminal, and transmits a response to the access request to the communication terminal based on a scheduled access time indicated by the received access request and a condition indicated by condition information associated with host information for identifying the particular access target server.

Abstract: A method for examination scoring via blockchain includes: receiving, by a receiver of a processing server, an answer submission from an external computing device, wherein the answer submission includes at least one digital signature and a plurality of exam answers; validating, by a processing device of the processing server, the digital signature using a public key of a cryptographic key pair; determining, for each of the plurality of exam answers, if the respective exam answer is correct or incorrect based on an answer key; generating, for each correct exam answer, a blockchain data value, wherein the blockchain data value includes at least the validated digital signature; transmitting, by a transmitter of the processing server, the generated blockchain data values to one or more nodes in a blockchain network for validation and addition to a blockchain associated with the blockchain network.

Abstract: An information processing apparatus includes an authenticating unit, an acquiring unit, a first specifying unit, and a first display unit. The authenticating unit, when accepting first user information used for authentication of determining whether a user has an authority, compares the first user information and second user information identifying a user having the authority. The acquiring unit acquires an application list screen, in which each of applications is associated with display information, in accordance with an operation performed by the authenticated user. The first specifying unit, when the acquiring unit acquires the application list screen, specifies authority information corresponding to the second user information identifying the authenticated user, based on first information indicating a correspondence relation between the second user information and the authority information.

Abstract: A system and a method of determining persistent presence of an authorized user while performing allowed operations on an allowed resource of the system while satisfying certain context-sensitive restrictions are disclosed. The system receives a request from a user to authenticate him/her. The system authenticates the user using biometric information of the user or any other authentication mechanism in a given context-sensitive restriction. If the user is authenticated, then the system allows the user to perform the allowed operation using the allowed resources in the context-sensitive restriction. If the authentication fails indicating that the user is an unauthorized user, then the system initiates a resolution process to halt or terminate the allowed operation to restrict or obfuscate the allowed operation from being accessed by the unauthorized user. In one embodiment, the system comprises an External Companion Device (ECD) paired with the system to perform the authentication and manage the allowed.

Abstract: A method for obfuscating data at-transit can include receiving a request for communicating data, determining a sequence of data at-transit for a window of time; and providing the sequence of the data at transit for performing communications across interconnect to another component. The described method can be carried out by an obfuscation engine implemented in an electronic system such as within a secure element. A secure element can include a processor and a memory. The obfuscation engine can be part of the processor, part of the memory, or a stand-alone component.

Abstract: A device may select an individual that is a candidate for authentication by facial recognition. The device may identify a facial area of the individual and an area of exposed skin of the individual. The device may obtain a first temperature associated with the facial area of the individual and a second temperature associated with the area of exposed skin of the individual. The device may determine, based on the first temperature and the second temperature, whether an appearance of the facial area of the individual is likely altered by a face-altering technology. The device may selectively perform facial recognition on the facial area of the individual based on whether the appearance of the facial area of the individual is likely altered by the face-altering technology.

Abstract: One or more embodiments of the present specification provide blockchain-based transaction methods, apparatuses, and electronic devices. A target transaction sent by a node device of a transaction initiator is received. An account of the transaction initiator corresponds to a plurality of public keys, and the target transaction includes transaction content and a digital signature. The digital signature is created by using one or more private keys corresponding to the plurality of public keys of the account and is created based on at least a part of the transaction content. The target transaction is verified, including verifying whether the digital signature is valid. In response to a successful verification, the target transaction is recorded to a distributed database of a blockchain based on a consensus rule of the blockchain.

Abstract: There is disclosed in one example an enrollment over secure transport (EST)-capable gateway device, including: a hardware platform including a processor and a memory; a first network interface to communicatively couple to an external network, including an external DNS server; a second network interface to communicatively couple to a home network; a caching DNS server including a local DNS cache, and logic to provide DNS services to the home network; and an EST proxy to authenticate to a local endpoint on the home network, provision a DNS server certificate on the local endpoint, provision an authentication domain name (ADN) on the local endpoint, and provide encrypted domain name system (DNS) services to the local endpoint.

Abstract: Disclosed are various examples for distributed profile and key management. In one example, a client device can include an agent application and a PIV-D application. The agent application can receive a partially populated device profile generated by a management service to configure a setting on the client device. The PIV-D application can generate a derived credential and provide the derived credential to the agent application. The agent application can modify the partially populated device profile to include the credential to create a fully populated device profile and configure the client device in accordance with the fully populated device profile.

Abstract: Disclosed are various examples for remotely managing passwords using local security policies. A client device can be enrolled with a management service. The management service then transmits a password policy requiring a password hint to be defined by the user. A management component executed on the client device can then enforce the password policy by requiring a user to define a password hint in order to access enterprise resources.

Abstract: A method for deploying a device to a local network hosted by a host device includes receiving a message causing the host device to request a piece of information from the device; requesting a determination if the received piece of information comprises data corresponding to an expected data pattern; if the received piece of information comprises data corresponding to the expected data pattern initiating a pairing with the device; and in response to the pairing generating an indication that the device is paired with the host device. A host device, a system and to a computer program product are also disclosed.

Abstract: Disclosed is an electronic device including a communication module that performs communication with at least one external device, a memory that stores a list in which identification information for at least one security application involving user authentication is listed, a processor electrically connected to the communication module and the memory, wherein the processor transmits information for factory reset to at least one external device associated with the security application based on the identification information on the list when a factory reset event of the electronic device occurs. In addition, various embodiments understood through the disclosure may be possible.

Abstract: Systems and methods are disclosed for preventing tampering of a programmable integrated circuit device. Generally, programmable devices, such as FPGAs, have two stages of operation; a configuration stage and a user mode stage. To prevent tampering and/or reverse engineering of a programmable device, various anti-tampering techniques may be employed during either stage of operation to disable the device and/or erase sensitive information stored on the device once tampering is suspected. One type of tampering involves bombarding the device with a number of false configuration attempts in order to decipher encrypted data. By utilizing a dirty bit and a sticky error counter, the device can keep track of the number of failed configuration attempts that have occurred and initiate anti-tampering operations when tampering is suspected while the device is still in the configuration stage of operation.

Abstract: A technique for performing authentication includes a first device receiving security data from a second device that shares its network connection with the first device. The first device applies the security data received from the second device when requesting authentication to a secured resource on the network. For example, the security data may include a token code or other data that may be used as a token, such as identification information about the second device.

Abstract: Techniques for encrypting keyboard data prior to its being received by an operating system of an endpoint device, reducing the possibility of unencrypted keyboard data being logged by a keylogger application running on the endpoint device. The techniques employ an encryption filter communicably coupled between a keyboard and the endpoint device. The encryption filter receives unencrypted keyboard data from the keyboard, encrypts the keyboard data, and provides the encrypted keyboard data to the operating system of the endpoint device. The techniques can be employed in association with a back-end data processing center of a security standard compliant organization, which can receive the encrypted keyboard data from the endpoint device, and decrypt the keyboard data for use on a host system. In this way, access and/or storage of unencrypted keyboard data at the endpoint device can be avoided.

Abstract: The present disclosure relates to systems, devices and methods for device security and trust score determinations. In one embodiment, a method includes requesting, by a first device, trust score data for a second device, wherein the first device requests trust score data from a trust score management server, and receiving, by the first device, trust score data from the trust score management server. The method also includes generating a first trust score for the second device and transmitting the first trust score for the second device with a trust score management server. The method also includes configuring, by the first device, at least one control parameter for operation of the first device with the second device based on the first trust score, wherein configuring adjusts a previous control parameter to restrict operation of the first device relative to the second device. Device and systems are provided to enhance network security.