Abstract: A device may determine a boot up identifier for the device using information related to a deployment of the device. The boot up identifier may identify the deployment of the device. The device may perform a comparison of the boot up identifier and a provisioned identifier to determine whether the deployment of the device and an intended deployment of the device match. The provisioned identifier may identify the intended deployment of the device. The device may perform a boot up of the device in a particular mode of operation based on a result of the comparison. The comparison may indicate whether the deployment of the device and the intended deployment of the device match. The particular mode of operation may cause the device to boot up to recover or reconfigure the device.

Abstract: A logging module for identifying a suspected tampering condition of an access-controlled container, the logging module comprising: data collection means configured to collect data from said access-controlled container; and communication means for communicatively connecting the logging module across a network to a database storing a use history associated with said access-controlled container; wherein the logging module is configured to compare the collected data to the corresponding use history associated with said access-controlled container stored in the database to identify a suspected tampering condition of said access-controlled container, wherein the use history comprises data associated with the weight and/or volume of content of the access-controlled container.

Abstract: Aspects of the present disclosure involve systems, methods, computer program products, and the like, for providing a proxy server or scrubbing service for an authoritative domain name server (DNS) of a CDN to prevent or otherwise mitigate attacks on the server. The proxy server may receive incoming requests to the authoritative DNS and determine which requests are valid and which are potentially part of an attack on the network. In one embodiment, the proxy server may then “scrub” or otherwise remove the requests of the attack to mitigate the effect of the attack on the network. For example, the proxy server may ignore the request, may direct the request to a “dead-end” server or other device to prevent overloading of the target device, may instruct a device from which the request was sent to discard the request, etc.

Abstract: A circuit device includes an oscillation circuit that generates an oscillation signal by using an oscillator, a processing unit that controls the oscillation circuit, and an interface unit that outputs authentication information to an external device. The authentication information being information based on specific information of the circuit device and is used to authenticate the circuit device.

Abstract: A system and method operate on a first electronic device and a second electronic device. The first device has a control system and a cryptographic communications module. The second device has a key generator, a user interface, and a cryptographic communications module. The second device generates a single-mission cryptographic key that is securely programmed into the first device, and the first device is deployed to a remote location. The user interface receives a command for controlling the first device. The second device encrypts the command according to the cryptographic key, and transmits the encrypted command to the first device. The first device authenticates the command, decrypts it, and passes the decrypted command to the control system. The first device may be actively guided ordnance, and the second device may be a control element for controlling the actively guided ordnance. The key may be automatically obfuscated upon mission completion or termination.

Abstract: Implementations of the present specification disclose a consensus verification method, apparatus, and device. In the implementations of the present specification, for each piece of service data, if first consensus verification on the service data fails, a first node determines whether the service data satisfies a predetermined retry condition instead of directly considering the service data to be invalid. If the predetermined retry condition is satisfied, then the service data is stored as service data to be retried. The first node can perform the first consensus verification on the service data to be retried in response to determining that a predetermined retry execution condition is triggered.

Abstract: In a general aspect, a system can include a processor having a secure mode and a non-secure mode, and a secure module configured to respond to tokens posted by the processor in the secure mode. Each token can identify a secure asset, and source and destination addresses within secure and public address spaces. The secure module can include a memory storing secure assets identifiable by the tokens and a memory access circuit to read data from source addresses and write processed data to destination addresses. The system can further include a cryptography engine configured to process the read data using identified secure assets. The secure module can respond to tokens posted in the non-secure mode. The memory can store, with each secure asset, a respective rule defining the address spaces where the memory access circuit may read and write data. The secure module can ignore tokens that do not satisfy respective rules.

Abstract: A specifying device receives detection information from a security device that detects hacking into a network or an activity of a terminal related to infection, and specifies a state of the terminal from information of the terminal and content of activity of the terminal included in the detection information. The specifying device specifies, when specifying that the terminal is in the state of being infected with malware, a terminal that may be infected before performing the content of the activity of the terminal included in the detection information based on connection information stored in a configuration information storage device, and specifies a terminal located on a route, along which the infected terminal is likely to be used for hacking or for infection of the terminal in the future, as a candidate for an infected terminal likely to be infected.

Abstract: The present disclosure provides a data mapping protocol that securely associates the account user information stored in the user pool with corresponding account identity information stored in the identity pool, such that all the account information is searchable, regardless of which pool the information is in. In an embodiment, a mapping service, which may be provided by the resource provider, obtains a set of login credentials and authenticates the login credentials with the user pool. In response to receiving the login credentials and an authentication request, the user pool returns the account credentials associated with the login credentials. The account credentials are used to access the account identifier, and other associate account identity data in the identity pool. Thus, the login credentials from the user pool and the account identifier from the identity are obtained and associated with each other in a searchable data structure.

Abstract: A computing system and method to implement a three-dimensional virtual reality world having user created virtual objects. A platonic object identifies a list of objects as different versions of the platonic object. Each respective object has: a blueprint identifying resource objects that are used to construct the respective object in the virtual reality world; and a provenance node identifying the platonic object of the respective object, a creator of the respective object, and a set of access control parameters of the respective object. A server computer hosting the virtual reality world control access to instances of the platonic object according to access control parameters stored in the tree of provenance nodes for the objects connected via the blueprints and the platonic object.

Abstract: A method for reliable computation of a program P includes generating, by a verifier, a public verification key vkp and a public evaluation key (ekp), both on a basis of the program P, providing, by the verifier, a number N at random and sending the number N to the at least one provider, producing, by the at least one provider, at least one output Si concatenated with N and producing a signature ?i over a corresponding input into the at least one provider and/or corresponding data within the at least one provider, both the input and/or the data signed under a secret key ski, so that a pair of output and signature (Si, ?i) is transmitted to the computing unit. The verifier verifies the proof ?y using the public verification key vkp and rejects y, if the proof verification fails.

Abstract: In one embodiment, a method for detecting one or more behaviors by software under test that indicate a presence of malware is described. First, an analysis of operations conducted by the software being processed by a virtual machine is performed. The analysis includes monitoring one or more behaviors conducted by the software during processing within the virtual machine. Next, a video corresponding to at least the one or more monitored behaviors, which are conducted by the software during processing of the software within the virtual machine, is generated. Also, text information associated with each of the one or more monitored behaviors is generated, where the text information being displayed on an electronic device contemporaneously with the video corresponding to the one or more monitored behaviors.

Abstract: A method of enabling single sign-on (SSO) access to an application executing in an enterprise, wherein authorized, secure access to specific enterprise applications are facilitated via an enterprise-based connector. In response to successful authentication of an end user via a first authentication method, a credential associated with the successful authentication is encrypted to generate an encrypted user token. The encrypted user token is then forwarded for storage in a database accessible by the enterprise-based connector. Following a redirect (e.g., from a login server instance) that returns the end user to the enterprise-based connector, the encrypted user token is fetched and decrypted to recover the credential. The credential so recovered is then used to attempt to authenticate the user to an application via a second authentication method distinct from the first authentication method.

Abstract: A computing resource service provides flexible configuration of authorization rules. A set of authorization rules which define whether fulfillment of requests. The set of authorization rules are applied to a request of a first type which is mapped to a request of a second type. The request of the second type is used for fulfillment of the request of the first type when the authorization rules so allow.

Abstract: Conflict detection and resolution methods and apparatuses relate to the field of communications technologies. The conflict detection method includes: acquiring, by a controller, a flow path of a data flow on a network, where the flow path is used to indicate a path along which the data flow reaches an address in a destination address range from an address in a source address range through at least two intermediate nodes on the network, a first flow table rule is added to or deleted from flow tables of the at least two intermediate nodes, and the first flow table rule is any flow table rule; and determining, by the controller, whether a conflict exists according to an address range of the flow path and an address range of a security policy.

Abstract: A mapping relationship of a device ID associated with a client, a certificate ID associated with a certificate to be applied by the client during a certificate application process, and identity verification methods to be used to verify the client is stored during the certificate application process. From the client, a request for a certificate to perform a service is received, and the request includes the device ID, an identification verification requirement associated with the service, and the identity verification requirement specifies at least one identity verification method. In response to receiving the request based on the mapping relationship, a certificate ID of an existing certificate that corresponds to the received device ID and satisfies the identity verification requirement is retrieved. In response to retrieving the certificate ID, a certificate response to the client including the retrieved certificate ID is sent.

Abstract: The invention relates to a computer-implemented method for generating passwords and to computer program products of same. The method comprises: accessing, by a user (100), by means of a first computation device (200), for the first time, a webpage or website identified by a web domain that requires the Identification of the user (100) on the webpage or website; and generating, by means of a password generator, a password required by the webpage or website, based on the use of a result obtained from the execution of a cryptographic function using password policies related to the domain, the use of a master password (101) known only to the user (100) and the use of an Id_Hash (208).

Abstract: In one example in accordance with the present disclosure, a method for threat score determination includes detecting a change in malicious activity for a security object. The method also includes identifying an indicator that provides contextual information for the security object and determining a linked resource that is associated with a database record of the security object. The method also includes determining a first threat score associated with the security object and determining a relationship between the linked resource and the security object. The method also includes determining a second threat score associated with the linked resource based on the indicator, the threat score of the linked object and the relationship between the linked resource and the security object.

Abstract: A method for the display of an image in a display area, the method comprising: requesting, from a server, a scrambled image file using an image identifier, the scrambled image file containing the image in a scrambled form; receiving the scrambled image file; dividing the scrambled image file into a plurality of image fragments, the image fragments having a first order within the scrambled image file; and rendering the image fragments on to the display area in a second order derived from the image identifier to display the image in unscrambled form.

Abstract: A system, method, and computer program product are provided for a database associating a plurality of device vulnerabilities to which computing devices can be subject with a plurality of remediation techniques that collectively remediate the plurality of device vulnerabilities. Each of the device vulnerabilities is associated with at least one remediation technique. Each remediation technique associated with a particular device vulnerability remediates that particular vulnerability. Further, each remediation technique has a remediation type are selected from the type group consisting of patch, policy setting, and configuration option. Still yet, a first one of the device vulnerabilities is associated with at least two alternative remediation techniques.