Abstract: Embodiments of the present invention disclose a wireless network access control method, device, and computer readable medium. The method includes: receiving via a mobile network an access request sent by a user device for requesting Internet access by using a wireless network of a wireless access device after a sharing status of the wireless network is set to be enabled by a setting device; and performing control processing to allow the user device to access the Internet by using the wireless network, such that the wireless access device processes Internet data related to the user device via the wireless network after the user device accesses the Internet by using the wireless network.

Abstract: Disclosed are systems, methods, and non-transitory computer-readable storage media for identifying accounts having shared credentials. In some implementations, a content management system can collect user login context data when a user logs in to or accesses a user account of the content management system. For example, the content management system can collect client device data, client application data, internet protocol (IP) address data, and/or other data from the user's device when the user logs in to the user account. The content management system can analyze the login context data to determine patterns that indicate that the user account login credentials are being shared among multiple users.

Abstract: The techniques herein are directed generally to providing access control and identity verification for communications when initiating a communication from an entity to be verified. In one embodiment an initiating device initiates a communication to a receiving device on a communication channel, wherein the receiving device is configured to determine whether an identity associated with the initiating device is verified by a verification service. The initiating device verifies the identity through a verification service client application on the initiating device, and conveys, to the verification service over a verification channel, that the identity associated with the initiating device is verified, wherein the verification service conveys, to the receiving device over the verification channel, that the identity is verified.

Abstract: This application describes methods, mediums, and systems for verifying a device for use in a messaging system. Using the device verification procedures described, a messaging system can securely authorize new devices to send and receive encrypted messages on behalf of a user, preferably without the need to share a private encryption key between the users' different devices. The application describes several techniques that can be used to provide such a system, including distributing a computer-perceptible code that encodes encryption information between a secondary device and a primary device. This allows the information to be distributed without intervention by a server. Other techniques provide unique ways to build and reverify authorized device lists, distribute encryption keys in chat channels, ensure that lists of authorized devices are distributed in the correct order and remain valid for an appropriate amount of time, add new devices to an ongoing or new conversation, and more.

Abstract: Methods and apparatuses are described herein for improved communications between a service and end devices via a gateway. A token may be in a signed encrypted state when sent to untrusted devices and may be signed, but not encrypted, when used by trusted devices. Untrusted devices may receive the encrypted token and may use it to access services. An untrusted device may send the received encrypted token to the gateway, which may then send the token to its issuer so that the token issuer may decrypt the data payload. The token may then be sent back to the gateway, which may then read the decrypted data and verify whether the untrusted device is permitted to access the requested service. The gateway may then send, within the trusted domain, the request and token to the service provider so that the untrusted device can obtain access to the requested service.

Abstract: One example method includes contacting, by a client, a service, receiving a credential from the service, obtaining trust information from a trust broker, comparing the credential with the trust information, and either connecting to the service if the credential and trust information match, or declining to connect to the service if the credential and the trust information do not match. Other than by way of the trust information obtained from the trust broker, the client may have no way to verify whether or not the service can be trusted.

Abstract: An illustrative method includes identifying, based on an output of a machine learning model that receives data associated with an operation of a hardware component as an input, an anomaly in the data, determining that the anomaly is representative of an issue associated with the hardware component, and performing, based on the determining that the anomaly is representative of the issue associated with the hardware component, a remedial action that affects a performance of the operation of the hardware component.

Abstract: A microprocessor for mitigating side channel attacks includes a memory subsystem having at least a data cache memory and configured to receive a load operation that specifies a load address. The processor performs speculative execution of instructions and executes instructions out of program order. The memory subsystem, in response to detecting that the load address misses in the data cache memory: detects a condition in which the load address specifies a location for which a valid address translation does not currently exist or permission to read from the location is not allowed, and prevents cache line data implicated by the missing load address from being filled into the data cache memory in response to detection of the condition.

Abstract: A transmitter Continuous-Variable Quantum Key Distribution (CV-QKD) device stores and transmits a quantum signal over a communication channel. A receiver CV-QKD device receives the quantum signal via the communication channel and via a reception band. The receiver CV-QKD device determines a quantum communication channel. The receiver CV-QKD device communicates the determined quantum communication channel to the transmitter CV-QKD device over an authenticated communication channel. The transmitter CV-QKD device obtains a modified quantum signal by modifying the stored quantum signal based on the determined quantum communication channel. The transmitter CV-QKD device and the receiver CV-QKD device generate a secret key using the modified quantum signal and the received quantum signal.

Abstract: Systems and methods to control data access and usage by storing a permitted use of a set of data items. The permitted use identifies: a set of computer resources to be used to operate on the set of data items; rules for operating on the data items; and a data product to be generated from the set of computer resources operating on the set of data items. A project space provides the set of computer resources to operate on the set of data items according to the permitted use, wherein the data product is to be transferred from the project space to a user device separate from the system; and a usage monitor records operations of the set of computer resources on the set of data items in the project space for compliance with the permitted use. A data air-lock mechanism implements dynamic permissions rules based on actual usages.

Abstract: A processing device of a memory sub-system is configured to receive, from a host system, host data to be stored at a memory sub-system in an encrypted form; determine that the host data exceeds a threshold size associated with an encryption operation; separate the host data into a plurality of segments based on the threshold size associated with the encryption operation; determine that a particular segment of the plurality of segments does not satisfy a size requirement of data associated with the encryption operation; modify the particular segment to satisfy the size requirement of data associated with the encryption operation; encrypt each of the plurality of segments based on the encryption operation; and store the encrypted plurality of segments at the memory sub-system.

Abstract: Systems and methods are provided for protecting a plurality of electronic devices via a control server. The control server, for example, can receive one or more indications that a first electronic device is considered malicious and add it to a security threat list. Then the control server can communicate the security threat list to others of the electronic devices, networked for communication with each other, such that the other electronic devices reject all communication from any device listed on the security threat list. Next, upon receiving indication from an approved security patch-providing source that a security patch has been applied to the first electronic device, the control server can remove the first electronic device from the security threat list and communicate the updated security threat list to the other electronic devices indicating that it is safe for these electronic devices to again receive communication from the first electronic device.

Abstract: A method, computing device and computer program product generate a temporary password to control access to a record created in response to an electronic message. An electronic message is parsed to separately identify a plurality of fields that provide different types of information. Record(s) are accessed from a database that are associated with the information provided by at least one field. An action to be initiated by the electronic message is determined to either be taken or to be rejected based upon information provided by the field(s) of the electronic message and also based upon information from the record(s) accessed from the database. If the action is rejected, a record of the electronic message is created for transmission along with information regarding the rejection. A temporary password is also generated to control access to the record created regarding the electronic message and its rejection. The response includes the temporary password.

Abstract: A method, apparatus, and computer-readable medium for searching polymorphically encrypted data includes storing one or more pseudonymous tokens in a data store, the one or more pseudonymous tokens being generated by encrypting a ciphertext using a first algorithm and an encryption key, the first algorithm comprising a polymorphic algorithm configured to generate a distinct pseudonymous token for each application of the polymorphic algorithm to the same plaintext, and identifying data in the data store that corresponds to the ciphertext by querying the data store using a search token generated by encrypting the plaintext using a second algorithm and the encryption key, the search token being distinct from the one or more pseudonymous tokens.

Abstract: Disclosed herein are systems and methods that allow for secure access to websites and web-based applications and other resources available through the browser. Also described are systems and methods for secure use and retention of user credentials, as well as methods for dynamic authentication of users and integrity checking of service providers in online environments. Thus, described in the present specification are systems and methods for constructing and destroying private, secure, browsing environments (a secure disposable browser), insulating the user from the threats associated with being online for the purposes of providing secure, policy-based interaction with online services.

Abstract: The disclosed technology teaches reducing threat detection processing by applying similarity measures. The method includes recognizing that a file is an edited version of a previously processed file and retrieving, from an archive, at least an entropy measure of the previously processed file, and calculating an entropy measure for the edited version of the file. The method applies a similarity measure to compare the entropy measures for the edited version and the previously processed file, avoiding full threat scanning of the file to detect malware except when the similarity measure reaches a scanning trigger. When any similarity measure or combination of similarity measures reaches a trigger, the technology teaches processing the file by using a threat detection module to detect malware. Further included is logging the edited version of the file for further processing when the similarity measure reaches a logging trigger.

Abstract: Web-filtering operations may be implemented on the user device, rather than on a centralized proxy server, to improve reliability, performance, and/or security of the web-filtering operations. Some or all of the necessary functions related to web-filtering may be performed on the end user device to remove the complexity and security issues inherent with the current methodology. One technique for allowing operation of proxy servers on user devices is to install smart agents on the user device. The smart agents, under control of a management server, may configure the proxy server, issue trust certificates to applications on the device, and/or provide proxy access configuration (PAC) files to applications on the device.

Abstract: A new method for trusted data decryption is disclosed. A data user provides a public key Pk of an encryption key generation algorithm G. A data provider calculates an encryption key K based on an application A, a device C, and a token T by using G, encrypts a data set D by using K, encrypts G by using Pk to obtain Ge, and transmits ED and Ge to the data user. The data user can obtain a private key generation algorithm G? by using a locally stored private key Ps, and measures, in a trusted execution environment, the application A and the device C that request data to obtain MA? and CID?, calculates an encryption key K? based on MA?, CID? and a user-input token T by using G?, and decrypts ED by using K?. If K?=K, the decryption succeeds, and data D is obtained; otherwise, the decryption fails.

Abstract: A technique is provided that enables native authentication to cloud services by employing identity management of on-premise applications from the cloud. More specifically, a Web-service interface built on an innovative orchestration of platform-independent container technology is created. An identity management application is made available inside a container and which therefore can execute in any cloud-service provider. Specifically, this application can communicate back into a business' on-premise applications, using the Representation State Transfer (REST) application programming interface architecture. The container is published to the cloud for users to download. Thus, for example, by way of this technique, a user can log onto any cloud application with using the same logon information the user uses on-premise.

Abstract: Disclosed are methods, systems, and devices for facilitating secure and private communications, via a website or application of a third-party computing system (TPCS), between a user device and a service provider computing system (SPCS). The communications may be conducted via a frame in a website served by the TPCS. The TPCS may serve a website that incorporates a customizable SDK component provided by the SPCS. The communications allow the user to, for example, open a new account. The SDK component may be initialized via a script from the SPCS, and authenticated via a session token obtained from the SPCS via the TPCS. The SDK component may provide user information, input into the frame, to the SPCS via API calls to the SPCS. The user does not navigate away from the website while securely engaging the SPCS. The third-party/partner need not develop its own user interface, security protocols, etc.