Abstract: Methods and system for managing partial private keys for cryptography-based, storage applications used in blockchain operations and/or facilitating secure authentication when conducting blockchain operations using cryptography-based, storage applications. For example, the methods and system may perform a plurality of blockchain operations for digital assets stored in a first cryptography-based, storage application, wherein the first cryptography-based, storage application corresponds to a first partial private key, and wherein the first partial private key is stored on a first user device, and wherein the second partial private key is not accessible to platform service facilitating the first cryptography-based, storage application.

Abstract: The present disclosure generally relates to a XTS cache operation during a power down event. Upon detection of power loss, data that is waiting to be encrypted needs to be flushed to the memory device. For any unaligned data or data less than a flash management unit (FMU) size, the data is grouped together and, if necessary, padded to reach the FMU size and then encrypted, merged with other data FMUs, and written to the memory device. Grouping the unaligned data reduces the amount of padding necessary to reach FMU size and also reduces the amount of data to be encrypted. As such, data flushing can be accomplished using the limited amount of remaining power during the power loss event.

Abstract: The present invention provides an integrated, context-aware, security system that provides an adaptive endpoint security agent architecture model for a continuously monitoring and recording activity across an enterprise, specifically monitoring activity on endpoints, and subsequently detecting and blocking any malicious processes that may otherwise invade the enterprise and cause issues. The endpoint security agent architecture exposes a well-defined, public interface to the event data generated by the endpoint security agent in the form of a custom programming language by which a user can define the logic that the endpoint security agent executes in response to event data to perform detection of and response to suspicious activity.

Abstract: Disclosed is a method for generating and authenticating a three-dimensional dynamic OTP that does not require input of a password. In the method, a user address received from a user terminal is converted into coordinate values in degrees, minutes, and seconds on latitude and longitude, and set as address coordinates from the coordinates in a unit of seconds and then a two-dimensional reference coordinate system is displayed that is subdivided with the address coordinates as an origin, a two-dimensional function is provided and rotated about an arbitrary axis to form a three-dimensional space by a three-dimensional function, one OTP generation coordinate within the three-dimensional space is provided, and then a one-time password is generated by combining respective coordinate values of x, y, and z axes of the one OTP generation coordinate.

Abstract: Provided are mechanisms and processes for computational risk analysis and intermediation. Security practices information characterizing security measures in place at a first computing system may be received from the first computing system via a network. Computing services interaction information characterizing data transmitted from a second computing system to the first computing system may be received from the second computing system via the network. A processor may determine a risk profile for the first computing system based on the security practices information. Based on the risk profile and the computing services interaction information, the processor may then determine an estimate of the information security risk associated with transmitting the data from the second computing system to the first computing system. A risk assessment message including the estimate of the information security risk may be transmitted to the second computing system.

Abstract: An information processing system includes an array sensor with a pixel array having a plurality of one-dimensionally or two-dimensionally arranged pixels including a light-receiving element that receives visible or non-visible light, a hash value generator that generates a hash value from captured-image data based on a photoelectric conversion performed by the pixel array, and an encryption processing section that performs processing of encrypting the hash value; an acquisition section that acquires the captured-image data and the encrypted hash value; a decryption processing section that decrypts the acquired encrypted hash value; a hash value calculator that calculates a hash value from the acquired captured-image data; a hash value comparing section that compares the hash value obtained by the decryption with the calculated hash value; and a falsification determination section that determines whether the acquired captured-image data has been falsified, based on a comparison result of the hash values.

Abstract: A first network device may install a new receive key on a data plane of the first network device, and may provide, to a second network device, a first request to install the new receive key. The first network device may receive a first indication that the new receive key is installed by the second network device, and may install a new transmit key on the data plane of the first network device based on the first indication. The first network device may provide, to the second network device, a second request to install the new transmit key, and may receive a second indication that the new transmit key is installed and that an old receive key is deleted by the second network device. The first network device may delete the old receive key from the data plane of the first network device based on the second indication.

Abstract: Aspects are provided which allow a first device to secure transmission of polar encoded control information by encoding at least a portion of frozen bits and/or information bits with a shared key with a second device before these bits are encoded by a polar encoder. The first device determines whether to encode at least one of a plurality of frozen bits or a plurality of information bits using the shared key. Based on the determination, the first device encodes the frozen bits and/or the information bits, and sends the encoded frozen bits and/or the encoded information bits to the second device. Since the receiving device has the shared key, the receiving device may successfully decode the control information, while an eavesdropper who receives the encoded bits may fail to decode the control information due to lack of knowledge of the shared key.

Abstract: The present invention relates to a method and wireless device for supporting verification of a device as well as to a method and a network node. It is desired to enable the reliable verification of a device. The method at the device includes transmitting the wireless device identifier; calculating verification information from a random bit sequence by using a verification function associated with the wireless device identifier, wherein the verification function uses the cryptographic key; transmitting a message including the verification information to a trusted network node over a secure connection; and wherein the secure connection is established by using a trusted network identifier or by using a network encryption key associated with a trusted network identifier.

Abstract: There are provided systems and methods for multifactor authentication through cryptography-enabled smart cards. A user may engage in transactions or other online interactions that may require multifactor authentication, such as by providing a secondary or further piece of evidence or information that is used to more securely trust the user and that they are not another malicious user. The user may utilize a physical card that includes a microchip embedded to a surface, where the microchip includes a key or other cryptographic signing function to be able to be scanned and digitally sign a request for authentication from a computing device. A user's computing device may then be brought into close proximity to the microchip when a request to scan the card's microchip is received. The user's computing device may then use wireless signals to activate the microchip and perform a multifactor authentication.

Abstract: The present disclosure provides an identity authentication method, a personal security kernel node, a device, and a medium. The personal security kernel node is part of an identity authentication system, the identity authentication system further comprising a relying party node and a user identity credential certifier node. The method includes: obtaining an identity authentication assurance level corresponding to a service provided by a relying party; determining, according to the identity authentication assurance level, a user identity credential used by a user for the service; transmitting the user identity credential to a user identity credential certifier node through a relying party node, so that the user identity credential certifier node performs user identity credential authentication; and performing the service with the relying party node. According to the embodiments of the present disclosure, security of user identity assets can be improved during identity authentication.

Abstract: A method for detecting security based on machine learning in combination with rule matching is provided, including: establishing a machine learning model; training the machine learning model by using a labeled legal traffic and a labeled malicious traffic; collecting a network traffic; preprocessing the collected network traffic; detecting a malicious traffic from the preprocessed network traffic by using a rule-matching-based method; identifying a malicious traffic from the preprocessed network traffic by using the trained machine learning model, including: extracting a feature of the preprocessed network traffic, and identifying the malicious traffic based on the extracted feature by using the trained machine learning model; and integrating the malicious traffic detected by the rule-matching-based method and the malicious traffic identified by the trained machine learning model.

Abstract: A method and system for maintaining tenant isolation in a messaging service are disclosed. The method includes receiving, in at least one source topic, records sent by a plurality of producer systems associated with a plurality of tenants, wherein each of the plurality of tenants is associated with a unique tenant identifier (ID); partitioning the received records into a plurality of partitions in an intermediate topic based on the respective tenant IDs of respective tenants that sourced the records; grouping, for each of the plurality of partitions in the intermediate topic, records within the partition into an isolated batch, wherein the records in each isolated batch belong to the same tenant; and placing the isolated batches in a destination topic to be consumed system by a consumer, wherein the isolated batches are placed in the destination topic in a round-robin manner.

Abstract: Code injection is a type of security vulnerability in which an attacker injects client-side scripts modifying the content being delivered. A sanitizer function may provide defense against such attacks by removing certain characters (e.g., characters causing state transitions in HTML). A string sanitizer may be modeled in order to determine its effectiveness by obtaining data flow information indicating string operations that used an input string or information derived therefrom, including a string sanitizer function. A deterministic finite automata representing string values of the output parameter may be generated based on a graph generated from the data flow information, where the automata accepts possible output string values of the sanitizer. It can be determined whether there is a non-empty intersection between the automata for the sanitizer output and an automata representing a security exploit, which would indicate that the sanitizer function is vulnerable to the exploit.

Abstract: Embodiments of PUF systems are disclosed. Embodiments of such PUFs may be operated in the classical domain or the quantum domain, and moreover, may comprise substantially the same circuitry, and operate substantially the same, when operating in the classical domain or the quantum domain. Additionally, embodiments of such PUF systems may be effectively utilized to generate uniquely identifying signatures for electronic devices based on electronic circuity, photonic circuitry or some combination of electronic and photonic circuitry and may be utilized to generate such signatures for such electronic devices regardless of whether such electronic device themselves operate in the classical or quantum domain.

Abstract: A method and system for safely entering a password, the method comprising: a smart key device receives a password verification request sent from an upper computer, generates and displays randomly arranged characters, and returns a password verification response to the upper computer; upon the reception of the password verification response, the upper computer displays a password input interface and waits for a user to input, upon the reception of a user input, obtains a password acquisition response according to the user input, and sends the password acquisition response to the smart key device; and the smart key device determines whether the user input is correct according to the received password acquisition response. By means of the present invention, a password input solution in which a user needs to click a different position every time a password character is entered is achieved.

Abstract: A rootkit detection system and method analyzes memory dumps to determine connections between intercepted system driver operations requested by unknown files and changes in system memory before and after those operations. Memory dump differences and I/O buffers are analyzed with machine learning models to identify clustered features associated with rootkits.

Abstract: Techniques are described for providing session management functionalities using an access token (e.g., an Open Authorization (OAuth) access token). Upon successful user authentication, a session (e.g., a single sign-on session) is created for the user along with a user identity token that includes information identifying the session. The user identity token is presentable in an access token request sent to an access token issuer authority (e.g., an OAuth server). Upon receiving the access token request, the user identity token is parsed to identify and validate the session against information stored for the session. The validation can include various session management-related checks. If the validation is successful, the token issuer authority generates the access token. In this manner, the access token that is generated is linked to the session. The access token can then be used by an application to gain access to a protected resource.

Abstract: This disclosure includes utilizing a token cryptogram with a browser to facilitate a transaction. A webpage of a website is configured to accept a token cryptogram in fields of the webpage. The webpage of the website may indicate that it is token-aware and is configured to accept the token cryptograms.

Abstract: An information processing system, apparatus, and method are disclosed each of which: receives a request for using an application from an electronic device via a network; determines whether the requested application is applicable to the electronic device and is currently useable by the electronic device; determines whether a number of devices currently using the requested application has reached an upper limit number that is previously set, when the determining determines that the requested application is applicable to the electronic device but is not currently useable by the electronic device; and allows the electronic device to use the requested application, when the determining determines that a number of devices using the requested application has not reached the upper limit number.