Abstract: A disclosed method performed by a network device can include intercepting cryptographic certificates of host servers received in response to requests for encrypted connections between host servers and user devices, and determining that each encrypted connection is a suspicious connection or a normal connection based on a certificate validation policy. The method can further include causing decryption or metadata analysis of any suspicious encrypted connection and bypassing decryption or metadata analysis of any normal encrypted connection.

Abstract: A request for access to a user's account is made to an authenticator. The authenticator sends a request for access to the user associated with the user's account. In response to user authorization, the authenticator sends an access link to a service engineer. The service engineer access the link to access the user's account with limited and restricted access. When a remote service session associated with the activated access link is terminated, the authenticator sends a termination of session notice to the user.

Abstract: Techniques for managing data mobility domains in storage system environments. The techniques employ a multiple master approach, in which each storage system in a storage system domain can function as an owner of the domain. Each domain owner has privileges pertaining to addition of new members to the domain, removal of members from the domain, and modification of domain credentials. When a new storage system is added as a member of the domain, the domain credentials are provided from the domain owner to the new storage system, resulting in the domain credentials being shared among all members of the domain. Domain membership information is also shared among all members of the domain. In this way, the management of storage system domains can be achieved without the need of a domain management server, avoiding a single point of failure or latency and reducing the complexity/cost associated with the domain management server.

Abstract: Disclosed are an apparatus and method for public key encryption using a white-box cipher algorithm. An apparatus for public key encryption using a white-box cipher algorithm includes a key table generator configured to generate at least one key table from a cipher key, a hidden-key table generator configured to convert the at least one key table into at least one hidden-key table, and an encryption algorithm generator configured to generate a white-box implemented encryption algorithm by using the at least one hidden-key table and an inverse operation of the conversion and provide the generated encryption algorithm as a public key for encryption.

Abstract: The present application discloses a method, system and apparatus for storing a website private key plaintext. A specific implementation of the method includes: receiving a public key sent from a terminal configured to perform encryption and decryption, wherein the public key is generated at random by the terminal; encrypting a website private key plaintext by using the public key to generate a website private key ciphertext, wherein the website private key plaintext is pre-acquired; and sending the website private key ciphertext to the terminal, so that the terminal decrypts the website private key ciphertext by using the private key to generate the website private key plaintext and store the website private key plaintext in the terminal. This implementation improves the security of storage of the website private key plaintext.

Abstract: A method, a client, and a system for testing an application. A webpage file includes codes for simulating a malicious attack. The method includes providing, by the test client, a network address of the webpage file to the tested application, wherein when the tested application loads the webpage file according to the network address, the tested application executes the codes comprised in the webpage file to attempt to read content of a private file in a private directory of the tested application. When the tested application successfully reads the content of the private file, the tested application transmits a message carrying the content of the private file to a test server through a local terminal device, wherein the test server determines whether the tested application has a security loophole according to the message transmitted by the tested application.

Abstract: Embodiments provide a user interface display method for a terminal, and a terminal. The method includes: generating, by a terminal in a first operating environment, a first user interface that includes a first input component, obtaining a first user interface picture according to the first user interface, and determining attribute information of the first input component according to a first application. The method also includes switching, by the terminal, to a second operating environment, and displaying a second user interface in the second operating environment according to the first user interface picture and the attribute information of the first input component, thereby reducing processing overheads of the terminal.

Abstract: A computer security protection may be provided by dynamic computer system certification. User usage of a computer system may be monitored. Based on the monitoring a role of the user in the usage of the computer system is determined. A certification required for the role and whether the user has the certification sufficient for the role are determined. Responsive to determining that the user does not have the certification sufficient for the role, a certification process is initiated.

Abstract: In a network including a plurality of computing resources associated with an enterprise, an identity is established for each of the computing resources in accordance with a decentralized identity management system maintained in accordance with a distributed ledger. The plurality of computing resources is managed in association with the distributed ledger, wherein managing comprises the enterprise posting one or more commands on the distributed ledger to enable one or more of the plurality of computing resources to obtain the one or more commands. In one non-limiting example, the computing resources are part of a geographically distributed IT infrastructure associated with the enterprise.

Abstract: One or more data storage systems are configured to automatically access a data registration service in response to receipt of a data request associated with a storage user of the one or more data storage systems and a profile of an identity associated with the storage user. The identity profile associated with the storage user comprises one or more policies for storage and access of data associated with the storage user.

Abstract: Techniques are described for associating identifiers (e.g., digital watermarks) with video content in a way that enables identification of the source of pirated content with specificity as granular as an individual user account. A compositors operating in the DRM trust zone of a client device introduces the identifier by compositing overlay information with decoded video frames. The identifier may then be recovered by comparing target content to the source content to extract the overlay information.

Abstract: A sequence mining platform (SMP) comprises a processor, at least one machine-accessible storage medium responsive to the processor, and a sequence manager in the machine-accessible storage medium. The sequence manager is configured to use processing resources to determine a sequence of nucleobases in a nucleic acid. The storage medium also comprises a blockchain manager to (a) collect transaction data for one or more transactions for a blockchain which requires a proof of work (POW) for each new block; and (b) include at least some of the transaction data in a new block for the blockchain. The storage medium also comprises a sequence mining module (SMM) to use the determined sequence of nucleobases from the sequence manager to create a POW for the new block. In one embodiment, the SMM enables an entity which controls the SMP to receive transaction rewards and sequencing rewards. Other embodiments are described and claimed.

Abstract: The invention relates to a process for transmitting streaming digital content to a client device for access to digital content. The inventive process makes it possible, in particular, to apply an access control system to the protection of direct-mode video streams. The process also makes it possible to significantly improve the security and safety of the system, based on a periodic mandatory back-communication on the part of the client device.

Abstract: To provide an information processing apparatus, a reading control method, and a computer readable storage medium that can improve the secrecy of information written in a secret area compared with the case of controlling access only by authentication, the information processing apparatus includes a nonvolatile memory that has a secret area where secret information is stored, an authentication controller that authenticates access to the nonvolatile memory, a flag information storage unit that stores flag information, and a memory controller that controls access to the nonvolatile memory by using the flag information stored in the flag information storage unit. The memory controller allows reading of the secret information from the secret area when a value of the flag information is a specified value and validity of access is authenticated by the authentication controller.

Abstract: Within a particular Top Level Domain (TLD), domain name allocation and domain name ownership may be subject to certain restrictions requiring verification. A processing platform and method is disclosed to process verification of a domain name and/or a domain name entity such as a registrant for domain name transactions with a domain name registry. The processing platform and domain name registry may be remotely located relative to one another.

Abstract: A computer-implemented method for protecting a kernel for secure boot of an operating system includes preparing a kernel component with a signature for a secure boot. A processing unit modifies a machine owner key (MOK) file to include a trusted certificate. The MOK is separate from the kernel file. The processing unit validates the kernel component using a modified Grub file, a modified Shim file, and the MOK, and executes a secure boot using the validated kernel component. The kernel is unchanged by the secure boot process. The kernel component that is protected may be either a program executable (PE) file or a non-PE file.

Abstract: A computer-implemented method for protecting a kernel for secure boot of an operating system includes preparing a kernel component with a signature for a secure boot. A processing unit modifies a machine owner key (MOK) file to include a trusted certificate. The MOK is separate from the kernel file. The processing unit validates the kernel component using a modified Grub file, a modified Shim file, and the MOK, and executes a secure boot using the validated kernel component. The kernel is unchanged by the secure boot process. The kernel component that is protected may be either a program executable (PE) file or a non-PE file.

Abstract: In certain embodiments, a token (e.g., a short-range wireless token or other token) may be provided to facilitate authentication. In some embodiments, the token may obtain a first challenge from a computer system. The token may determine which challenge type of multiple challenge types the first challenge corresponds. The token may cause a secure component to use a key associated with a first challenge type to generate a first challenge response for the first challenge based on the first challenge corresponding to the first challenge type, where the key associated with first challenge type may be selected by the secure component from multiple keys (for the generation of the first challenge response) based on the first challenge corresponding to the first challenge type. The first challenge response may be provided to the computer system.

Abstract: A communication device to allocate shared keys to plural channels includes a storage, a receiver, a storage controller, an allocator, and an encryption processor. The storage includes a predetermined number of storage areas to store one or more shared keys shared with a destination device. The receiver is configured to receive a shared key. The storage controller controls storing the received shared key in any of the storage areas every time the shared key is received. The allocator can allocate the storage areas to communication channels used for communicating encrypted data between the communication device and the communication destination device, based on a ratio predetermined for each communication channel. The encryption processor can, according to a cryptosystem determined for the each communication channel, encrypt data and decrypt the encrypted data by using the shared key acquired from the storage area allocated to each communication channel.

Abstract: Disclosed are systems and method for controlling access to objects of an operating system using Access Control Lists (ACLs). An exemplary method comprises: generating, by a processor, one or more ACLs for objects of the operating system based on at least one access rule specifying the access mode to the object of the operating system to one or more users based on the one or more categories to which the objects belongs; intercepting a request from a user to access an object of the operating system; determining, by the processor, one or more ACLs associated with the requested object; and applying, by the processor, the determined one or more ACLs to decide whether to allow or deny access of the user to the requested object, wherein if one of the applied ACLs denies access to the object, the access will be blocked, otherwise the access will be allowed.