Abstract: A system and method of detecting an unauthorized access, phish attempt, or ransomware attempt based on limiting network transmission of data packets within an authorized device range. The method includes establishing a router hop limit value to predetermine an authorized device range for data packets to be exchanged between communicating pair devices and limiting transmission of data packets to within the predetermined authorized device range by discarding data packets after reaching the predetermined authorized device range as a function of the established hop limit value, to exclude devices beyond the predetermined authorized device range. Analyzer, Explorer, Setter, Modifier and Monitor Modules interoperate to suppress spurious communications from remote intruders.

Abstract: A secure computing platform and method for securely enabling inserted or replacement hardware devices during boot of a computing platform are discussed. More particularly, an authorized list holding identifying information associated with approved insertable or replaceable hardware devices is maintained in non-volatile storage and checked by the firmware during a platform boot sequence against identifying information provided by the inserted or replacement hardware devices. Only devices whose information matches the stored authorized list information are enabled.

Abstract: Disclosed are various examples for managing firmware passwords, such as BIOS passwords. A password reset command can be generated and transmitted to a client device. A management agent can execute the command and provide confirmation to a management service that the password has been updated.

Abstract: The invention provides a safety system for a cleanroom, which comprises a cleanroom garment provided with a plurality of RFID (radio frequency identification) tags, a face recognition device arranged at an entrance of the cleanroom, and a first RFID reader arranged beside at least one machine in the cleanroom, wherein the first RFID reader is used for identifying the RFID tags on the cleanroom garment, and a KVM network power interrupter connected to a display screen of the machine.

Abstract: A first circuit is authenticated using a second circuit. A first datum and a second datum are stored in the second circuit. The second datum corresponds to an application of a first function to the first datum and a third datum. The second circuit sends the second datum to the first circuit. The first circuit decrypts the second datum and sends a fourth datum representative of a result of the decrypting to the first second circuit for authentication. The second circuit verifies a correspondence between the first datum and the fourth datum.

Abstract: An electronic device such as a hardware security module device comprises a first cryptographic processing circuit configured to receive input data packets and apply thereto a first cryptographic processing to provide output data packets. A second cryptographic processing circuit is provided in the device, configured to receive the output data packets, apply thereto a second cryptographic processing inverse to the first cryptographic processing, and provide comparison data packets as a result of applying the second cryptographic processing to the output data packets received. A comparison processing circuit in the device is configured to compare the input data packets with the comparison data packets, and to produce an error signal as a result of the input data packets being different from the comparison data packets.

Abstract: Examples described herein relate to a printed circuit assembly (PCA). The PCA includes a printed circuit board (PCB). The PCA further includes an identification device embedded within the PCB. The identification device stores identity information that uniquely identifies identification device and the PCB. Moreover, a PCB identifier defined using the identity information is also stored in a platform attestation file hosted locally within the PCA, on a remote server, or both locally within the PCA and on the remote server. Additionally, the PCA includes an authentication device disposed on the PCB, wherein the platform attestation file is cryptographically bound to the authentication device.

Abstract: A system and a method for user authentication and/or authorization, including a passive card to encode a first portion of an authentication or authorization code for a user via capacitive points, and a portable computing device with a capacitive screen to encode a second portion of the code. Each capacitive point is connected to an electronic circuit, being activable by physical contact of the user or with an electrical ground. Once the user has requested access to a specific service or operation, and when at least some of the passive points are activated and the passive card is in contact with the capacitive screen, the device reads the capacitive points, decoding the first portion of the code, and cryptographically signs the decoded portion using the second portion, providing the code, which is used as cryptographic key to grant access to the service or operation.

Abstract: The method comprises: a user terminal initiating an authentication request to a target server and providing device information of the user terminal, and the target server receiving the authentication request and generating a temporary session, and sending a temporary session ID and the device information to a quantum key allocation network; the quantum key allocation network searching for a wearable device bound to the user terminal, and sending the temporary session ID to the wearable device; the wearable device collecting biological recognition information of a user, and sending the biological recognition information to the quantum key allocation network; and the quantum key allocation network matching the biological recognition information with pre-stored biological recognition information, wherein if matching is successful, an authentication result is sent to the target server, and then the target server sends the authentication result to the user terminal.

Abstract: A computer system includes a memory, a processor and authentication enforcement hardware. The processor is configured to execute software, including an authentication program that authenticates data stored in the memory. The authentication enforcement hardware is coupled to the processor and is configured to verify that (i) the processor executes the authentication program periodically with at least a specified frequency, and that (ii) the authentication program successfully authenticates the data.

Abstract: In one example an apparatus comprises a computer readable memory, a signing facility comprising a plurality of hardware security modules, and a state synchronization manager comprising processing circuitry to select, from the plurality of hardware security modules, a set of hardware security modules to be assigned to a digital signature process, the set of hardware security modules comprising at least a first hardware security module and a second hardware module, and assign a set of unique state synchronization counter sequences to the respective set of hardware security modules, the set of state synchronization counter sequences comprising at least a first state synchronization counter sequence and a second state synchronization counter sequence. Other examples may be described.

Abstract: Methods and system are provided for validating the secure assembly and delivery of an IHS (Information Handling System). During factory provisioning of the IHS, an inventory certificate is uploaded to the IHS, where the certificate includes an inventory of the hardware components installed during factory assembly of the IHS and also includes validation schemas the provide instructions for identifying hardware components of the IHS. Upon delivery of the assembled IHS, a validation process is initialized and the inventory certificate is retrieved. Based on the instructions set forth by the validation schemas, the validation process collects an inventory of the detected hardware components of the IHS. The instructions of the validation schemas are further used to compare the collected inventory against the inventory from the signed inventory certificate in order to validate the detected hardware components of the IHS as the same hardware components installed during factory assembly of the IHS.

Abstract: A communication device is described including a receiver configured to receive a message including message data and a message authentication code, a first register for storing a received message authentication code and a second register for storing a computed message authentication code. The device also includes a first processor configured to extract the message authentication code from the message and to store the message authentication code in the first register, a second processor configured to compute a message authentication code based on the message data and to store the computed message authentication code in the second register, and a comparing circuit configured to compare the contents of the first register and the second register and to provide a comparison result.

Abstract: An information processing apparatus includes a verification unit that performs verification of software to be executed by an execution unit, a retaining unit that retains information indicating a voltage supposed to be applied to the execution unit, a power supply unit that applies a predetermined voltage to the execution unit on the basis of the information, and a clock signal output unit that outputs clock signals having frequencies, and the clock signal output unit outputs a clock signal having a first frequency to the verification unit when verification of the software is performed, outputs a clock signal having a second frequency lower than the first frequency to the execution unit before the predetermined voltage is applied to the execution unit, and outputs a clock signal having a third frequency higher than the second frequency to the execution unit after the predetermined voltage is applied to the execution unit.

Abstract: A network access control (NAC) device detects a connection of an endpoint device at a network switch coupled to a network and restricts access of the endpoint device to prevent the endpoint device from accessing resources of the network. The NAC device establishes a connection with the endpoint device, validates a client certificate corresponding to the endpoint device to authenticate the endpoint device as a corporate device and grants the endpoint device access to the resources of the network.

Abstract: Account permissions and data accessibility can be modified based on level of confidence for a login attempt to the account. User activity observations corresponding to one or more login attempts to access a user account can be stored. A confidence score associated with a successful login attempt of the user account can be determined. The confidence score is based on the user activity observations. A level of access to an application with functions and data for the user account can be determined. The level of access is based on the confidence score. The level of access is associated with the functions and the data that are executable and accessible subsequent to the successful login attempt.

Abstract: Provided are servers and methods for authenticating software files. A server includes a processor circuit and a memory coupled to the processor circuit. The memory includes computer program instructions that, when executed by the processor circuit, cause the authentication server to perform operations including verifying, using a public key, signature data corresponding to a single certificate file for authenticating a software installation package file that was signed using a private source key. Operations may include, responsive to verifying that the signature data matches an originally signed single certificate file, reading an image file segment table from the software installation package file. The image file segment table includes multiple records that correspond to ones of multiple image file segments of the software installation package file.

Abstract: An access control system and methods according to at least one embodiment leverage wireless access credentials to allow a user to securely gain access to a secured area using his or her mobile device. As such, a credentialed mobile device may permit access to the secured area without requiring a real-time connection to a credential management system and/or an administrative system.

Abstract: A device may not trust another device with which it is in communication. To establish trust, a first device may send a second device an indication of signed code that is stored in a protected memory of the first device. Based on determining that the first device is a trusted device, the second device may send the first device an encrypted content asset, a decryption key associated with the content asset, and/or an encryption key associated with the content asset.

Abstract: A device with key attestation features comprises an operating system stored in its memory, the operating system comprising a secure environment including a trusted application, and two or more device certificates, each associated with a device key pair, stored in the memory of the device. The trusted application is configured to handle key pair generation requests and key pair attestation requests to read an indication of a preferred device certificate. An attestation certificate that is generated in response to the key pair attestation request is then signed using one of the two or more device certificates with its associated device key pair based on the indication of a preferred device certificate.