Abstract: A method for user authentication based on feature information includes: judging whether a user to be authenticated belongs to a similar user group, wherein the similar user group comprises at least two similar users, and the similar users are users whose reference feature information meets a preset similarity condition and a preset distinguishability condition; and authenticating the user to be authenticated according to reference feature information in the similar user group if the user to be authenticated belongs to the similar user group.

Abstract: A system is disclosed for facilitating the secure transfer of digital assets that include making a first key and index scheme accessible for seamlessly and continuously executing digital asset transactions. The first key is capable of generating second keys and is made accessible to a sender of digital assets. The index scheme is customizable to meet the needs of the parties of the transaction and is capable of being used to generate a key derivation index. The first key and index scheme are secure, and for each digital asset transaction, the second key may be derived from the index scheme and first key, and the new key may be used to generate a new address.

Abstract: Disclosed are apparatuses, systems, and methods for providing a programmatic control channel for granting or denying access to user data. In one embodiment, a method is disclosed comprising receiving an input stream of data including user data and a first regulatory control channel (RCC) data structure; building a final RCC data structure based on the first RCC data structure and a stored RCC data structure; retrieving a regulatory query context (RQC) from a data requestor; applying one or more Boolean operators to the final RCC data structure and the RQC to obtain an evaluation result; and executing the downstream processing if the evaluation result comprises a passing evaluation result.

Abstract: Methods and systems for preventing code injection attacks are disclosed. Embodiments include generating a random security tag and obtaining an instruction block comprising an instruction to be executed by a processor. The instruction block includes at least one no-operation (NOP) instruction at a specified location within the instruction block. A first exclusive OR with the random security tag is applied to at least one instruction at the specified location, the instruction block is stored, and fetched for passing to the processor. Prior to passing the instruction block to the processor, the instruction at the specified location is verified by applying a second exclusive OR to determine whether the instruction at the specified location is the NOP instruction. When a NOP instruction, the instruction block is passed to the processor. When not an NOP instruction, the passing the instruction block to the processor is omitted.

Abstract: An automated system attempts to characterize code as safe or unsafe. For intermediate code samples not placed with sufficient confidence in either category, human-readable analysis is automatically generated to assist a human reviewer in reaching a final disposition. For example, a random forest over human-interpretable features may be created and used to identify suspicious features in a manner that is understandable to, and actionable by, a human reviewer. Similarly, a k-nearest neighbor algorithm may be used to identify similar samples of known safe and unsafe code based on a model for, e.g., a file path, a URL, an executable, and so forth. Similar code may then be displayed (with other information) to a user for evaluation in a user interface. This comparative information can improve the speed and accuracy of human interventions by providing richer context for human review of potential threats.

Abstract: Disclosed is a system comprising: an authentication datastore; a device presence engine; a traffic monitor engine; an authentication presence monitor engine; an authentication server selection engine; and a traffic routing engine. In operation: the device presence engine is configured to detect presence of a user device on a trusted network; the traffic monitor engine is configured to monitor, in response to the detection, traffic on the trusted network from the device; the authentication presence monitor engine is configured to evaluate onboarding characteristics of the user device in response to the monitoring; the authentication server selection engine is configured to select one of a plurality of authentication servers to authenticate the user device to the trusted network, the selecting based on the onboarding characteristics; and the traffic routing engine is configured to route traffic from the user device to the selected authentication server.

Abstract: Methods, computer-readable media, software, and apparatuses may monitor consumer information in order to determine a probability of a data breach associated with a customer based on an online presence of the customer. The probability of a data breach may be used to present metrics to a consumer and/or a service provider. Further, the consumer may be presented with information indicating what factors contribute to the probability of a data breach, as well as information regarding how to reduce those factors.

Abstract: This invention refers to the systems and methods of verifying the reliability and validity of task executed by crowd sourcing users. Key task implementing procedures are computerized and mapped as system events 302 and/or user actions 304, which can trigger data obtaining when users navigate in the platforms and/or systems. The obtained data 300 from the triggered data obtaining is authenticated 108. Stamped data chain 600 is constructed from the obtained data 300. A reference data chain 200 is used to set the expected geographic location and/or time for task implementing. The reference data chain 200 is generated from the reference information 102 supplied by users. Matching process 112 is implemented by checking if the stamped data chain 600 can match with the preset geographic and/or temporal conditions by the reference data chain 200. The degree of reliability and validity is determined based on the matching results.

Abstract: Point Optical Link communication security to help resolve the high resource requirements and lack of a trustworthy source of high randomness of existing communication security solutions is described herein. The scheme includes a novel model and a physical layer symmetric cryptographic key generation technique that focuses on exploiting the physical randomness manifested by the Polarization Mode Dispersion effect. This randomness makes it extremely difficult for an adversary to generate the same cryptographic keys as the communicating parties. 128 bit keys with low final mismatch rates (.ltoreq.10%) can be generated, which could easily be truncated for 64-bit and 32-bit keys if necessary.

Abstract: Systems and methods to detect and neutralize malware infected electronic communications are described. The system may receive a request for interface information from over a network from a client machine. In response to receiving the request the system may generate the interface information to include at least one input mechanism to receive user information from the user and countermeasure information for utilization on the client machine to detect whether the interface information is modified on the client machine to receive user information from the user that is not authorized. Finally, the system may communicate the interface information, over the network, to the client machine.

Abstract: A computer-implemented method includes: encrypting, by a first data party, identification data to generate a first identification data ciphertext, in which the first data party holds an identification dataset including the identification data; sending a first ciphertext set to a second data party, in which the first ciphertext set includes the first identification data ciphertext; receiving a second ciphertext set from the second data party; decrypting the second identification data ciphertext to generate a third identification data ciphertext, in which a third ciphertext set includes the third identification data ciphertext; receiving a fourth ciphertext set from the second data party, obtaining the third identification data ciphertext common to the third ciphertext set and the fourth ciphertext set; calculating a homomorphic addition result of the business data ciphertext corresponding to the third identification data ciphertext; and sending the homomorphic addition result to the second data party.

Abstract: Disclosed is a physical unclonable function generator circuit and testing method. In one embodiment, a physical unclonable function (PUF) generator includes: a PUF cell array comprising a plurality of bit cells configured in a plurality of columns and at least one row, wherein each of the plurality of columns is coupled to at least two pre-discharge transistors, and each of the plurality of bit cells comprises at least one enable transistor, at least two access transistors, and at least two storage nodes, and a PUF control circuit coupled to the PUF cell array, wherein the PUF control circuit is configured to access the plurality of bit cells to pre-charge the at least two storage nodes with substantially the same voltages allowing each of the plurality of bit cell having a first metastable logical state; to determine a second logical state; and based on the determined second logical states of the plurality of bit cells, to generate a PUF signature.

Abstract: The invention is to a system and method that utilizes a user's navigation commands in order to track which portions of a document the user has viewed and to determine if such viewing habit meets a predefined viewing requirement.

Abstract: By introducing inequality to the information dispersal/sharing storage method, a ciphertext management method or the like is provided to support novel ciphertext data management. After the ciphertext and key data are each divided, pairs of the divided ciphertext and key data are generated. Specifically, they are one-to-one paired as with conventional techniques. Furthermore, additional one-to-many pairs are generated. The generated one-to-one pairs provide equality as with conventional techniques. When the number of the one-to-one pairs of the divided ciphertext and key data that can be used is equal to or greater than a threshold number, both the ciphertext data and the key data can be reconstructed, and accordingly, the secret data can be decoded. In contrast, even when the one-to-many pairs that can be used is equal to or greater than a threshold number, the ciphertext data and/or the key data cannot be reconstructed. This provides inequality.

Abstract: Examples described herein include a method and system for determining a number of controllers in a Network Authentication Server (NAS) controller cluster, wherein each of the controllers in the NAS controller cluster includes a unique Physical Internet Protocol (PIP) address; creating a number of unique Virtual Internet Protocol (VIP) addresses for use by an external authentication server (EAS) to communicate with the controllers in the NAS controller cluster, wherein the number of VIP addresses is to be proportional to the number of PIP addresses; and mapping each controller in the NAS controller cluster to a plurality of VIP addresses, wherein the VIP addresses are to have different priorities for different controllers in the NAS controller cluster.

Abstract: Determining placement of cloud resources and containers relative to nodes in a cloud managed platform by using placement criteria and leveraging image vulnerability input. Based on the vulnerability input and resource management, containers with similar vulnerabilities are placed on a same node.

Abstract: A method for regulating access to a protected resource is disclosed.

Abstract: Systems and methods described herein measure quantum bit error rates in links between switches in a time-sensitive network, identify an increase in the quantum bit error rate in a monitored link of the links between the switches, and modify a configuration of the time-sensitive network so that secret information is not exchanged over the monitored link associated with the increase in the quantum bit error rate. The systems and methods optionally can direct computing devices to change or update the quantum key at a rate that is no slower than a rate at which the messages or frames are communicated between the computing devices. For example, a new portion of secret information used for secure communications can be created for each message and/or each frame that is communicated.

Abstract: Techniques are disclosed relating to authenticating a second mobile device for participation in a multi-factor authentication process. In disclosed embodiments, a server generates an authentication decision, based on communicating with a first mobile device as a factor in the multi-factor authentication process. After receiving a request from the first mobile device to authorize participation of a second mobile device in the multi-factor authentication process, the server may generate a secret and transmit the secret to the first mobile device. The server may receive information from the second mobile device, based on the second mobile device capturing an image of a display by the first mobile device, where the display is based on the transmitted secret. In some embodiments, the server then verifies the content of the information using the secret and verifies that the information is received within a determined time interval from transmitting the secret.

Abstract: Embodiments of the present invention provide methods, systems, apparatuses, and computer program products for facilitating remote access of customer computing entities in a secure environment. In one embodiment a method is provided comprising providing, by a first user computer entity and through a first window displaying a first webpage in a browser, a request for instruction for a particular device, the instructions being in a native command language of the particular device, wherein the request is provided over a first secure encrypted connection using a first protocol, receiving, the instructions over the first secure encrypted connection using the first protocol, initiating a bridge webpage, the bridge webpage being initiated in a second window in the browser, wherein the first window and the second window are in communication, and wherein the first page belongs to a first domain different from a second domain to which the second page belongs.