Abstract: A method of performing finite field addition and doubling operations in an elliptic curve cryptography (ECC) authentication scheme as a countermeasure to side-channel attack. The addition and doubling operations are executed using atomic patterns that involve the same sequence and number of operation types, so that the noise consumption and electromagnetic emanation profile of circuitry performing the operations is identical regardless of operation. A subtraction operation using such an atomic pattern is also disclosed.

Abstract: A method for verifying the identity of a user is provided that includes generating, by a computing device, a parameter for each processed frame in a video of biometric data captured from a user. The parameter results from movement of the computing device during capture of the biometric data. Moreover, the method includes generating a signal for the parameter and calculating a confidence score based on the generated signal and a classification model specific to the user. The classification model is generated from other signals generated for the parameter. Furthermore, the method includes verifying the identity of the user as true when the confidence score is at least equal to a threshold score.

Abstract: A gateway having an architecture authorizing bidirectional communication between applications located in different domains and presenting a high assurance level of protection. The gateway interconnects a first and second domain. The gateway comprises an internal protocol, first and second protocol adapters hosted within the first and second domains and configured to make a conversion between application data formatted according to an applicative protocol relative to the two domains and gateway data formatted according to the gateway internal protocol, and a security module hosted on a separate platform to communicate with the first and second protocol adapters via first and second data links according to the gateway internal protocol.

Abstract: Aspects described herein allow for systems and methods to monitor production changes to resources in a cloud computing environment and determine whether those changes were performed in accordance with a change management policy. A change order monitoring application receives data from cloud computing audit logs to detect infrastructure changes and combines that data with application information to determine which application was affected. The change order monitoring application then uses a machine learning algorithm to cluster multiple change events together when it is likely that the change events were part of the same change. If cluster of change activity does not appear to be authorized, the change order monitoring application sends an alert to a change management team and an application team to get more information about the activity.

Abstract: In sharing processing, a security apparatus applies secret sharing to processing information m to obtain a plurality of pieces of fragment information (where n=1, . . . , N), obtains verification information which is an image of the obtained fragment information through mapping, stores the verification information and outputs the fragment information. Each piece of the fragment information is stored in a storage apparatus. In restoration processing, the security apparatus accepts input of fragment information (where k=1, . . . , K) required for restoration, compares fourth verification information which is an image of the inputted fragment information through mapping with stored verification information, and restores the processing information m from the fragment information (where k=1, . . . , K) corresponding to the fourth verification information which matches the verification information.

Abstract: A browsing process is directed to the generation and management of a browse session at a network computing provider. A client computing device transmits secure requests for network resources to a network computing provider. The network computing provider comprises one or more virtual network computing providers for processing secure communications between a client computing device and a content source. A virtual network computing provider handles the secure communications, decrypting and processing the communications while preventing third parties from accessing the unencrypted communication data. The virtual network computing provider may determine a browse configuration identifying processing actions to perform on the request content.

Abstract: Provided is a method for sharing business information based on a mutual confirmation blockchain and more particularly, a method for sharing business information based on a mutual confirmation blockchain which secures reliability and integrity of the business information registered in each of a plurality of different nodes constituting the blockchain on the basis of the blockchain and supports rapid sharing of the business information.

Abstract: Disclosed is a method of providing bio-information data based on a plurality of blockchains. The method includes enabling a user blockchain node to store user block data including user information, a shared key, and a hash key for each user of a plurality of users, enabling an electronic contract blockchain node to store contract block data including contract information for a first user requesting a second user to generate bio-information data, the first user and the second user being included in the plurality of users, enabling a data transfer blockchain node to store transfer block data including storage information for at least one storage server that stores the bio-information data, and delivering the transfer block data from the data transfer blockchain node to the first user.

Abstract: Disclosed is a security authentication system for a membership login of an online website capable of ensuring a safe membership login without having to directly entering a membership ID and a password for a membership login of a certain online website on a user terminal being used in association with a smartphone for a private or public purpose, and a method thereof.

Abstract: A method for relaying a message is provided. The method includes transmitting, by an electronic device, a first message including a first anonymous identifier of the electronic device to at least one external device, and receiving a second message including the first anonymous identifier and a second anonymous identifier of the at least one external device.

Abstract: The present invention provides apparatuses, methods, computer programs, computer program products and computer-readable media regarding SDN security. The method comprises checking whether messages in the user plane comply to a preconfigured rule, and if it is determined that the messages comply to the preconfigured rule, checking whether a number of specific signaling messages related to address allocation that are sent to a controller has reached a predetermined threshold, and if the predetermined threshold has been reached, throttling transmission of the specific signaling messages to the controller.

Abstract: The present disclosure provides a method, system, and device for inquiry response mapping for determining a cybersecurity risk level of an entity. To manage and/or evaluate a cybersecurity risk level based on a relationship between a first entity and a second entity, questionnaires (e.g., requests or inquires) are often exchanged between two entities. One or more aspects of the present disclosure provide populating data sets (e.g., questionnaires) indicative of risk level for the first entity or the second entity. One or more other aspects of the present disclosure further provide determining a cybersecurity risk level of an entity by mapping responses to a plurality of inquiry sets directed to the first entity or the second entity.

Abstract: Aspects of the present disclosure involve systems, methods, computer program products, and the like, for identifying and mitigating attacks on a voice component of a telecommunications network. In general, the process includes obtaining Layer 3 through Layer 7 transmission information from one or more edge devices to the telecommunications network. In one particular embodiment, a plurality of edge devices (also referred to herein as “session border controllers” or SBCs) is included in the telecommunications network in disparate geographical locations. Each SBC may provide Layer 3 through Layer 7 transmission information for each packet or communication transmitted through the SBC to a local database, which in turn may provide the information to a Central Analysis System or database. In one particular embodiment, the Layer 3 through Layer 7 information includes Session Initiation Protocol routing information for the communications sent to each of the SBCs of the network.

Abstract: Configurations for sharing an instance of an executing process for a plug-in based on a session and a cookie data store associated with the session are disclosed. A cookie data store can be associated with a tab running in a corresponding security mode. By way of example, instead of initiating a new process for the plug-in in a new tab, the subject technology can first determine whether a previous tab is running an instance of a plug-in process. If this is the case, the subject technology can then determine whether the previous tab is running in the same security mode (e.g., protected or unprotected) as the new tab. The subject technology then shares the existing plug-in process in the previous tab without instantiating a new plug-in process in the new tab.

Abstract: A system described herein may allow for the masking of user input and/or sensor data, which could otherwise be used to uniquely identify and track a user. For example, user inputs (e.g., keyboard or mouse inputs) and/or sensor data (e.g., data from a touchscreen, pressure sensor, gyroscope, etc.) may be normalized and randomized. The normalization and/or randomization may include modifying metadata associated with user inputs or sensor data (e.g., modification of timestamps and/or modification of raw data) prior to outputting the user inputs or sensor data to an application, and/or to a service that attempts to uniquely identify users based on such metadata.

Abstract: A system may include transaction storage devices. Each transaction storage device may include a data store configured to receive, from a first entity, a request to push a detailed transaction corresponding to a secure identifier. The secure identifier may be generated, using an encoding function, from a user identifier of a user. The data store may be further configured to store the detailed transaction based on a first determination to trust the first entity. The system may further include an access controller configured to perform the first determination by applying a first security rule corresponding to a type of the secure identifier to the request to push the detailed transaction, and a registry configured to store at least the first security rule.

Abstract: Data and data requests of users of applications are filtered using a client-resident agent. A user profile may contain data pertaining to restrictions on content the user is permitted to view or types of requests the user is permitted to make. within one or more applications. Data in the user profile may be used to grant or deny access to applications, filter particular content from the user's view, or filter particular data requests made by the user.

Abstract: An Active Directory Bridge (AD Bridge) provides the ability to register, represent, and manage external network resources on an internal network. The external network resources may include cloud resources, such as Internet of Things (IoT) devices, Software-as-a-Service applications (SaaS apps), cloud-hosted virtual machines (VMs), cloud-hosted computers, and other networked cloud resources. The external network resources may be unable to communicate directly with or join the internal network due to various network connection obstacles. The AD Bridge includes an AD Bridge Gateway, an AD Bridge Gatekeeper, and an AD Bridge Agent. The AD Bridge Agent resides on each external network resource, and provides the connection of the host external network resource through the AD Bridge Gatekeeper and through the AD Bridge Gateway to the internal network. The AD Bridge provides the ability to register, represent, and manage these external network resources on an internal network.

Abstract: A computing device may accumulate behavior parameters of a controller or media with an authentication module of the controller prior to generating a unique signature with the authentication module. The unique signature can then be verified responsive to an initialization command from a host device before data is transferred by the controller between the host device and the media in response to the controller issuing at least one data access command.

Abstract: An embodiment of a method of providing identity services includes receiving identity data from an identity user, the identity data related to an identity of the identity user; receiving validation data from an identity provider, the validation data related to the identity data; if the validation data indicates that the identity data is valid, generating a transaction to store data related to the identity of the identity user on a blockchain of a blockchain system, the data to be stored including a representation of at least one of: the identity data, or the validation data; and transmitting the transaction to at least one distributed node of the blockchain system.