Abstract: A method of securing data in an industrial processing facility (IPF) includes creating a private blockchain (PB) using a OPC UA standard functionality and storing the PB in an OPC UA address space adding it to an OPC UA communication protocol framework including edge-nodes coupled to a cloud-based or edge-located data storage. The edge-nodes are PB participant nodes, and a regulator or leader assigns them a single role as a blockmaker, block voter, or observer. The hash in the public ledger is updated once a new block is validated by a majority of the block voters, and the new block is propagated to all PB participant nodes. The regulator, leader or observer utilizes a time bound majority voting consensus to determine whether the PB participant nodes come to a consensus on a current state in the storage medium, and if a consensus the new block added to the public ledger.

Abstract: An electronic device may include a memory configured to store applications each associated with an initial identity provider (IDP) address for a remote single sign on (SSO) process. A controller may execute the applications, operate a local IDP server having a localhost IDP address associated therewith, and update the initial IDP address of the applications with the localhost IDP address. The local IDP server may, upon receipt of the request for IDP authentication from an application, determine whether an authentication token from a remote IDP server is stored in the memory, and when so, communicate the authentication token to the application, otherwise, obtain the authentication token from the remote IDP server, store the authentication token in the memory, and communicate the authentication token the given application for IDP authentication to permit the application to perform the remote SSO process.

Abstract: A system includes a processor and a computer-readable medium storing instructions for execution. The instructions include generating a cryptographic pair of user public and private keys for a user. The instructions include registering an identity of the user with an identity provider, transmitting the user public key, and receiving a user certificate from the identity provider. The instructions include signing a trust certificate for a web server, including an address and a public key of the web server, with the user private key. The instructions include, in response to an access request from the user specifying a second web server: obtaining a second trust certificate from the second web server; and establishing a connection with the second web server in response to successful verification of a signature of the second trust certificate using a public key corresponding to a trusted contact of the user.

Abstract: A method and apparatus for unlocking a terminal screen are provided. A specific embodiment of the method includes: determining a current screen state of the terminal being a state of awaiting unlocking; acquiring illumination information of an environment of the terminal in a predetermined period of time, the illumination information comprising an illumination intensity and a duration of the illumination intensity; judging whether the illumination information meets a predetermined condition; and switching the current screen state of the terminal to a successfully unlocked state in response to determining that the illumination information meets the predetermined condition. The embodiment achieves high-precision unlocking of a terminal screen without the need of manual operations on the terminal screen.

Abstract: Systems, computer products, and methods are described herein for an improved secure certificate system for identifying potential authorized and unauthorized interactions between a web browser and a website. The certificate system utilizes stored certification requirements (e.g., pinned certification requirements, third-party certification requirement system, or the like), and compares the stored certification requirements with received certification requirements. The system may notify the user or prevent the interaction between the web browser and website when the stored certification requirements do not meet the received certification requirements (e.g., a threshold requirement of certificates to validate, validated certificates, or the like). The certificate system allows the interaction between the web browser and website when the stored certification requirements meet the received certification requirements and the website is verified based on the certification requirements.

Abstract: According to an embodiment, an information processing device includes one or more processors configured to: receive first connected information including first information and first authentication information to authenticate the first information; add, to the first connected information, guarantee information to guarantee an anteroposterior relation of reception of the first connected information; and generate second authentication information to authenticate the first information, the guarantee information, and the first authentication information, the second authentication information being generated using the first information or the first authentication information and using the guarantee information.

Abstract: A method includes receiving an authentication request from a web application of a user device, the web application running in a browser. The method also includes establishing a local single sign-on session between the local identity provider and the browser and determining that a master identity provider associated with a plurality of local identity providers is unavailable. The method also includes in response to determining that the master identity provider is unavailable, marking the local single sign-on session as unsynchronized with the master identity provider. The method further includes after determining that the master identity provider is available, synchronizing the local single sign-on session with a master single sign-on session that is available to the plurality of local identity providers and marking the local single sign-on session as synchronized with the master identity provider.

Abstract: A method of assessing and addressing computer security risk is disclosed.

Abstract: Computer-implemented methods, non-transitory, computer-readable media, and computer-implemented systems for ledger verification are provided. If a user needs to audit or verify a block-chain type ledger, a time service certificate can be used as an anchor to verify a segment of a ledger corresponding to the anchor. Because a timestamp of the segment of the ledger uses the time service certificate as trustworthiness attestation, verification based on the time service certificate can ensure time validity and correctness of the segment of the ledger.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for enhancing blockchain network security. Embodiments of this specification include receiving a transaction request from a client, wherein the transaction request includes a transaction requested to be recorded on a blockchain and a transaction hash calculated based on hashing the transaction; determining the transaction hash is not previously stored in a cache resource or the blockchain; storing the transaction hash in the cache resource; and executing the transaction request.

Abstract: An example operation may include one or more of detecting a suspected biometric authentication incident, submitting a first blockchain transaction including a first report to a blockchain network, submitting a second blockchain transaction including a second report to the blockchain network, and taking an action, by one or more blockchain nodes, in response to determining one or more of the first and second reports are relevant to the one or more blockchain nodes. The first report includes public and private data corresponding to the suspected biometric authentication incident, and the second report includes one or more of a root cause and mitigation steps for the incident.

Abstract: Mechanisms and techniques for customized user validation. A login attempt is received from a remote electronic device with one or more computing devices that provide access to one or more resources. The login attempt is analyzed to determine a profile from a plurality of profiles corresponding to the login attempt. The one or more computing devices support the plurality profiles with each profile having a corresponding flow. The flow corresponding to the profile is performed prior to allowing continuation of the login attempt. The login attempt is continued, via the one or more computing devices, after the flow corresponding to the profile is completed. Access is granted to the one or more resources, via the one or more computing devices, in response to a successful completion of the login attempt.

Abstract: A system and method for detecting unauthorized access to a plurality of network assets is described. The system and method receive a network asset feed from a plurality of data sources and then generating at least one social graph with the network asset feed. User communities are identified with the social graph and user accounts are associated with user communities. Commonly accessed network assets are identified from a firewall log, a router log or the combination thereof. A derived community is identified based on the user accounts associated with commonly accessed network assets. The systems and methods monitor communications associated with the user community so that the communications correspond to the derived community, and then reports an anomalous communication when the user community communications do not correspond to the derived community.

Abstract: The present disclosure discloses a system and method for dynamically modifying role based access control for a client based on the activity. Generally, a client device is granted access to a network resource based on a first reputation score assigned to the client device. The activity of the client device is monitored. Responsive to monitoring the activity of the client device, a second reputation score is determined for the client device based on the activity. The access by the client device to the network resource is then modified to be granted based on the second reputation score.

Abstract: Disclosed embodiments relate to systems and methods for multidimensional vectors for analyzing and visually displaying identity permissions. Techniques include identifying a plurality of identities, privileges used by the identities, and data associated with the identities, developing privilege vectors based on the identified information, and generating groupings of the identities based on the privilege vectors. Further techniques include generating a group score for an identity grouping, using the group score to determine if the grouping is a least privilege grouping, and updating the privileges of the identities within the grouping.

Abstract: An electronic device is provided. The electronic device includes a memory, a communication circuitry, and a processor configured to transmit, a first signal for requesting to access an external device, to the external device, receive, a second signal for requesting to provide a token stored in the electronic device, from the external device, the token being generated based on at least part of a block chain including at least one block that is respectively associated with at least one external device that has been accessed by the electronic device, in response to the reception, transmit, information on the token, to the external device, receive, a third signal indicating allowed the access, from the external device, the third signal being transmitted from the external device in response to identifying, by the external device, to validate the token in all of the plurality of external devices, and access the external device based on the third signal.

Abstract: In one example, a control node can receive a job request from a client device to perform a job using a computing environment, where the job request includes first secure information and second secure information. The control node can authenticate the user by validating the second secure information using a first secret key. The control node can then obtain access to a job-execution service of a server node within the computing environment using the first secure information. For example, the control node can use the first secure information to obtain third secure information that is specific to the server node, and then transmit the third secure information to the server node. The server node can validate the third secure information and responsively authorize the control node to access the job-execution service. The control node can then initiate execution of the job on the server node on behalf of the user.

Abstract: A computer implemented method, program product, and system implementing said method, for transforming a call graph representation of an algorithm into a secured call graph representation of said algorithm. The call graph comprises inputs (a, b, f), internal variables being the edges of the graph (c, d, e), elementary functions being the nodes of the graph, said functions being either linear or not linear, and outputs (g), the method comprising: a step of masking each input of the call graph, a step of replacing each unmasked internal variable of the call graph with a masked variable, a step of replacing at least each non-linear function of the call graph with an equivalent function that applies to masked variables, a step of unmasking each output of the call graph.

Abstract: The present disclosure relates to a pre-5th-Generation (5G) or 5G communication system to be provided for supporting higher data rates Beyond 4th-Generation (4G) communication system such as Long Term Evolution (LTE). The various embodiments of the present invention disclose a method of secured transmission and reception of discovery message in device to device (D2D) communication system. According to one embodiment, a transmitting user equipment (UE) receives a ProSe group key (PGK) from a Prose function to perform a D2D communication in a D2D public safety group. The transmitting UE then derives a ProSe traffic key (PTK) using the PGK for transmitting data packets in the D2D communication. Using the PTK, the transmitting UE further derives a Prose integrity protection key (PIK) for securing a discovery message to discover one or more receiving UEs. The transmitting UE transmits the integrity protected discovery message using the derived PIK to the receiving UE.

Abstract: System and method for securely deploying a virtual machine in a data center is disclosed. In one embodiment, public keys are established between the requesting virtual machine and the deployed virtual machine, so that authentication and communication between the machines can occur using the public keys. In another embodiment, a secret private key is established between the requesting virtual machine and the deployed virtual machine using a password authenticated key exchange protocol. Authentication and communication between the machines is then established using the secret private key.