Abstract: Identity information processing method and apparatus are disclosed. The method includes: obtaining customized information of a user process on an integrated chip; determining a target operational firmware preloaded on a reconfigurable chip according to the customized information; generating first process identity information used for verifying the user process based on the target operational firmware and a fixed operational firmware of a non-reconfigurable chip; and providing the first process identity information to a privacy certificate issuing authority for performing firmware legitimacy verification of an operational firmware to determine that an identity of the user process is legitimate according to a result of the firmware legitimacy verification.

Abstract: Passive determination of reserved internet protocol (IP) conflicts on one or more hosted virtual private networks (VPNs) extracts configuration information for a plurality of hosting VPNs to build an aggregated list of IP addresses with mask and associated VPN information. A route table is extracted from a router directing traffic to an appropriate VPN host among the plurality of hosting VPNs, and a sorted list with host/network address, subnet mask, and associated VPN information is generated. The configuration information and the route table is used to expand and normalize a set of network entries.

Abstract: A device and method for data protection, and a storage controller, related to the technical field of data protection. The device comprises: an encryption unit (11), used for receiving first data to be written into a storage module and first storage address information (401), and for encrypting the first data on the basis of the first storage address information and of feature information of the storage module (402); and a decryption unit (12), used for reading from the storage module second data corresponding to second storage address information (403), and for decrypting the second data on the basis of the second storage address information and of the feature information (404).

Abstract: Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with managing a federated identity environment includes performing one or more first access control checks on a client upon receiving a request to access one or more web applications. A new signature including data associated with the performed one or more access control checks is generated. Next, the client is redirected to a first server with the generated signature to determine when to authorize the client to access the requested one or more web applications. The client is granted access to the requested one or more web applications when the client is determined to be authorized to access the requested one or more web applications based on one or more second access control checks enforced on the client using the generated signature, and wherein data associated with the enforced one or more second access control checks is included in a response signature.

Abstract: A log, comprising a sequence of temporally ordered digital entries, is authenticated by entering a new entry into the log only after expiration of a minimum time interval. A digital signature and timestamp are generated for each entry in the log and are included in each respective entry. In a validity verification phase, the timestamp of at least one of the entries is examined to determine whether it indicates entry into the log at a time relative to a preceding entry in the log after less than an expected minimum time interval. If so, a remedial action is taken.

Abstract: A computer-implemented method for generating digital media tasks, authorizing digital media associated with the digital media tasks, and evaluating the digital media is provided. In an embodiment, a server computer creates a digital media task and sends it to one or more mobile computing devices. When the server receives digital media from a mobile computing device, the server computer determines whether it is authorized to provide other computing devices with access to the digital media. Determining whether the server computer is authorized to provide other computing devices with access to the digital media may comprise determining whether the server computer has current waivers for the digital media or whether supervisory computing device has provided authorization.

Abstract: Various systems, mediums, and methods herein describe aspects of personal information platforms accessible with client devices over communication networks in data infrastructures. A system may determine data associated with a user. The system may determine a personal information platform (PIP) based on the data associated with the user, where the PIP is configured to identify a number of data types from the data associated with the user. The system may determine accesses for one or more entities to the number of data types based on one or more services provided by the one or more entities to the user. The system may cause a client device to display an indication of the PIP, where the indication provides the one or more accesses of the one or more entities.

Abstract: Embodiments of the invention are directed to systems, methods, and computer program products for real-time generation and deployment of specific user information security vulnerability levels based on vulnerability assessments for the user. The invention utilizes a two-component system to detect security vulnerabilities for a user, generate a coherent vulnerability level for the user in real-time, and provides user specific mitigation actions depending on each user vulnerability assessment. The first component of the system is an information threat assessment engine, which identifies and/or receives external and internal data regarding users to determine information security threats. The second component is an analytics engine, which is configured to generate vulnerability levels and specific mitigation actions for the user based on threat patterning.

Abstract: A system for generating entity-specific security-related inquiries and determining a frequency for invoking the inquiries based on integration of external security-related data and internal security related data. Specifically, a security threat level is determined for an entity and the components which comprise the security threat are identified. The components signify areas of focus for generating the entity-specific security-related inquiries. In further embodiments of the invention analytics are implemented to logically analyze the external security-related data and internal security related data and the results of which further refine the generation of the entity-specific security-related inquiries and/or determination of the frequency for invoking the inquiries.

Abstract: A method and system for associating a unique device identifier with a potential security threat are described. In a method conducted at a remotely accessible server, a unique device identifier is received from a computing device. The unique device identifier is associated with a record and is usable in identifying the computing device. An interaction data element is received from the computing device. The received interaction data element is validated including confirming that the received interaction data element matches an expected interaction data element associated with the record. Based on determining that the received interaction data element is not valid, the record is updated to associate the unique device identifier with a potential security threat. The interaction data element is updated periodically according to a sequence. The expected interaction data element changes based on the sequence.

Abstract: Techniques for providing a server-based Wi-Fi Protected Setup (WPS) PIN procedure are described. In an example, a computing device generates a PIN associated with a WPS-PIN procedure. The computing device encrypts the PIN to generate an encrypted PIN based on a public key associated with a server. Further, the computing device sends, to another computing device that is communicatively coupled with the server via an access point, a WPS probe request that includes the encrypted PIN. Based on the WPS probe request, the computing device receives, from at least one of the other computing devices or the server, a credential associated with the access point. The computing devices connects to the access point based on the credential.

Abstract: Systems and methods may be used for establishing a link between user identifiers of different systems without disclosing specific user identifying information. One method includes generating a matching relationship based on double encrypted one or more first data sets of a first party system and double encrypted one or more second data sets of a second party system. The matching relationship indicates one or more links between match keys associated with the first party system and the match keys associated with the third party system. The method includes assigning bridge identifiers for user identifiers associated with the first party system and the user identifiers associated with the third party system based on the matching relationship.

Abstract: The present patent application discloses a distributed network system for communications via messaging based on blockchains. Utilizing blockchains for network messaging allows for various security systems to ensure that messages are not intercepted in a man-in-the-middle attack, or other form of hacking. An electronic message formed of a blockchain includes a genesis block containing as data an electronic message and identifying information of a sender terminal that generated the electronic message. The blockchain also includes a plurality of blockchain blocks containing identifying information of devices that transmitted the electronic message through a distributed network. The blockchain also includes a recipient block containing identifying information of a recipient terminal to which the electronic message was sent.

Abstract: A data storage method comprises receiving, from a first blockchain node associated with a blockchain, a query for encrypted data stored in the blockchain, wherein the encrypted data is shared by a second blockchain node; determining, through one or more smart contracts, whether the first blockchain node has a permission to decrypt the encrypted data; if the first blockchain node has the permission: sending the encrypted data to an encryption device to decrypt the encrypted data and return data obtained from the decryption to the first blockchain node; determining, through the smart contracts, a reward value to be added to an account of the second blockchain node; and sending a node identifier of the second blockchain node and the reward value to blockchain nodes of the blockchain, enabling each of the blockchain nodes to store the node identifier and the reward value in the blockchain.

Abstract: The invention relates to methods and devices for enabling authentication of a user based on biometric data. In an aspect of the invention, a method performed by a client device of enabling authentication of user of the client device with a network node over a secure communication channel based on biometric data is provided.

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising a memory configured to store an identifier of the apparatus, at least one processing core configured to obtain, from sensor information, a service identifier and a session identifier, compile a message addressed to a service provider associated with the service identifier, the message comprising the identifier of the apparatus and the session identifier, and cause transmission of the message toward the service provider.

Abstract: Embodiments of the present invention provide systems and methods for thwarting attempts at the unauthorized access to the restricted resources within the target server in a multi-node system. Real-time detection of the user ID and thread ID associated with attempts to access the restricted resources within the target server in a multi-node system is achieved by analyzing causality, message queue, and event-driven patterns.

Abstract: Execution of an application in an application-level sandbox is disclosed. A request to launch an application is received by an operating system executing on a device. A determination is made that a stored copy of the application should be executed within an application-level sandbox. The stored copy of the application is executed in the application-level sandbox.

Abstract: Methods and systems are disclosed for implementing one or more isolated computing environment via one or more memory spaces. The isolated computing environment may be configured to execute one or more sandboxed applications and/or processes associated with the isolated computing environment. One or more firewalls may be associated with the one or more sandboxed containers. One or more firewalls may be configured to apply a set of criteria (e.g., policies) to each of the applications and/or processes. In examples, the one or more sandbox firewalls may exist for each of the applications and/or processes and may prevent unauthorized communications between the applications and/or processes. In examples, a sandbox firewall may be configured to apply a set of criteria to one or more applications and/or processes associated with the one or more isolated computing environments. The sandbox firewall may be configured to allow authorized communications between the applications and/or processes.