Abstract: Service-to-service role mapping systems and methods are disclosed herein. An example role mapping service is positioned between a directory service and a search engine service, the directory service managing user information and permissions for users, the role mapping service mapping one or more search engine service roles to a user based on the user information and permissions received from the directory service.

Abstract: Aspects of the disclosure relate to edge-computing (“EC”)-based systems and methods for fraud mitigation. The systems and methods may utilize a multi-layer architecture. The architecture may include a set of N gatekeeper units, and each gatekeeper unit may be associated with an EC device. When a transaction request is received, the request may be processed at a first gatekeeper unit, and, if validated, successively processed by the set of N gatekeeper units. If any gatekeeper unit flags the request as suspicious, the unit may emit an audible alert that may be sensed by the associated EC device. The EC device may transmit a signal to one or more of the other gatekeeper units to perform additional processing for the request. When the request reaches the Nth gatekeeper unit and achieves validation, the transaction may be executed via a central server connected to a transaction network.

Abstract: A method and apparatus for creating and using a password card and a password hint. The invention allows the user to avoid revealing their password and because of that, the invention provides a better secure way of managing passwords. The user is still able to retrieve their password using the password hint and the password card generated by the system. The invention also allow to encrypt and decrypt the password hint to an external API and this add an extra layer of security protection.

Abstract: A device may generate network profile data indicating a set of network parameters detected by the device. The device may encrypt the network profile data and may transmit the encrypted network profile data to a network device, such as a router, or a server. The router or server may analyze the encrypted network profile data to determine if the device is secure. The router of server may perform one or more security measures if the device is not secure.

Abstract: Systems and methods are described for providing escalation-resistant network-accessible services by providing the service through a set of service instances, each executing in an environment with privileges scoped based on a user requesting to access the service. Each service instance can be implemented by code on a serverless code system, executed in response to a user request to access the service. Because the code is executed in an environment with privileges scoped to those of a requesting user, the code itself need not attempt to limit the privileges or a requesting user. For that reason, potential for privilege escalations of the service are reduced, even if vulnerabilities in the code might otherwise allow for such escalations.

Abstract: A method, computer system, and a computer program product for accessing data in a network is provided. The present invention may include reading a control blockchain, by a non-trusted node, to enable the non-trusted node to read an asset from a trusted node blockchain on a trusted node. The present invention may also include reading the trusted node blockchain by the non-trusted node. The present invention may then include creating, by the non-trusted node, a new block on a temporary blockchain based on the read trusted node blockchain. The present invention may further include transmitting, by the non-trusted node, the created new block to the trusted node, wherein transmitting the created new block causes the created new block to be added to the trusted node blockchain.

Abstract: In one example, intelligence is gathered about an attacker that is attempting an attack via a malicious exploit message by exploiting the attacker's belief that the attack is succeeding. A received message (e.g., malicious message) sent from a first message account (e.g., attacker) to a second message account (e.g., intended victim) is received. A security risk associated with the received message is determined. It is determined that the security risk associated with the received message meets one or more criteria. Based on the determination that the security risk associated with the received message meets the one or more criteria, a responsive message is sent in response to the received message from a third message account (e.g., security service) to the first message account. The responsive message includes a content reference identified as referring to a content for a user of the first message account.

Abstract: Implementations of this specification provide signature verification methods and apparatuses for a blockchain ledger. An example method includes receiving by a server, a signature verification instruction that comprises a verification object parameter and a hash value. The verification object parameter includes a third-party parameter, a platform parameter, or a time service certificate parameter, the verification object parameter indicates a type of a to-be-verified object, and the server is configured to store data by using the blockchain ledger. The server obtains the to-be-verified object based on the verification object parameter and the hash value. The type of the to-be-verified object includes a third-party digital signature, a server digital signature, or a time service certificate. The server sends the to-be-verified object to a client for verification by the client.

Abstract: Method, apparatus and system for communicating between a machine to machine, M2M, device 110 and a device management, DM, server 420 over SMS, comprising: obtaining key material, the key material configured to protect data communicated between the M2M device 110 and the DM server 420. Protecting data to be communicated using the key material. Communicating the protected data between the M2M device 110 and the DM server 420 over SMS.

Abstract: Implementations of this specification provide signature verification methods and apparatuses for a blockchain ledger. An example method includes receiving by a server, a signature verification instruction that comprises a verification object parameter and a hash value. The verification object parameter includes a third-party parameter, a platform parameter, or a time service certificate parameter, the verification object parameter indicates a type of a to-be-verified object, and the server is configured to store data by using the blockchain ledger. The server obtains the to-be-verified object based on the verification object parameter and the hash value. The type of the to-be-verified object includes a third-party digital signature, a server digital signature, or a time service certificate. The server sends the to-be-verified object to a client for verification by the client.

Abstract: A first electronic network node (110) is provided configured for a key exchange (KEX) protocol, the first network node is configured to obtain a shared polynomial (a) shared with a second network node, coefficients of the shared polynomial a being selected modulo a first modulus q, generate a private key polynomial (skI), coefficients of the private key polynomial being bounded in absolute value by a bound (s) generate a public key polynomial (pkI) by computing a polynomial product between the shared polynomial (a) and the private key polynomial (skI) modulo the first modulus (q) and scaling the coefficients of the polynomial product down to a second modulus (p).

Abstract: An authentication server in an illustrative embodiment is configured to communicate with one or more client devices over a network. Responsive to a successful login to a user account by a client device, the authentication server provides the client device with a login cookie for the user account for potential utilization in one or more subsequent logins to the user account. The authentication server initializes a cookie-specific counter for the login cookie, and increments the cookie-specific counter for each of one or more unsuccessful logins to the user account made utilizing the login cookie. Responsive to the cookie-specific counter reaching a specified value, the authentication server locks the user account for any subsequent logins to the user account made utilizing the login cookie. The authentication server resets the cookie-specific counter responsive to a successful login to the user account made utilizing the login cookie.

Abstract: An authentication technique is disclosed that uses a distributed secure listing of transactions that includes encrypted data that can be used to authenticate a principal to a verifier.

Abstract: The present disclosure relates to a method and system for securely transferring master keying material between to a slave dongle (12). Each slave dongle (12) is connected to a data transfer system. The slave dongle (12) contains a public key and a private key and the data transfer system holds a master keying material source that contains master keying material to be transferred securely to the slave dongle (12). The slave dongle's public key is transferred to the master keying material source. The master keying material source encrypts the master keying material with the slave dongle's public key to produce an encrypted master keying material. The encrypted master keying material is sent to the slave dongle (12) and the slave dongle (12) decrypts the encrypted master keying material with the slave dongle's private key. This allows multiple users, each having a slave dongle (12a-n) that has been configured in this manner, to use the same master keying material to securely communicate with one another.

Abstract: An external trusted time source is implemented over a network for conditional access system (CAS)/digital rights management (DRM) client devices. A client device includes untrusted software and a trusted execution environment (TEE) for processing an entitlement management message (EMM) that includes an epoch sequence number (ESN) transmitted from an EMM server using a first network connection. A remaining client key set (CKS) lifetime value is stored and updated in the TEE based on the ESN processed.

Abstract: A method for enhancing dialog systems is disclosed herein. The method comprises maintaining an online marketplace that may include a plurality of dialog system extension elements. Each of the plurality of dialog system extension elements may include at least one of a dialog system plugin, a dialog system add-on, a dialog system update, and a dialog system upgrade. The method may further include receiving a selection of one of the plurality of dialog system extension elements from a software developer. The software developer may be associated with a dialog system. The method may continue with associating the one of the plurality of dialog system extension elements with the dialog system of the software developer.

Abstract: A computing device obtains a request from a user device to access a network beacon. The computing device obtains a device profile for the user device. The computing device determines whether the user device satisfies an authorization rule based on the state of the user device as indicated by the device profile. The computing device authorizes the user device to access the network beacon responsive to determining that the user device satisfies the authorization rule.

Abstract: A method and apparatus for a certificate authority system providing authentication to a plurality of devices associated with an organization are described. The method may include receiving, at the certificate authority system, a request from a device to sign authentication information of the device, wherein the device is associated with the organization. The method may also include sending a challenge to the device to perform an action with a system other than the certificate authority system, and receiving the response to the challenge from the device. Furthermore, the method may include verifying that the response was generated correctly based on the challenge, and signing the authentication information of the device with one or more keys of the certificate authority system as an authentication of an identity of the device.

Abstract: Some embodiments of the invention provide a method for authenticating a security device (e.g., a smart card or other highly secured device) to modify a security state (e.g., unlocking, decrypting, etc.) at a target device (e.g., laptop computers, mobile phones, tablets, etc.). In some embodiments, the security device does not have a volatile storage for storing volatile parameters for the particular device to use to perform the authentication process. The method of some embodiments sends an encrypted challenge to the security device, in which the encrypted challenge can only be decrypted by the security device. The method receives a response and modifies accessibility for the target device when the response is a valid response. The method of some embodiments determines that a response is valid based on the decrypted contents of the response and/or based on a period of time between the issuance of the challenge and the received response.

Abstract: An ID token includes a sensor, a communication interface, and a first microcontroller. The ID token includes a protected second microcontroller having at least one microcontroller communication interface, which is arranged in a holder of the ID token, wherein the microcontroller communication interface provides a data input and a data output. The first microcontroller is configured as a proxy for switching between the sensing of the measurement data by the sensor and forwarding of the sensed measurement data from the sensor to the first application of the protected second microcontroller by the microcontroller communication interface thereof on the one hand and forwarding of notifications for establishing a connection between the second application and the reading device and/or forwarding of APDUs by the connection between the second application and the reading device on the other hand.