Abstract: In embodiments, an authentication server interfaces between a user device with a self-signed certificate and a verifying computer that accepts a user name and password. The user device generates a self-signed certificate signed by a private key on the user device. The self-signed certificate is transmitted to a verifying party computer over a network. The verifying party stores the self-signed certificate with user identification data. The user migrates trust to another device by providing the root certificate and intermediate certificate as a certificate chain to a second device, which then adds a new intermediate certificate to create a longer certificate chain with the same root certificate. In subsequent communications, the verifying party receives a certificate chain including the self-signed certificate from the second user device, and matches that with the user identification data stored in a database.

Abstract: The present application provides example website login methods and apparatuses. One example method includes identifying a website jump trigger indication to jump from a first website to a second website. A first token is then obtained from a cookie store of the web browser, the first token associated with a website identifier of the second website and a device fingerprint indicating a running environment at a time when the password-free proxy login was previously set. In response to determining that a current running environment corresponds to the device fingerprint, a second token corresponding to the first token is obtained, wherein the second token comprises an access token indicating that the second website grants password-free login permissions. A password-free login request is sent to the second website including the second token. In response to the second website verifying the second token, the second website is logged into without a password.

Abstract: There are disclosed herein a technique for use in security. In at least one embodiment, the technique comprises receiving information relating to users and performing an affinity propagation clustering operation in connection with the information to identify a cluster of similar users. Further, the technique determines a risk in connection with a user in the cluster by comparing the user to one or more other users in the cluster. Still further, based on the risk in connection with the user, the technique controls access by the user to a computerized resource.

Abstract: A computing device can perform operations to unlock encrypted volumes of the computing device while the computing device is in a recovery environment. In some examples, the computing device can work in conjunction with a test computing device to unlock the encrypted volumes using an unlock token and a PIN. In other examples, the computing device can perform operations without a test computing device. For example, the computing device can, while in the recovery environment, use credentials associated with a user of the computing device to obtain a recovery password to unlock keys for interpreting the encrypted volumes. In some examples, the computing device can use a shortened recovery password in conjunction with anti-hammering capabilities of a Trusted Platform Module in order to unlock keys for interpreting the encrypted volumes. These and other operations can facilitate secure unlock of volumes of encrypted data on a consumer device.

Abstract: An extended hardware security module (“HSM”) possessing additional security properties relative to conventional HSMs and methods for initializing, deploying, and managing such extended HSMs in a networked environment. In the preferred embodiment, an extended HSM includes additional hardware and software components that configure it to run sensitive client tasks on demand inside a cloud-hosted, anti-tamper HSM housing so as to ensure sensitive data is encrypted when stored or processed outside the housing. Methods for initializing, deploying, and managing provide a framework through which extended HSMs may be secured from their initial assembly through their availing for use and actual use over a network by one or more clients. Such use often entails repeated discrete sequential secure sessions and concurrent discrete secure sessions.

Abstract: Aspects of communication of a client device with a private or hybrid cloud are described. In some aspects, a private host computer is determined as being connected to a private network. The private network differs from a network to which the client device is connected. A virtual private network is established between the client device and the private host computer. The virtual private network being established using a virtual private network server that includes a connection to the private host computer through the private network. A request is transmitted to the private host computer through the virtual private network. The request includes an origin value, wherein instructions associated with the origin value are allowed to access resources of the private host computer.

Abstract: Disclosed herein are methods, devices, and apparatuses, including computer programs stored on computer-readable media, for processing certificates in a blockchain system. One of the methods includes: causing a smart contract to be generated in the blockchain system, wherein the smart contract includes computer-readable instructions for processing certificates; after the smart contract is generated, sending a first request for a first transaction to the blockchain system, the first transaction causing the blockchain system to execute the smart contract to generate a certificate specification based on the first request; receiving, from the blockchain system, the certificate specification; and sending, to the blockchain system, a second request for a plurality of second transactions, the plurality of second transactions causing the blockchain system to execute the smart contract to generate a plurality of certificates.

Abstract: Disclosed herein are representative embodiments of methods, apparatus, and systems for processing and managing information from one or more security control tools, such as a security configuration management tool, a vulnerability management tool, an event logging tool, or other IT infrastructure security or monitoring tool that is used to monitor, secure, and/or control assets in an IT infrastructure. For example, in some embodiments, user interfaces are disclosed that allow a user to quickly view, filter, and evaluate the degree of security control coverage in selected assets of an enterprise. In further embodiments, user interfaces are disclosed that allow a user to view and evaluate the current security state for selected assets in across a variety of categories and, in some cases, as guided by a two-dimensional vulnerability risk matrix.

Abstract: The present disclosure relates to a published information processing method and device. One example method includes obtaining a data item to be published in a published information record from a network site, the data item associated with a service item of the network site; determining that the published information record does not include a prior published data item associated with the service item; in response to determining that the published information record does not include a prior published data item associated with the service item, generating an encryption value based on predetermined initial information; and storing the data item and the generated encryption value in the published information record, wherein the encryption value is configured to enable a user to detect whether the data item has been modified on the network site.

Abstract: Methods, apparatus, systems, and articles of manufacture to remediate ransomware are disclosed. An example malware scanner includes a sinkhole generator to generate a sinkhole directory. The example malware scanner includes a storage device adapted to store a computer file and the sinkhole directory, wherein the sinkhole directory recursively expands when the computer file performs a file listing of the sinkhole directory to occupy the computer file by extending a period of time taken to perform the file listing of the sinkhole directory. The example malware scanner includes an analyzer to monitor execution of the computer file while the computer file is performing the file listing of the sinkhole directory to attempt to identify an indicator of compromise associated with the computer file, the analyzer to classify the computer file as ransomware when the analyzer identifies the indicator of compromise. The example malware scanner includes a cleaner to remediate the ransomware.

Abstract: An image forming apparatus controls the use of a remote user interface (RUI) by requesting authentication with an RUI access password from a client device in a case where the RUI access password is set. In a case of a department ID management setting, the security setting is different from the RUI access password setting. In this situation, the image forming apparatus requests authentication with the department ID, and then controls the use of the RUI based on the result of the authentication.

Abstract: A method includes receiving, by a screening service, an applicant profile that identifies an applicant and an authorization to provide access to screening results generated by the screening service based on the applicant profile to a screener, associating, using a computer, an identifier with the screening results, and communicating the identifier to the screener.

Abstract: Secure, platform-independent code signing is disclosed. For example, a project file is associated with metadata, and a memory is communicatively coupled with one or more processors that execute to retrieve the metadata. A guest associated with a hosting platform of the project file is instantiated. A toolchain and a signature associated with the project file are loaded to the guest, where the toolchain is determined based on the metadata. The project file is built into an executable file. The executable file is signed with the signature, resulting in a certified executable.

Abstract: A system and methods for context-aware and situation-aware secure, policy-based access control for computing devices. The invention enhances the previously disclosed policy-based control system by adding contextual information to the set of resources by which a policy decision point can adjudicate a query to execute a transaction or to access a secure resource. Policy information points are able to store information collected over time related to resources under the control of the system. The system can further include an analytical processing engine capable of inferring new information from existing information that also can be used by the decision points. The policy information points provide context to the decision. They are also able to consider and include information that is external to the system or detected outside the system itself.

Abstract: The present application provides example website login methods and apparatuses. One example method includes identifying a website jump trigger indication to jump from a first website to a second website. A first token is then obtained from a cookie store of the web browser, the first token associated with a website identifier of the second website and a device fingerprint indicating a running environment at a time when the password-free proxy login was previously set. In response to determining that a current running environment corresponds to the device fingerprint, a second token corresponding to the first token is obtained, wherein the second token comprises an access token indicating that the second website grants password-free login permissions. A password-free login request is sent to the second website including the second token. In response to the second website verifying the second token, the second website is logged into without a password.

Abstract: Techniques are described for concealing sensitive or confidential information in an application. In an example method, operation rights are obtained to an attribute list of a media file associated with a software application. Then, the attribute list of the media file is identified. Further, user information generated by the software application is written into the attribute list of the media file. Lastly, the media is stored in an installation path of the software application.

Abstract: Embodiments of the present disclosure disclose a multimedia data processing method, apparatus, and a storage medium. In the embodiments of the present disclosure, a playing request carrying an identifier of multimedia data is received. A valid single-use verification parameter is generated according to the playing request. A link address of the corresponding multimedia data is obtained according to the identifier of the multimedia data. A playing address is generated according to the verification parameter and the link address. The multimedia data is played based on the playing address. This present disclosure improves the data security technology and prevent a user from capturing, by means of data packet capturing or by using third party software, a source file of the multimedia data used within a website.

Abstract: The invention Ubit can make data semantics understandable to both humans and machine; semantic translating tools no needed any more, such as compiler, interpreter, semantic analysis, web parser, domain name resolution; machine embodies real intelligence. The three password authentication makes entity authentication nearly unbreakable. Three key encryption can easily realize one-time pad, and also can used in data storage encryption; making data in perfect secure. Ubit presents an interface method between human and human, between machine and human, and between machine and machine; makes all data compatible one another; and anyone can access anything, from anywhere, and in anytime. The methods make hardware and software much more precisely, efficiency and space saved. All methods can be easily implemented.

Abstract: Systems and devices generating biometrics associated with events triggered by actions of a users are disclosed, improving security, trust factors, functionality and automation potential. In accordance with the invention, redesign of operating systems, software, storage, medium formatting, applications (apps) and services, busses, compilers and chips smoothly incorporate biometrics, implying changes to software, internal chip machine code/internal operating system, storage medium, applications, communications structure and formatting and services. Improvements extend to private and public networks, cloud computing and potentially the networks' least common denominator elements. A wholly electronic trusted commerce solution is envisaged, taking advantage of electronic currency such as a bit coin, uniquely identified paper money combined with electronics and NFC or RFID variable wireless capabilities. Improvements also extent to forensic analysis for law enforcement and government.

Abstract: A cloud deployment system is used for obfuscating CPU operation codes in a set of machines operating in a distributed computing environment. A reprogrammable microcode replaces a hardware instruction set, the microcode layer containing a set of original operation codes. A first transform of the set of original operation codes produces a first set of transformed operation codes. A first transformed microcode is created which incorporates the first set of transformed operation codes instead of the original operation codes. An operating system and an application is compiled using the first set of transformed operation codes to produce a first cross compiled operating system and application. The first transformed microcode, the first cross compiled operating system and application are deployed to a respective first one of the set of machines, the first one of the machines equipped with a softcore processor.