Abstract: The present invention provides an approach for granting access and respectively denying access to an instruction set of a device. The technical teaching provides the advantage that unauthorized access can be effectively prevented. Hence, maintenance work can be performed by specialized staff and security sensitive parts of the instruction sets are secured.

Abstract: A decentralized biometric identity authentication method utilizes biometrics captured on a mobile device to perform identity authentication against data that was registered as part of an identity proofing process and is thus trusted. The user registers his or her biometric using the user's mobile device and associates it with the user's electronic identity as part of a supervised identity proofing process, thus forming a proofed identity, and registers the proofed identity with a federated identity system. To later access the resources of the federated identity system, the user logs in with his or her biometrics. The methods described herein are useful, for example, in the travel, healthcare, and financial services fields.

Abstract: A server can receive data about attributes of user devices that includes sensors for capturing information about environments in which the user devices are located. The server can determine various risk profiles using the attributes. The risk profiles can indicate likelihoods of content on the user devices being viewed by persons other than users of the user device. The server can also transmit data indicating a risk profile of the various risk profiles to a user device. The user device can use the risk profile received from the server to identify confidential content displayed on the user device and protect the confidential content.

Abstract: The technology disclosed relates to non-intrusively enforcing security during federated single sign-on (SSO) authentication without modifying a trust relationship between a service provider (SP) and an identity provider (IDP). In particular, it relates to configuring the IDP to use a proxy-URL for forwarding an assertion generated when a user logs into the SP, in place of an assertion consumer service (ACS)-URL of the SP. It also relates to configuring an assertion proxy, at the proxy-URL, to use the SP's ACS-URL for forwarding the assertion to the SP. It further relates to inserting the assertion proxy in between the user's client and an ACS of the SP by forwarding the assertion to the SP's ACS-URL to establish a federated SSO authenticated session through the inserted assertion proxy.

Abstract: An information processing device using a primary function provided by a first server, includes a processor configured to receive, from the first server, access destination data effecting redirection to a second server providing a secondary function to be used by the primary function, send key data for encryption to the second server by adding the key data for encryption to the access destination data, transferring the access destination data to a browser, and redirecting the browser, and decrypt encrypted data based on at least a part of a response by the secondary function, the encrypted data being included in a response by the primary function, by using key data for decryption, the key data for decryption being adapted to the key data for encryption.

Abstract: Accounts receivables, accounts payables, and other debt instruments are registered to blocks of data in a blockchain. The blockchain may then be dispersed to subscribers for inspection. Any subscriber may inspect the blockchain, evaluate the debt instruments registered to the blockchain, and conduct automated, electronic purchases of any debt instruments. Smart, digital contracts executed by the blockchain may automate purchase of the debt instruments.

Abstract: In one embodiment, a method includes by a computing device, detecting a sensory input, identifying, using a machine-learning model, one or more attributes associated with the machine-learning model, wherein the attributes are identified based on the sensory input in accordance with the model's training, and presenting the attributes as output. The identifying may be performed at least in part by an inference engine that interacts with the model. The sensory input may include an input image received from a camera, and the model may identify the attributes based on an input object in the input image in accordance with the model's training. The model may include a convolutional neural network trained using training data that associates training sensory input with the attributes. The training sensory input may include a training image of a training object, and the input object may be classified in the same class as the training object.

Abstract: The present embodiments provide an environment where a user first creates or imports a document comprising of fields to be completed by one or more users. All users who have view-only access or can act on a document are considered to be “in the workflow.” All users in the workflow (except view-only users) can take actions in the document by editing, adding or entering values or signatures in those fields. When the document is complete, a computing device adds an encrypted token visualization element to the document that uniquely identifies and secures the document. Thereafter, a copy of the original document, all attachments, authentication, security and validation information, and all other relevant information about the document and users will be available to view in the chain of custody and audit trail by the authorized users by scanning the token visualization element within the platform (web application or mobile application).

Abstract: Methods and systems for detecting a malicious actor on a network. In some embodiments the system may gather data regarding one or more authentic hostnames on a network, and generate a pseudo hostname based on the gathered data. The system may then issue a network discovery request for the pseudo hostname. Based on a response to the network discovery request, the system may execute one or more remedial actions.

Abstract: An electrical apparatus includes a secured functional unit, an unsecured functional unit and a supply device. The secured functional unit has a first interface device for secure communication and a control unit, and the unsecured functional unit has a second interface device for non-secure communication. The secured functional unit and the unsecured functional unit are designed for communicating with one another. The supply device further includes a supply unit. A first power path for supplying the secured functional unit is arranged between the supply unit and the secured functional unit, and a second power path for supplying the secured functional unit with electrical energy from the supply unit is arranged between the supply unit and the unsecured functional unit. A switch is arranged in the second power path. A second power path in the switch is looped in the first switching state and disconnected in the second switching state.

Abstract: A requester submits a request to perform an encrypted search that is received by an encrypted search provider. The encrypted search provider processes the request and produces a set of intermediate results which are loaded onto a mobile computer system that includes a mobile power source. The mobile computer system is shipped to the requester, and while in transit to the requester, the mobile computer system processes the intermediate results to produce a completed search result. After the mobile computer system arrives at the requester, the mobile computer system provides the completed search result to the requester.

Abstract: In an aspect of the disclosure, a method, a computer-readable medium, and a device are provided. The device the package determination component 430 determines one or more packages distributed in firmware of a BMC. The device determines a respective update of each of the one or more packages. The device determines a first set of security vulnerabilities of the each package that is addressed by the respective update. The device further determines a second set of security vulnerabilities of the each package after the respective update is applied. The device generates a first file indicating the first set of security vulnerabilities and the second set of security vulnerabilities.

Abstract: A number of RSA computing tasks that have different word lengths which are less than a maximum word length of an operand register are processed at the same time by combining a number of different word lengths to be equal to or less than the maximum word length of the operand register.

Abstract: A client obtains, in response to a request to a server, a response that includes data for fulfillment of the request, a digital signature that can be verified using a digital certificate, and location information that specifies a location where the digital certificate can be obtained. The client uses the location information to access the location and obtains the digital certificate. Using the digital certificate, the client evaluates the digital signature provided in the response to determine whether the digital signature is valid. If the digital signature is valid, the client accepts the data included in the response for fulfillment of the request.

Abstract: For a plurality of hosts, observe first time-varying characteristics including network throughput, central processing unit (CPU) usage, and/or memory usage; second time-varying characteristics including software configuration; and time-invariant characteristics including hardware configuration, at a plurality of timestamps. Construct a restricted HMM configured to predict actual host states, wherein the first time-varying characteristics include observed variables. The current observed variables depend on current values of the hidden variables and prior timestamp distribution of the observed variables. The former in turn depend on prior timestamp values of the hidden variables, the time-invariant characteristics of the hosts. and current timestamp values of the second time-varying characteristics.

Abstract: A system and method are disclosed to improve password security assigned to a user, the method comprising: a method for performing enhanced security authentication, the method comprises: generating one-time password, by a security server, by filtering original password characters, wherein a security server provides a display on a hardware display screen, in which a plurality of keys are arranged and at least one selected from the arranged keys is used to filter original password characters; storing, by a memory unit, the original password and the one-time password generated; determining, by the security server, whether a user's password entered on the hardware display screen be accepted by comparing the entered password with the one-time password. The system comprises a storage module and a computer program for performing the method.

Abstract: System for authenticating a user's identity and facilitating execution of embedded software and access to specific hardware modules according to an authorization level, comprising: •a communication interface, enabling a user to interface the system; •an authentication module, configured to authenticate user's identity; •an authorization module, configured to determine authorization level and access privileges associated with user; •at least one Software Execution Environment (SEE); and •at least one hardware switch, controllable by said authorization module and configured to physically enable or disable data transfer over a data path between the user and SEE, whereupon successful authentication of the user will cause the authorization module to allocate hardware resources at the SEE for the user, and configure the hardware switch to enable data transfer between the user and the SEE, and enable the user to execute embedded code on the SEE according to the authorization level.

Abstract: A method and system are provided for updating an elliptic curve (EC) base point G, with the EC basepoint used in encryption and coding of video data. A candidate base point G is generated that includes additional data used for validation purposes and checked as a valid base point before transmission and use.

Abstract: Disclosed is a computer program that is used for detecting a system abnormality and controlling a causative service in a computing device. In a computer program stored in a computer-readable storage medium, including encoded commands, which causes one or more processors to perform operations for detecting a system abnormality in the computing device when the computer program is executed by the one or more processors of a computer device, the operations may include: an operation of receiving monitoring information for each client from a plurality of clients of the computing device; an operation of comparing each monitoring information for each client with a system monitoring policy; an operation of determining whether the system abnormality occurs based on a comparison result with the system monitoring policy; and an operation of determining to control some clients among the plurality of clients based on the determination of whether the system abnormality occurs.

Abstract: An autonomous driving controller includes a plurality of parallel processors operating on common input data received from the plurality of autonomous driving sensors. Each of the plurality of parallel processors includes communication circuitry, a general processor, a security processor subsystem (SCS), and a safety subsystem (SMS). The communication circuitry supports communications between the plurality of parallel processors, including inter-processor communications between the general processors of the plurality of parallel processors, communications between the SCSs of the plurality of parallel processors using SCS cryptography, and communications between the SMSs of the plurality of parallel processors using SMS cryptography, the SMS cryptography differing from the SCS cryptography. The SCS and/or the SMS may each include dedicated hardware and/or memory to support the communications.