Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for enhancing blockchain network security. Embodiments include generating a request for data from a data source, the request including plaintext data and encrypted data, the encrypted data including access data and a hash of the plaintext data, transmitting the request to a relay system component external to the blockchain network, receiving a result from the relay system component that is digitally signed using a private key of the relay system component, and verifying an integrity of the result based on a public key of the relay system component and a digital signature of the result.

Abstract: An example hardware accelerator for a computer system includes a programmable device and further includes kernel logic configured in a programmable fabric of the programmable device, and an intellectual property (IP) checker circuit in the kernel logic. The IP checker circuit is configured to obtain a device identifier (ID) of the programmable device and a signed whitelist, the signed whitelist including a list of device IDs and a signature, verify the signature of the signed whitelist, compare the device ID against the list of device IDs, and selectively assert or deassert an enable of the kernel logic in response to presence or absence, respectively, of the device ID in the list of device IDs and verification of the signature.

Abstract: Distributing a configuration to a first terminal, including establishing, on initiative of the first terminal, a connection between the first terminal and a server, which is configured to redirect connection requests received by the server on a communication port to the first terminal. The communication port is derived from an identifier of the first terminal received in a message establishing the connection. When the identifier of the terminal is associated with a plurality of terminals, the method includes generating and storing control data in association with the identifier of the terminal, transmitting, via the connection, a control message to the first terminal, which includes the control data, receiving, from a second terminal, a confirmation message including the control data and an identifier of the second terminal, and when the second terminal is a trusted terminal, and transmitting customized parameters to the first terminal to access the server.

Abstract: A method to generate a trusted certificate on an endpoint appliance located in an untrusted network, wherein client devices are configured to trust a first Certificate Authority (CA) that is administered by the untrusted network. In this approach, an overlay network is configured between the endpoint appliance and an origin server associated with the endpoint appliance. The overlay comprises an edge machine located proximate the endpoint appliance, and an associated key management service. A second CA is configured in association with the key management service to receive a second certificate signed by the first CA. A third CA is configured in association with the edge machine to receive a third certificate signed by the second CA. In response to a request from the appliance, a server certificate signed by the third CA is dynamically generated and provided to the appliance.

Abstract: Aspect of the disclosure can provide a method for network configuration that can include broadcasting a probe request frame, the probe request frame carrying device information of a first device, and, responsive to that a predetermined field of a received probe response frame carries predetermined connection information, establishing a first connection, based on the predetermined connection information, with a target router that sent the probe response frame, the probe response frame carrying the predetermined connection information in the predetermined field being sent after the device information is verified. Additionally, the method can include acquiring a second network identifier from the target router based on the first connection, and establishing a second connection with the target router based on the second network identifier, to perform interaction with a second device through the second connection.

Abstract: An electronic device according to an embodiment includes: a camera including an image sensor; a communication module; a memory; and a processor operationally connected to the camera, the communication module, and the memory. The memory may store instructions that, when executed, instruct the processor to: acquire a first image including an external object by using the camera; acquire a second image including less information than the first image by using at least a part of the first image; transmit the second image to an external electronic device by using the communication module; receive security information corresponding to the second image from the external electronic device by using the communication module; and secure the first image, at least partially based on the security information. In addition, various other embodiments are possible.

Abstract: Disclosed are devices, systems and methods for performing secure transactions in an aircraft are disclosed. Embodiments of the disclosed technology enable low cost carriers to provide payment verification for on-board purchases via the in-flight entertainment system. An exemplary method for performing secure transactions in an aircraft includes transmitting, by a user device in the aircraft using a wireless protocol, a first authentication factor and a request for one or more on-board services; receiving, from an on-board transceiver using the wireless protocol, an authentication token (a) comprising a one-time code and (b) encrypted using an asymmetric cryptographic algorithm; transmitting, using the asymmetric cryptographic algorithm, a second authentication factor comprising (a) the authentication token and (b) a text message transmitted from the user device; and receiving a confirmation of a delivery of the one or more on-board services.

Abstract: A machine in a linear communication orbit receives a query, including a set of one or more rules, through the linear communication orbit. The machine, for each respective rule: identifies files that contain content that satisfies the respective rule, generates a first report identifying a count of files at the machine that contain content satisfying the rule, and sends the first report through the linear communication orbit to a server. The machine receives an instruction packet from an external machine that includes an instruction for establishing a direct duplex connection between the respective machine and the external machine. then sends a request to the external machine to establish the direct duplex connection. The machine sends to the external machine, via the direct duplex connection, a second report including information identifying files at the machine that contain file content satisfying each rule in the set of one or more rules.

Abstract: A method for information processing, applied to a test terminal and includes: a test case is executed through a test application run by the test terminal to generate a message to be sent to a server supporting running of the test application; information of the message is acquired; and the information of the message is sent to a test platform, the information of the message being configured for the test platform to analyze a location of the server and obtain a risk detection result about whether the test application has a cross-border transmission risk or not based on whether the location is outside a safe region range or not. A device for information processing, a test terminal, a test platform and a storage medium are also provided.

Abstract: Systems herein allow an administrator to efficiently enroll computing devices into a mobile device management system, even when those computing devices are offline and not connected to the system. A management server can include a console that allows the administrator to enroll an offline computing device by selecting an offline enrollment option on a registration record. This option can cause the management server to create a device record, indicating the computing device is enrolled. The management server can also create and save a provisioning file onto a storage device, such as a USB drive. Assets, such as graphics and applications, specified by the device record are also saved onto the storage device. The storage device can be physically connected to the computing device, at which point the provisioning file guides automatic installation of the assets and implementation of device settings and compliance rules specified by the device record.

Abstract: An authentication request message is sent from a first computing device to a second computing device, wherein the first computing device and the second computing device communicate via a machine-to-machine communication protocol, and wherein the authentication request comprises a token issued by the second computing device and stored in a key obfuscation block of the first computing device. A challenge message is received at the first computing device from the second computing device. In response to the challenge message, a session key is computed at the key obfuscation block of the first computing device, wherein the session key is computed based on a secret shared between the first computing device and the second computing device. Upon generating the session key, the first computing device extracts a value from the challenge message and generates an authentication delegate based on the extracted value.

Abstract: Establishing a dynamic connection across systems is provided. The method comprises receiving user login credentials from a user from a first device and authenticating the user login credentials in connection with a user account. A session is created in response to successful authorization of the user login credentials, wherein the session comprises a session state that tracks user activity and any changes to a user account during the session, and the first device is bound to the session state and saved as a known device. Upon detecting activity of the user on a second device, a quick response code is created for the user. When the user inputs the quick response code from the second device, the second device is bound to the session state and logged into the session with the session state preserved.

Abstract: The technology disclosed herein may enable a client to access a protected resource using cryptographic keys that are based on contextual data of a device. An example method may include: determining contextual data of a computing device; transforming the contextual data in view of conversion data associated with the computing device, wherein the conversion data causes a set of alternate contextual data values to transform to a specific cryptographic value; creating, by a processing device, a cryptographic key in view of the transformed contextual data; and using the cryptographic key to enable access to a protected resource.

Abstract: An example hardware accelerator for a computer system includes a programmable device and further includes kernel logic configured in a first programmable fabric of the programmable device, a shell circuit configured in a second programmable fabric of the programmable device, the shell circuit configured to provide an interface between a computer system and the kernel logic, and an intellectual property (IP) checker circuit in the kernel logic The IP checker circuit is configured to obtain a device identifier (ID) from the first programmable fabric and a signed whitelist, the signed whitelist including a list of device IDs and a signature, verify the signature of the signed whitelist, compare the device ID against the list of device IDs, and selectively assert or deassert an enable of the kernel logic in response to presence or absence, respectively, of the device ID in the list of device IDs and verification of the signature.

Abstract: To provide a provisioning system capable of providing a valid device with valid provisioning data and preventing intrusion of an unauthorized device. A device provisioning system that provides a device 4 with provisioning data for provisioning the device 4 includes: public key providing means configured to acquire a first public key unique to the device 4 from a blockchain 2 storing the first public key in association with a first trail in response to a query using the first trail; and provisioning data providing means configured to acquire the first public key through the public key providing means in response to a query using the first trail from the device 4 and transmit the provisioning data encrypted with the first public key to the device 4.

Abstract: A docking station for docking portable electronic devices is disclosed. The docking station is configured to mechanically accept and operatively interface with the portable electronic device for non-contact charging and data transfer. The docking station can provide security features for providing and/or restricting access to computational facilities such as printers, databases, installed programs, etc. Such security features can include installing applications on such portable devices that limit access.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for identifying copyrighted material based on embedded copyright information. One of the methods includes generating, by a computing device, a timestamp indicating a time at which an update to a text segment within the textual content is performed to provide an updated text segment; generating, by the computing device, a unique identifier (ID) based on the timestamp and copyright information associated with the textual content, wherein the timestamp, the textual content, the updated text segment, and the copyright information are recorded on a blockchain of a blockchain network; and embedding, by the computing device, the unique ID in at least a portion of the updated text segment to provide an information-embedded updated text segment that enables retrieval of the copyright information associated with the updated text segment from the blockchain based on the unique ID.

Abstract: A high percentage of received communications are from external entities. In response to receiving a communication from a sender associated with an entity, the entity may be authenticated and contextualized by retrieving and processing contact information for people at the entity that are directly and/or indirectly associated with a recipient of the communication. For example, contact information for people at the entity who have previously communicated with and/or are connected to the recipient or users related to the recipient, for example, may be retrieved from one or more directory services, social networks, and/or professional networks. The contact information may be processed to create corresponding contact objects, and the contact objects may be processed to create an entity object for the entity that comprises one or more connections between the recipient and the people at the entity. The entity object may be provided to the recipient for display.

Abstract: Disclosed herein are methods, systems, and processes to secure external access to runtime systems in appliances. A request to register a security token configured to permit access to a computing system is received at the computing system. An authorization response authenticating the security token is sent. Another request to access the computing system based on the authenticated security token is received, and access is permitted to the computing system.

Abstract: A registry apparatus is provided for maintaining a device registry of agent devices for communicating with application providing apparatus. The registry comprises authentication information for uniquely authenticating at least one trusted agent device. In response to an authentication request from an agent device, the authentication information for that device is obtained from the registry, and authentication of the agent device is performed. If the authentication is successful, then application key information is transmitted to at least one of the agent device and the application providing apparatus.