Abstract: An information protection device includes a reception unit that receives an image of a screen displayed on a terminal connected to a certain network; an extraction unit that extracts input information for the screen from the image; a determination unit that determines whether or not the input information matches predetermined information; and a control unit that performs, when the input information is determined to be matched with the predetermined information, a control for preventing the input information from being transmitted from the network.

Abstract: Example implementations described herein provide systems and methods for detecting damage to data by malware and involve generating log information at a storage device based on a write input/output (I/O) provided to the storage device by one or more servers, the log information comprising time information for storing the write I/O to the storage device, logical block information for the write I/O, and a compression ratio associated with storing the write I/O to the storage device; and, for a request by a management server to provide the log information for a specified time range for the storage device, returning, from the storage device, the logical block information and the compression ratio associated with the time information within the specified time range.

Abstract: The present disclosure generally relates to authenticating a user of a mobile device based on motion data of said mobile device. Embodiments provide a method, apparatus and computer program for authenticating a user, a mobile device comprising such an apparatus and a system. The method comprises detecting an outfit of the user. The method comprises analyzing a gait of the user using a machine-learning model using motion data of a mobile device as input to the machine-learning model. The analysis is based on the identified outfit of the user. The method comprises authenticating the user based on the analysis of the gait of the user.

Abstract: Aspects of the disclosure are directed to a method for use on a blockchain network that includes an accounting node subnetwork having accounting nodes configured to record a data block onto a blockchain and a service node having service nodes configured to verify data blocks recorded by the accounting nodes onto the blockchain. The method can include generating a signature based on transaction information to be included in a data block to be added onto the blockchain by using a key specific to the accounting node. The method can further include adding the transaction information and the generated signature to the data block and adding the data block onto the blockchain, and transmitting the signature to the service nodes in the service node subnetwork, so that the service nodes perform signature verification on the signature based on the key specific to the accounting node.

Abstract: Systems and methods for embodiments of artificial intelligence systems for identity management are disclosed. Embodiments of the identity management systems disclosed herein may support the correlation of identities from authoritative source systems and accounts from non-authoritative source systems using artificial intelligence techniques.

Abstract: The present invention comprises a computer-implemented zero-trust authentication method that utilizes the Bitcoin Lightning Network, which is the sole protocol offering immediate, immutable, and cost-free Bitcoin settlement. A user requests access to the resource of a service provider and the user provides authentication material necessary to securely access the service provider. The service provider initiates a Hold Invoice via a cryptographic function to generate a pre-image hash, instructing the user to authorize release of Bitcoin in an amount stipulated by the Hold Invoice. Bitcoin is held in the Hold Invoice until an authentication attempt is either successful or unsuccessful. If successful, the user is issued an access token to login into the resource, the Hold Invoice is canceled and Bitcoin is released to the user. If unsuccessful, the pre-image is revealed, the user is denied access, and Bitcoin is transferred to the service provider as a settled payment transaction.

Abstract: Embodiments of the present invention disclose an AI processing method and an AI processing apparatus. The method is applied to the AI processing apparatus. An AI processor has at least two working modes, and security of the at least two working modes is different. The method includes: processing, by the AI processor, an AI processing request in a target mode. The target mode is one of the at least two working modes, and the target mode is a working mode determined based on the AI processing request. The AI processor has at least two working modes with different security, and may switch between different working modes.

Abstract: A scenario generation device (100) generates an attack scenario (32). An attack means storage unit (130) has stored therein attack means data (131) including a precondition and an attack effect of attack means. An edit screen display unit (110) arranges attack means to be included in the attack scenario (32) on a scenario edit screen (200). By using the attack means data (131), an attack scenario generation unit (20) extracts, from the attack means storage unit (130), another attack means whose attack effect is a precondition of attack means arranged on the scenario edit screen (200). The attack scenario generation unit (20) generates the attack scenario (32) by complementing the attack means arranged on the scenario edit screen (200) with the other attack means.

Abstract: An embodiment method comprises collecting at least one electrophysiological signal of a human over a limited time duration, and computing a set of electrophysiological signal features. The computing comprises at least one of: providing at least one reference electrophysiological signal and applying dynamic time warping processing to the at least one collected and at least one reference electrophysiological signals, applying stacked-auto-encoder artificial neural network processing to the collected electrophysiological signal, or filtering the electrophysiological signal collected via joint low-pass and high-pass filtering. The method further comprises applying pattern recognition processing to the computed set of features, producing a virtual key signal indicative of an identity of the human, and applying the virtual key signal to a user circuit to switch it between a first state and a second state as a result of the virtual key signal matching an authorized key signal stored in the user circuit.

Abstract: Provided is novel technology for secure security data transmission and more particularly for registering network-enabled security devices such as IP cameras to a security server over a public network such as to a cloud-based security service. An enrolment server is provided that is logged into using a computing device to request and receive an activation code for the security device. The activation code is then provided to the security device, e.g. directly by the computing device. The Security device authenticates itself based on the activation code and in one example provides a public key that will be used to verify its registration. Data transmissions by the device are secured in part on the basis of its registration.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for securing communications between devices. An example method includes obtaining a quantum random number (QRN) from a remote QRN source using a secure communication channel between the initiating device and the remote QRN source. The QRN may be a true random number. The example method may also include using the QRN to participate in computer implemented services with the participating device that received the QRN from the remote QRN source.

Abstract: Methods, systems and computer program products are described to improve machine learning (ML) model-based classification of data items by identifying and removing inaccurate training data. Inaccurate training samples may be identified, for example, based on excessive variance in vector space between a training sample and a mean of category training samples, and based on a variance between an assigned category and a predicted category for a training sample. Suspect or erroneous samples may be selectively removed based on, for example, vector space variance and/or prediction confidence level. As a result, ML model accuracy may be improved by training on a more accurate revised training set. ML model accuracy may (e.g., also) be improved, for example, by identifying and removing suspect categories with excessive (e.g., weighted) vector space variance. Suspect categories may be retained or revised. Users may (e.g., also) specify a prediction confidence level and/or coverage (e.g., to control accuracy).

Abstract: A system for providing single sign-on comprises an authentication server, multiple application servers and multiple computing devices. An application server directs a web browser running on a computing device to the authentication server. If the authentication server cannot authenticate the user based on the request it receives, it causes the browser to contact a web server of a local device agent also running on the computing device. The device agent determines whether a token for authenticating the user is available and if so, transmits a response which includes the token. If the authentication server can authenticate the user based on the token, it transmits a response which includes authentication information associated with the token and which causes the browser to direct to the application server. This reduces the number of times the user must authenticate himself without compromising security or requiring adapted web browsers.

Abstract: The present disclosure provides methods and systems for secure logon. One or more method includes: determining, via authentication information provided by a user of an electronic device, that the user is authorized to access an online account provided by the online account provider; providing the user with a selectable option to enable an expedited logon process by which the user can access the online account by solely providing a particular authentication item of the user; receiving a verification credential in response to a next logon attempt using the expedited logon process; and verifying that the received verification credential matches an assigned verification credential provided to the user for use in conjunction with the next logon attempt using the expedited logon process.

Abstract: A security device generates a key based on a physically unclonable function (PUF). The security device includes a physically unclonable function (PUF) block, an integrity detector, and a post processor. The PUF block outputs a plurality of first random signals and a plurality of corresponding first inverted random signals each having a logic level opposite to that of each of the plurality of corresponding first random signals. The integrity detector determines data integrity of the plurality of first random signals by using the plurality of first random signals and the plurality of corresponding first inverted random signals. The post processor generates a first row key that includes validity signals satisfying the data integrity.

Abstract: A method for moderation in a permissioned blockchain using a hash-oriented scheme includes: storing a blockchain including a most recent block; receiving transaction data values; receiving a first reference value and a second reference value; generating a first hash value by hashing the first reference value; generating a block proof including the first hash value, a second hash value, a third reference value, and a block value; verifying a block header of the most recent block using the block proof; receiving a new block value; generating a new block header including the first reference value, the second reference value, a fourth reference value, and the new block value; generating a new block for the blockchain including the new block header and the transaction data values; and transmitting the new block to one or more additional nodes associated with the blockchain.

Abstract: A driver assistance apparatus and method for a driver assistance apparatus for verifying the safe operation of the apparatus. It is important to verify that operating instructions that dictate the operation of a driver assistance system are verified. The apparatus includes a safety electronic control unit and the safety electronic control unit includes operating instructions stored thereon that dictate the operation of the safety electronic control unit. The safety electronic control unit further includes a verified hash storage for storing a verified hash value of at least a portion of the operating instructions. The safety electronic control unit is configured to implement a verification routine, which includes calculating, using a hash function, a test hash value of the at least a portion of the operating instructions; comparing the test hash value with the verified hash value, and if the test hash value is not equal to the verified hash value, performing a safety routine.

Abstract: A method of certifying a state of a platform includes receiving one or more software elements of a software stack of the platform by an authentication module and performing a hash algorithm on the software stack to generate one or more hash values. The software stack uniquely determines a software state of the platform. The method includes generating creation data, a creation hash, and a creation ticket, corresponding to the hash values and sending the creation ticket to the platform. The method also includes receiving the creation ticket by the authentication module and certifying the creation data and the creation hash based on the creation ticket. The method further includes generating a certified structure based on the creation data and performing the hash algorithm on the certified structure to generate a hash of the certified structure. The certified structure uniquely determines the software state of the platform.

Abstract: A technique is disclosed for remotely managing isolated domains on mobile devices. A request is received from the mobile device to instantiate a managed domain. A managed domain configuration is determined and comprises a security policy controlling access to content of the managed domain of the subscribing mobile device, a content specification identifying the content to be downloaded by the subscribing mobile device into the managed domain, and a content configuration identifying a configuration of the content on the subscribing mobile device. The managed domain configuration is sent to the subscribing mobile device to instantiate a secure, managed domain whose policy, content and content configuration is remotely controlled. The technique is useful for advertising and brand promotion on mobile devices as it simultaneously enables detailed control over the presentation of content by a curator while ensuring privacy and security protection of the other apps, accounts and data on the mobile device.

Abstract: A system, apparatuses, and methods for device and network security are discussed herein. In an example, a security device for providing security to user-entered inputs includes a universal serial bus (“USB”) port configured to receive a connector of an input device and a USB connector configured to connect to a port of a user device. The apparatus also includes a processor configured to receive a string of characters from the input device that correspond to inputs made by a user into a web browser or application on the user device. The processor adds at least one security character to the string of characters to generate a watermark string, and transmits the watermark string to the user device. The processor is configured to format the at least one security character such that only the string of characters are displayed in the web browser or the application at the user device.