Abstract: A cloud network may include a distributed security switch (DSS). The DSS may be to receive configuration information from the hypervisor. The configuration information may include a set of access mode attributes and a security policy. The DSS may be to determine that a packet is to be directed from a source virtual machine to a target virtual machine. The DSS may be to identify an egress interface of the source virtual machine and an ingress interface of the target virtual machine. The egress interface may be associated with a first access mode attribute and the ingress interface being associated with a second access mode attribute. The DSS may be to selectively route the packet, using the shared memory, based on the first access mode attribute, the second access mode attribute, and the security policy.

Abstract: Embodiments of the invention relate to systems and methods for confidential mutual authentication. A first computer may blind its public key using a blinding factor. The first computer may generate a shared secret using its private key, the blinding factor, and a public key of a second computer. The first computer may encrypt the blinding factor and a certificate including its public key using the shared secret. The first computer may send its blinded public key, the encrypted blinding factor, and the encrypted certificate to the second computer. The second computer may generate the same shared secret using its private key and the blinded public key of the first computer. The second computer may authenticate the first computer by verifying its blinded public key using the blinding factor and the certificate of the first computer. The first computer authenticates the second computer similarly.

Abstract: Intelligent systems for detecting SIM swap in mobile devices, wherein if a user requests access to an account via a mobile device, a mobile device application (MDA) sends the request along with mobile device ID and IMSI. If all information received from the MDA matches information stored in memory, the user can access the account. If the mobile device ID or IMSI received from the MDA do not match the mobile device ID or IMSI stored in memory, a social intelligence module compares a mobile device user profile with a profile for a user associated with the account ID. If the mobile device user profile matches or is within a confidence level of the profile for the user associated with the account ID, the user can access the account. Otherwise, additional methods to validate the user may be implemented to prevent possible fraudsters from accessing the account.

Abstract: In one illustrative example, a mobile network extender has a network interface configured to connect with a host router and a cellular modem configured to provide a wireless link for communications via a cellular mobile network. In a pairing process, the extender may establish a secure encrypted channel with the router via the network interface. In a locking process, the extender may receive information from the router and verify the information. Upon verification, the extender may be set in a locked state in which the extender is logically locked to the router. The extender may also receive and store a secret session key from the router, and permit the router to acquire the extender for communications. In the locked state, the extender may permit or deny subsequent router acquisition upon router reconnection based on verifying, using the secret session key, authentication data received via the network interface.

Abstract: Embodiments are disclosed for a method for identifying network risk. The method includes determining that a computing device has created a new connection to a network. Additionally, the method includes determining the public internet protocol (public IP) address of the exit point used by the network. Further, the method includes determining a reputation rating of the network based on the public IP address of the exit point. The method also includes providing a notification indicating the reputation rating of the network.

Abstract: A method including a server acquires verification code parameters required for generating a verification code; the server uses the verification code parameters as an input to a three-dimensional model to generate a three-dimensional image, wherein recognizable content corresponding to a specified visual focus position of a user is embedded in the three-dimensional image; and the server sends the three-dimensional image to a client terminal as a verification code for display.

Abstract: This disclosure provides a method, performed in a wireless device, for obtaining initial access to a network in order to establish a connection to a server connected to the network. The wireless device stores a device public key and a device private key. The server stores the device public key. The method comprises transmitting an initial access request to a network node of the network and receiving an authentication request from the network node, the authentication request comprising a challenge. The method comprises generating a device authenticator based on the challenge and the device public key, and transmitting an authentication response to the network node. The authentication response comprises the device authenticator. The method comprises receiving an initial access response from the network node, the initial access response comprising an indicator of whether the initial access is granted or denied.

Abstract: Embodiments are directed to provisioning a general-use basis for authentication of a processor device. During manufacture, a hardware processor stores a secret value and shares a derived value produced based on the secret value with a secure service. These values may be used in a limited-use initial authentication process to authenticate the hardware processor. A general-use basis for authentication not so limited as the initial authentication process is established subsequent to the manufacture of the hardware processor. The general-use basis for authentication may include a public-private key pair, and is established upon successful completion of the initial authentication process. Authentication using the general-use process produces an authentication traceable to the manufacture of the hardware processor.

Abstract: Methods, systems, and computer-readable storage media for receiving, by a web browser executing on a client-side device, a response from a server, the response provided in a taint-enhanced data format, processing, by a Javascript framework executed by the web browser, the response to parse data within the response and, for any data values marked as tainted, providing respective taint string Javascript objects as sanitized data, and providing the sanitized data to a document object model (DOM).

Abstract: In some examples, an apparatus to authenticate a battery includes a battery voltage monitor to monitor a voltage of the battery. The apparatus to authenticate the battery also includes a voltage source regulator to filter the voltage of the battery and provide the filtered voltage to turn on circuitry to be used to authenticate the battery.

Abstract: Examples described relate to disabling of MAC address aging time for an IoT device on a network switch. In an example, in response to a device joining a network, a network switch in the network may determine a media access control (MAC) address of the device. The network switch may then send the MAC address to an authentication server. In response, the network switch may receive a Vendor Specific Attribute (VSA) associated with the MAC address from the authentication server. The VSA indicates that the MAC address relates to an IoT device. Based on the VSA, the network switch may recognize the MAC address of the device as a MAC address of the IoT device. In response to recognizing, the network switch may disable MAC address aging time for the MAC address of the IoT device on the network switch.

Abstract: A method, a system, and computer readable medium comprising instructions for image capture to enforce remote agent adherence. The method comprises a first computer receiving an authentication request. The method also comprises a client component executing on the first computer detecting the authentication request and the client component, based on detecting the authentication request, causing a digital image to be captured. The method also comprises the first computer transmitting the digital image to a second computer, the second computer analyzing the digital image, and the second computer authenticating the digital image based on the analysis.

Abstract: Key encryption methods, apparatuses and systems are disclosed in the embodiments of the present disclosure. A client does not store an encryption algorithm used for encrypting a key, but only stores an information header encrypted by the encryption algorithm, so that an attacker cannot directly obtain the encryption algorithm that is used for decrypting the information header even if the client is attacked, thus improving the security of the key in the client. When the key is needed to be used to encrypt obtained data, the client can use the stored first information header to request the key from the server, and the server having a higher security restores the key based on a stored first encryption algorithm. The client can encrypt the data using the key obtained from the server, so that the client can ensure the security of the obtained data without storing the encryption algorithm.

Abstract: This disclosure includes utilizing a token cryptogram with a browser to facilitate a transaction. A webpage of a website is configured to accept a token cryptogram in fields of the webpage. The webpage of the website may indicate that it is token-aware and is configured to accept the token cryptograms.

Abstract: Systems and methods for protecting vulnerable code by obtaining an input file comprising code representing executable files; generating a protected executable file by replacing an unencrypted version of each vulnerable function of the input file with a VM-exit generating instruction; and generating a database file including an encrypted version of each vulnerable function deleted from the input file. The protected executable file, database file are stored on a target device. A UEFI application initializes a hypervisor which accesses the decryption key using a TPM device and loads an operating system. When the hypervisor detects an attempt to execute an encrypted version of a vulnerable function it decrypts the encrypted version of the vulnerable function.

Abstract: Systems and methods described herein relate to techniques that allow for multiple parties to jointly generate or jointly agree upon the parameters for generation of a smart contract, such as a verification key. Execution of the smart contract may be performed by a third party, for example, a worker node on a blockchain network. Techniques described herein may be utilised as part of a protocol in which parties of a smart contract share powers of a secret in a manner that allows each party to determine an identical common reference string, agree on parameters for a smart contract agree and/or make proportionate contributions the smart contract, and combinations thereof. The smart contract may be published to a blockchain network (e.g., Bitcoin Cash). The protocol may be a zero-knowledge protocol.

Abstract: A Tamper Switch Assembly to protect cryptographic modules and electronic components within a closeable unit. The Tamper Switch Assembly includes a Lid Switch Actuator affixable to an underside of a lid of the closeable unit, and a Lid Switch Guard Bracket affixable within a chassis of the closeable unit. The Tamper Switch Assembly includes an Electronic Switch Assembly insertable within the Lid Switch Guard Bracket to provide electrical monitoring of a switch state. A microprocessor is coupled to the Electronic Switch Assembly by communication means to monitor the switch for electrical continuity to determine its state, and in response, determine whether a tampering of the securely closed unit has occurred. Other embodiments are disclosed.

Abstract: A computer system module(s) substitutes a double scalar multiplication, used for signature verification in an encryption/decryption system, for two single scalar multiplications. The modules verify a group equation defined by [S]B=R+[k]A? of the encryption/decryption system, where S is an integer characterized by the signature, K is an integer generated by a message being encrypted, B is a base point on the elliptic curve, R is a point on the elliptic curve and characterized by the signature, and A? is a public key. The modules optionally rearrange the group equation to [S]B+[?k]A?=R, and convert it to [S]B+[n?k]A?=R, where n is the order of the base point. The modules determine a joint sparse form for the integers S and n?k and apply the Shamir's algorithm to the joint sparse form to verify the group equation.

Abstract: A smart tag and methods of interacting with and authenticating interactions with the same are provided. The smart tag is enabled to generate a Tag Authentication Cryptogram (TAC) and include the TAC in response to a read request. Accordingly, each response generated by the smart tag will include a different TAC. It follows that interactions between the smart tag and a reading device can be authenticated as unique interactions if the TAC is validated as a unique and correct TAC.

Abstract: A container corresponding to executable code may be received. In response to receiving the container, a container manager resident in a memory of a computation environment may be executed to verify the container. The container manager may be verified by a boot loader of the computation environment. Permissions of the container to access the resources of a computation environment may be determined after the verification of the container by the container manager. Access to one or more resources of the computation environment may be provided by transferring control to the one or more resources from the container manager to the container based on the permissions of the container for the resources of the computation environment.