A system includes a hardware processor, a virtual host, and a first subsystem. The processor receives a request indicating that a user is seeking to access the first subsystem. The processor uses the virtual host to perform a first authentication of the user, without yet connecting the user to the first subsystem, based on the login credentials of the user. In response to performing the first authentication, the virtual host provides the user with access to the first subsystem. The first subsystem then generates a key associated with the user and stores the key in a database. The first subsystem splits the key into a first part and a second part. The first subsystem additionally sends the first part to the user, for storage in an authentication string stored in a device of the user. The first subsystem also stores the second part in a second authentication server.

A network traffic hub extracts encryption metadata from messages establishing an encrypted connection between a smart appliance and a remote server and determines whether malicious behavior is present in the messages. For example, the network traffic hub can extract an encryption cipher suite, identified encryption algorithms, or a public certificate. The network traffic hub detects malicious behavior or security threats based on the encryption metadata. These security threats may include a man-in-the-middle attacker or a Padding Oracle On Downgraded Legacy Encryption attack. Upon detecting malicious behavior or security threats, the network traffic hub blocks the encrypted traffic or notifies a user.

An example operation may include one or more of receiving, by a blockchain node or peer of a blockchain network, attribute data for a user profile, creating blockchain transactions to store attribute hashes and metadata to a shared ledger, receiving a user profile query from an identity consumer, creating blockchain transactions to retrieve attribute hashes and metadata corresponding to the query, reconstructing the user profile from the metadata, responding to the query by providing attribute data to the identity consumer, and creating and storing hashes of the attribute data and metadata to the shared ledger.

A method includes monitoring an enterprise system to identify cryptographic techniques utilized by one or more components of the enterprise system, the one or more components comprising at least one of physical and virtual computing resources. The method also includes generating one or more profiles characterizing usage of at least a given one of the identified cryptographic techniques by at least a given one of the one or more components of the enterprise system and determining an effect of cryptographic obsolescence of the given identified cryptographic technique on the enterprise system utilizing the generated one or more profiles. The method further includes identifying one or more remedial actions for mitigating the effect of cryptographic obsolescence of the given identified cryptographic technique on the enterprise system and initiating one or more of the identified remedial actions to modify a configuration of one or more components of the enterprise system.

A method includes receiving a first message from a device via a network. The method includes determining a device type of the device. In response to determining that the device type satisfies a criterion, sending a second message granting the device limited access to the network subject to a first restriction level that limits bandwidth usage by the device to a first consumption threshold and sending a network access request to a second device associated with an operator of the access point. The method includes receiving a response to the network access request from the second device. The method also includes, responsive to the response indicating to grant the device access to the network subject to a second restriction level, allowing the device access to the network subject to the second restriction level, where the second restriction level limits bandwidth usage by the device to a second consumption threshold that is greater than the first consumption threshold.

In one embodiment, an apparatus includes a core to execute instructions, where in response to a first instruction, the core is to obtain an encrypted binary of a requester from a source location and store the encrypted binary to a destination location. The apparatus may further include a memory execution circuit coupled to the core that, in response to a request from the core and based on the first instruction, is to generate at least one integrity value for the binary and store the at least one integrity value in association with the binary.

A system and method is provided that enables the recovery of data packets transmitted over an unreliable network. The system and method utilize an algorithm for transmitting the data packets with restoration of lost data during data transfer over UDP Protocol encrypted with DTLS Protocol. Advantageously, the algorithm does not require changes to data for either UDP or DTLS packets, but rather a separate, specifically designed packet is transmitted to the recipient to facilitate and ensure the recovery of any lost data packets over the unreliable network.

To detect tampering in secure computation while maintaining confidentiality with a little communication traffic. A random number generation part (11) generates [{right arrow over ( )}r.sub.i], [{right arrow over ( )}s.sub.i]. A random number multiplication part (12) computes [{right arrow over ( )}t.sub.i]:=[{right arrow over ( )}r.sub.i{right arrow over ( )}s.sub.i]. A secret multiplication part (13) computes [{right arrow over ( )}z]:=[{right arrow over ( )}x{right arrow over ( )}y]. A random number verification part (14) discloses a p.sub.i,jth element of each of [{right arrow over ( )}r.sub.i], [{right arrow over ( )}s.sub.i], [{right arrow over ( )}t.sub.i] and confirms whether the element has integrity as multiplication. A random number substitution part (15) randomly substitutes elements in each of [{right arrow over ( )}r.sub.i], [{right arrow over ( )}s.sub.i], [{right arrow over ( )}t.sub.i] except for the p.sub.i,j-th element to generate [{right arrow over ( )}r′.sub.i], [{right arrow over ( )}s′.sub.i], [{right arrow over ( )}t′.sub.i]. A subtraction value disclosure part (16) computes [{right arrow over ( )}x−{right arrow over ( )}r′.sub.i], [{right arrow over ( )}x−{right arrow over ( )}s′.sub.i]. A verification value computing part (17) computes [{right arrow over ( )}c.sub.i]:=[{right arrow over ( )}z]−({right arrow over ( )}x−{right arrow over ( )}r′.sub.i)[{right arrow over ( )}y]−({right arrow over ( )}y−{right arrow over ( )}s′.sub.i)[{right arrow over ( )}r′.sub.i]−[{right arrow over ( )}t′.sub.i]. A verification value confirmation part (18) confirms that verification values c.sub.i are all zero.

Systems, apparatuses, methods, and computer program products are disclosed for providing passive continuous session authentication. An example method includes authenticating a session for a user of a client device. The example method further includes capturing a video stream and sensor data over a duration of time. The example method further includes deriving, from the captured video stream, a set of biometric attributes of the user. The example method further includes deriving, from the captured sensor data, a set of behavioral attributes of the user. Subsequently, the example method includes re-authenticating the session based on the derived set of biometric attributes and the derived set of behavioral attributes.

Techniques and apparatus for providing peer-based management of user accounts are described. In one embodiment, for example, an apparatus may include at least one memory and logic coupled to the at least one memory. The logic may be configured to receive a request from at least one first user account to unlock a second user account locked responsive to a fraud event, determine a safe authentication value for the fraud event, and unlock the second user account responsive to the at least one first user account being a safe authentication account and the safe authentication value being over a safe authentication threshold value. Other embodiments are described.