A computer-implemented method for generating an identity-based cryptographic key, the method comprising: obtaining a set of private key shares and a set of corresponding public key shares, wherein each private key share is generated based on the personal identifier, and wherein at least one of the set of private key shares is generated by a respective one of a set of key-generating parties; generating an identity-based private key based on each of the one or more private key shares; and generating a partial identity-based public key, wherein the partial identity-based public key is generated based on each of the set of corresponding public key shares; transmitting the partial identity-based public key to at least one of the set of key-generating parties for generating the identity-based public key; and/or generating the identity-based public key, wherein the identity-based public key comprises the personal identifier and the partial identity-based public key.

A system manages security policy data used to provide access by a user to third-party applications without revealing sign-on credentials to the user. The system includes an access management server that hosts an administration portal for configuring the security policy data. The security policy data includes, for each user, a list of applications to which the user may request access and the corresponding sign-on credentials for accessing each of the applications. In response to inputs provided at the administration portal, the system associates applications with credentials and subsequently associates the credentials with a user. Before these associations are used to update the security policy data. A request for confirmation of user permission is sent to a permission server, which stores current permission data for users. If permission for the user is confirmed, security policy data is updated according to the associations provided via the administration portal.

A remote network management platform may include persistent storage containing: (i) data related to a managed network, and (ii) a persona of a user. The remote network management platform may also include a platform application associated with a web-based user interface and using a portion of the data. The remote network management platform may also include a recommendation engine with access to a set of rules or a machine learning (ML) model corresponding to the platform application. The recommendation engine may be configured to: (i) read, from the persistent storage, the portion of the data and the persona; (ii) apply, to the portion of the data and the persona, the set of rules or the ML model to generate one or more recommendations; and (iii) transmit, by way of the web-based user interface and to the user, representations of the one or more recommendations.

Simulating user interactions during dynamic analysis of a sample is disclosed. A sample is received for analysis. Prior to execution of the sample, a baseline screenshot of a system folder is generated by accessing frame buffer data stored on a graphics card. The sample is caused to execute, at least in part using one or more hypervisor instructions to move a pointing device to an icon associated with the sample. A current screenshot of the system folder is generated by accessing current frame buffer data stored on the graphics card.

A method for user authentication according to one embodiment of the present disclosure includes acquiring authentication information including biometric information of a user, generating a random string and a helper string from the biometric information, generating a secret value that corresponds to the authentication information, generating a private key and a public key using the secret value and the random string, and transmitting the public key to an authentication server.

Systems and methods are disclosed for side-channel attack mitigation for secure devices including cryptographic circuits using block ciphers that are not based upon feedback. For disclosed embodiments, an integrated circuit includes a cryptographic circuit and a controller. The cryptographic circuit performs cryptographic operations in a block cipher AES mode without feedback. The controller outputs control signals to the cryptographic circuit that cause the cryptographic circuit to perform the cryptographic operations on sequential data blocks with an internally permuted order to mitigate block cipher side-channel attacks. The internally permuted order can be generated using one or more random number generators, one or more pre-configured permutated orders, or other techniques. Further, sequential data blocks can be grouped into sequential subsets of data blocks, and the cryptographic operations can be performed in sequence for the subsets with data blocks within each subset being processed with an internally permuted order.

The present disclosure discloses an electric border gateway device which adopts the blockchain technology to implement communication authentication and data transmission encryption at the gateway. As a device for sinking and processing local information, the border gateway device may build not only a local blockchain network with a variety of local electric sensing terminal devices, but also a regional blockchain network with other border gateways and electric management platforms. As a critical node of these two types of blockchain, the border gateway may enable the authentication of identity legality between electric sensing terminal devices, the critical data storage in the blockchain ledger, the deployment and implementation of blockchain transaction by control and coordinated functions, and the safe and reliable data interaction. The present disclosure also discloses a method for chaining and storage of sensing data based on the electric border gateway device.

Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for authenticating a first computing device to access a secure account. Receiving a request from a second computing device to be authorized to access the secure account. Providing, to the second computing, first data that represents a first machine-readable code for presentation by the second computing device. Receiving, from the first computing device, second data that represents a second machine-readable code as read by the first computing device. Authorizing the second computing device to access the secure account in response to determining that the second data accurately represents the first machine-readable code as sent to the second computing device.

A method, in particular a computer-implemented method, for processing data of a technical system. The method includes the following steps: ascertaining first pieces of information which are associated with a data traffic of the system, and ascertaining metadata associated with the data traffic of the system based on the first pieces of information.

Described embodiments provide systems and methods for validating a request to perform an action to access at least one file. A computing device can receive a request from the client, the request being to perform an action to access at least one file and including a first computed value indicative of one or more previous actions on files. The computing device may compare the first computed value to a second computed value maintained by the computing device independently from the first computed value. The second computed value may be indicative of the one or more previous actions on the files. The computing device may perform secondary authentication in addition to primary authentication for the client, responsive to an indication of trustworthiness of the client or the file according to the comparison of the first computed value to the second computed value.