The concepts and technologies disclosed herein are directed to virtual machine (“VM”) orchestration spoofing attack mitigation. According to one aspect disclosed herein, an anti-spoofing controller (“ASC”) can determine a target memory location in which to instantiate a new VM. The ASC can determine a challenge for a physically unclonable function (“PUF”) associated with the target memory location. The ASC can provide the challenge to the PUF, and in response, can receive and store an output value from the PUF. The ASC can instruct an orchestrator to instantiate the new VM in the target memory location. The ASC can provide the challenge to the new VM, which can forward the challenge to the orchestrator. The ASC can receive, from the orchestrator, a response to the challenge, and can determine whether the response passes the challenge. If the response does not pass the challenge, the ASC can decommission the orchestrator.

The proposed authentication method is based on a secret convention between the service and the user. This convention is defined on the basis of a random choice of elementary algorithmic blocks from a collection of elementary algorithmic blocks during the enrolment phase of the user. During authentication, the user uses the convention by applying it to a challenge presented by the service in order to determine a response. The algorithmic blocks are chosen such that they can be memorised by the user. As a result of the diversity of these bricks and the combinatorics behind the conventions, the number of possible conventions is very high, making it virtually impossible for an attacker to guess the convention.

A technique for protecting a cryptographic key. A user has an identifier and an associated password. The first cryptographic key is designed to decrypt a piece of encrypted data. The user device generates a second cryptographic key by applying a key derivation algorithm to at least the password, then encrypts the first cryptographic key by applying an encryption algorithm parameterized by the second cryptographic key. The user device then provides the encryption of the first cryptographic key to a management device for storage. A response associated with a question is obtained from the user. The user device calculates a result of an application of a function to at least one response associated with a question, then provides a value dependent on the result to a management device for storage. The value then enables the user device to determine the password when it has the response to the corresponding question.

A distributed maintainable real-time computer system is provided, wherein the real-time computer system includes at least two central computers and one, two or a plurality of peripheral computers. The central computers have access to a sparse global time, have identical hardware and identical software, but different startup data, wherein each functional central computer periodically sends time-triggered multi-cast life-sign messages to the other central computers according to a time plan a priori defined in its startup data, and wherein the peripheral computers (151, 152, 153, 154) can exchange messages (135) with the central computers (110, 120), and wherein at all times one central computer is in the active state and the other central computers are in the non-active state, and wherein after the apparent absence of a life-sign message of the active central computer expected at a planned reception time, that non-active functioning central computer which has the shortest start-up timeout takes over the function of the active central computer, and wherein each central computer (110, 120; 200) consists of three independent subsystems, an application computer (210), a storage medium having the startup data (230) characteristic of the central computer (200) and an internal monitor (220), wherein the internal monitor (220) periodically checks the correct functioning of the application computer (210), and wherein upon detection of an error the monitor (220) initiates a hardware reset and a restart of the application computer (210), and wherein preferably the active central computer initiates a maintenance action after an apparent absence of the life-sign messages expected at the planned reception times from a non-active central computer, which action can lead to the repair or replacement of a permanently failed central computer.

A method comprises transferring information that includes a response uniform resource locator (URL) between a primary device and a secondary device using a primary communication channel between the primary device and the secondary device; determining, using the secondary device, status of connectivity of a network separate from the primary communication channel; transmitting, by the secondary device, a response to a request from the primary device via the network using the response URL when the status indicates the network is available, and transmitting the response via the primary communication channel when the status indicates the network is unavailable.

Systems and methods for authentication code entry using mobile electronic devices are disclosed. In one embodiment, in an information processing device comprising at least one computer processor, a display, and an input device a method for authentication code entry may include: (1) receiving, at the information processing device, a masking pattern for receiving entry of an authentication code, the masking pattern specifying an order for entering the authentication code; (2) presenting, on the display, a prompt to enter the authentication code in accordance with the masking pattern; (3) receiving, at the input device, a masked authentication code entry where the masked authentication code entry comprises the authentication code entered in accordance with the masking pattern; and (4) storing the masked authentication code entry.

A communications server apparatus for managing authentication of a user based on one or more authentication events in a session is provided, to, in one or more data records, generate, for each authentication event, data indicative of a trust score corresponding to the authentication event; and generate, data indicative of a security score based on the trust scores corresponding to the one or more authentication events in the session, and, in response to receiving request data indicative of an authentication request associated with the user corresponding to a transaction in the session, the transaction having a value indicator, authenticate the user if the security score satisfies a condition for authentication corresponding to the transaction according to the value indicator, wherein security scores for satisfying the condition are variable according to value indicators of transactions.

Provided are a storage device and an operating method thereof. The storage device includes: a memory storing parameter data that is used as an input in a neural network; and a storage controller configured to receive a request signal from a host, encode log data for contexts of a plurality of components in the neural network, based on the parameter data, and transmit the encoded log data to the host.

A computing device is configured to verify a user's identity, intent to authenticate, and/or possession of secret knowledge by evaluating biometric and/or environmental data. In embodiments, such verification is performed by evaluating a user's reaction to a stimulus based on such data. Biometric data may comprise eye tracking data, and a computing device may be configured to use such data to verify that the person has gazed through objects in a predetermined order. In embodiments, the user's intent to authenticate is verified by combining such eye tracking data with other biometric data. Physiological and other types of biometric data may be used to evaluate the user for indicia of duress. Embodiments may be configured to provide modified access to the computing device or resources stored thereon where indicia of duress have been detected. Such modified access may comprise hiding information stored on the device.

This Application describes devices, and techniques for using them, capable of providing a secure hardware backdoor for digital devices, thus allowing valid access to secure target device data without the owner's consent, while still assuring the owner's knowledge whenever any access has occurred, whether validly or not. Each target device's data is protected by maintaining protected data encrypted on the target device, maintaining encryption keys for protected data in a “secure enclave”, causing the secure enclave to generate secure data in response to a hardware trigger, the secure data being usable to provide access to the device, and providing relatively difficult yet achievable retrieval of the secure data with physical access to the target device, and using the secure data to access protected data on the target device, while also assuring that the target device's owner can determine when the secure data was retrieved.