A distributed ledger, e.g., blockchain, enabled operating environment includes a user device that accesses services of a service device by leveraging the decentralized blockchain. For example, a user device can lock/unlock a door (e.g., service device) by interfacing with a smart contract stored on the decentralized blockchain. The user device provides parameters, such as payment, that satisfies the variables of the smart contract such that the user device can access the service device. The service device regularly retrieves information stored in the smart contract on the decentralized blockchain. For example, the retrieved information can specify that the user device is authorized to access the service device or that the service device is to provide a service. Therefore, given the retrieved information, the service device provides the service to the user device.

A method for registering and authenticating a user based on a visual access code. The method includes presenting, to the user, images; receiving a selection of a first image; receiving a selection of at least a first set of hotspots from a plurality of hotspots included in the first image; and generating a visual access code based at least in part on the selection of the first image and the first set of hotspots.

Aspects of the present disclosure include systems and methods for generating and managing user authentication rules of a computing device. In an example, a computing device may include a memory storing instructions and a processor communicatively coupled with the memory and configured to execute the instructions. The processor may determine a state of the computing device, wherein the state of the computing device is one of a locked state or an unlocked state. The processor may determine a user authentication rule corresponding to the state of the computing device. The processor may also identify whether a combination of signals associated with the user authentication rule of the computing device are received by the computing device. The processor may also change or maintain the state of the computing device based on the combination of signals being received.

A method of scanning files for malware on a computer system. The method comprises detecting a file to be scanned for malware in the computer system, determining the file being a partial file that comprises only a part of the file content, searching for an original clean file associated with the partial file, wherein the original clean file is a full copy of the partial file, based on finding a candidate original clean file associated with the partial file, calculating a partial hash of the same length as the partial file for the candidate original clean file, and based on determining that partial hashes of the candidate original clean file and the partial file match, signalling a false alarm.

An information processing apparatus includes a unit that sets personal setting information on a first user in a present setting on the information processing apparatus, the present setting related to personal setting information that is information determined for and used by each user, a unit that determines whether a second user is about to use the information processing apparatus during a time period throughout which the personal setting information on the first user is set in the present setting on the information processing apparatus, and a unit that removes at least part of the personal setting information on the first user from the present setting in response to a determination indicating that the second user is about to use the information processing apparatus during the time period.

Techniques facilitating security hardening systems that host containers are provided. In one example, a system comprises: a memory that stores computer executable components; and a processor that executes computer executable components stored in the memory. The computer executable components comprise: a boot component performs a portion of a trusted boot sequence to securely boot the system to a defined secure state wherein one or more types of administrative access to a container memory are deactivated. The computer executable components also comprise: a core service component started as a part of the trusted boot sequence and that securely obtains one or more decryption keys for use with the container memory; and a runtime decryption component that uses the one or more decryption keys to perform runtime decryption of one or more files accessed by a container associated with the container memory.

An example computer-implemented method includes presenting, by a hardware control of a computing system, an exception to an untrusted entity when the untrusted entity accesses a secure page stored in a memory of the computing system, the exception preventing the untrusted entity from accessing the secure page. The method further includes, in response to the exception, issuing, by the untrusted entity, an export call routine. The method further includes executing, by a secure interface control of the computing system, the export call routine.

An aspect includes monitoring storage of a computer system. Upon detecting an unauthorized modification to an original storage component in response to the monitoring, an aspect includes retrieving a backup component corresponding to the original storage component and repairing the original storage component using the backup component. In embodiments, the repair occurs in real-time without interruption to computer operation.

The present disclosure describes various embodiments of systems, apparatuses, and methods of protecting an integrated circuit. One such method comprises operating the integrated circuit under a normal mode of operation; detecting, by a decommission controller, a triggering condition for a decommission operation to be initiated for the integrated circuit; initiating, by the decommission controller, a decommission mode for the integrated circuit after detection of the triggering condition; and causing, by the decommission controller, functionality of the integrated circuit to be irreversibly disabled after initiating the decommission mode. Other methods, systems, and apparatus are also presented.

There is disclosed a computing/data processing device comprising: a plurality of computing units, each computing unit comprising a computing resource; the computing device comprising at least three computing units, each computing unit comprising a/the same computing resource; each computing unit further comprising a computing unit access manager, each unit access manager being adapted to control access to the computing resource of the respective computing unit in response to at least one request; wherein, the computing unit access manager only allows a response to the at least one request if a majority of the computing units provide a same response to the at least one request; and wherein, the computing device comprising a network-on-a-chip, is provided on a chip and/or comprises an integrated chip (IC) or microprocessor. The IC beneficially comprises a Field-Programmable Gate Array (FPGA) device. In a preferred embodiment, the unit access manager controls access to the computing resource based on a token; the token comprising: a pointer to the respective computing resource, a set of rights relating to that computing resource, and a numerical representation of that computing resource.