Devices and methods are presented for managing data security. One example method includes receiving user identification information from a screen of a device that is connectable to a database of secure information. The method includes authenticating the user identification information, the authenticating includes capturing image data of a user associated with the user identification information. The method provides access to the database of secure information upon authenticating the user identification information. The method records data of user interactive input and viewed images displayed on the screen while the access provided. The method stores audit data for the user when accessing the database of secure information, the audit data being associated with a history of use by the user. The audit data including a plurality of events associated with the use. The method enables replay of the audit data for at least one of the plurality of events associated with the use.

An example memory subsystem includes a memory component and a processing device, operatively coupled to the memory component. The processing device is configured to receive a plurality of logical-to-physical (L2P) records, wherein an L2P record of the plurality of L2P records maps a logical block address to a physical address of a memory block on the memory component; determine a sequential assist value specifying a number of logical block addresses that are mapped to consecutive physical addresses sequentially following the physical address specified by the L2P record; generate a security token encoding the sequential assist value; and associate the security token with the L2P record.

Techniques for authentication via a mobile device are provided. A mobile device is pre-registered for website authentication services. A user encounters a website displaying an embedded code as an image alongside a normal login process for that website. The image is identified by the mobile device, encrypted and signed by the mobile device and sent to a proxy. The proxy authenticates the code and associates it with the website. Credentials for the user are provided to the website to automatically authenticate the user for access to the website bypassing the normal login process associated with the website.

A computer-implemented method includes receiving an authentication request from an external device for authenticating an application on the external device, and receiving a plurality of information items in connection with the authentication request from a plurality of different externally residing information sources. The authentication request is then evaluated, which includes evaluating each of the plurality of information items, to determine an authentication status of the application. Based on the authentication status, the device is then selectively permitted access to private information through the application. A computer system and/or machine-readable media may be provided to perform some or all steps of the method.

Methods, apparatus, and processor-readable storage media for temporary partial authentication value provisioning for offline authentication are provided herein. An example computer-implemented method includes generating, in response to a request from an access device, an intermediary set of cryptographic information from an initial set of cryptographic information; modifying the intermediary set of cryptographic information based at least in part on data pertaining to the access device and one or more security parameters, wherein modifying the intermediary set of cryptographic information comprises removing one or more items of the cryptographic information from the intermediary set; and transmitting, over a network connection, the modified intermediary set of cryptographic information to the access device for use in a subsequent offline authentication request.

System and methods perform identity freezing. A user input requesting halting of operations related to a plurality of accounts or profiles of the user at different local systems is received. In response, a token mapping database is accessed to identify a personally identifiable information (PII) token for the user. A freeze message with the PII token is transmitted to the different local systems to halt operations associated with the plurality of accounts or profiles of the user. Thereafter, at the different local systems, the operations associated with the plurality of accounts or profiles of the user are halted to freeze an identity of the user. More efficient communication and operations to freeze the user accounts and profiles thereby result.

The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command. The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.

A program execution device capable of protecting a program against unauthorized analysis and alteration is provided. The program execution device includes an execution unit, a first protection unit, and a second protection unit. The execution unit executes a first program and a second program, and is connected with an external device that is capable of controlling the execution. The first protection unit disconnects the execution unit from the external device while the execution unit is executing the first program. The second protection unit protects the first program while the execution unit is executing the second program.

Embodiments described herein enable the interoperability between processes configured for pointer authentication and processes that are not configured for pointer authentication. Enabling the interoperability between such processes enables essential libraries, such as system libraries, to be compiled with pointer authentication, while enabling those libraries to still be used by processes that have not yet been compiled or configured to use pointer authentication.

A method including receiving, in a security device, a user object storing stored biometric data describing a biometric parameter of the user. Sensed biometric data is generating by sensing directly, using a sensor, the biometric parameter of the user. The stored biometric data is compared to the sensed biometric data. A confidence factor is determined using a first degree of trust, assigned to the object, combined with a second degree of match between the stored biometric data and the sensed biometric data. A user input is received indicating a desired activity. A risk factor is determined based on a combination of the confidence factor and the user input. The risk factor is compared to a selected pre-determined threshold. The user is granted a selected level of access to the security device from among different levels of access to the security device when the risk factor satisfies the selected pre-determined threshold.