A ransomware mitigation system and corresponding methods are provided. The ransomware mitigation system monitors the rate of modification of files on computing devices to determine whether the monitored rate of modifications exceeds a predetermined threshold. If the threshold is exceeded, then the ransomware mitigation system actuates a forced shutdown of the computing device and/or a forced disconnection of the network connection to the computing device. The ransomware mitigation system includes a software monitoring portion as well as a hardware switching unit. The software monitoring portion is in synchronous bidirectional communication with the hardware switching unit on a separate network. If the software monitoring portion is shutdown then the hardware unit actuates the shutdown and/or disconnection of the computing device(s). The hardware unit includes a hardware lock that requires physical presence of a person to allow for maintenance.

Aspects of the present disclosure include systems and methods for generating and managing user authentication rules of a computing device. In an example, a computing device may include a memory storing instructions and a processor communicatively coupled with the memory and configured to execute the instructions. The processor may determine a state of the computing device, wherein the state of the computing device is one of a locked state or an unlocked state. The processor may determine a user authentication rule corresponding to the state of the computing device. The processor may also identify whether a combination of signals associated with the user authentication rule of the computing device are received by the computing device. The processor may also change or maintain the state of the computing device based on the combination of signals being received.

Aspects of the disclosure relate to a system and method for securely authenticating a device via token(s) and/or verification computing device(s). A verification computing device may generate a pseudorandom number or sequence. Based on the pseudorandom number or sequence, the verification computing device may select a first plurality of parameters associated with a user of a device to be authenticated. The verification computing device may transmit, to the device, the pseudorandom number or sequence, and the device may select a second plurality of parameters. The device may generate a token based on the second plurality of parameters. The device may send the token to another device, and the other device may send the token to the verification computing device. The verification computing device may authenticate the device based on the token.

A capability enabling method and apparatus are provided, to resolve a prior-art problem that security of executing a service by using a TEE +SE security architecture cannot be ensured. In this application, an SE establishes, with a TEE, a session used for communication. The SE sends, to the TEE by using the session, an obtaining instruction used to obtain a security certificate of the TEE. The TEE receives, by using the session, the obtaining instruction from the SE. After receiving the obtaining instruction, the TEE generates the security certificate based on attribute information of the TEE, and sends the generated security certificate to the SE by using the session. After the SE receives, by using the session, the security certificate sent by the TEE, the SE determines, based on the security certificate and a preset security policy, that the TEE is in a secure state. After the SE determines that the TEE is in the secure state, the SE enables a first capability for a third-party service in the SE, where the first capability is implemented based on a second capability of the TEE.

A system and a method for performing an authentication are provided. The method includes: capturing, by using a front-facing camera of a mobile communication device, a first image of a face of a user; capturing, by using a rear-facing camera of the mobile communication device, a second image of an identification card that includes a photograph of the face of the user; comparing the first image with the second image; verifying that the first image matches the second image; obtaining user-specific information included in the second image; receiving a request to authenticate a transaction that relates to the user; receiving an input from the user that is usable for authenticating the transaction; and using the first image, the second image, the obtained user-specific information, and the received input to authenticate the transaction.

A computer-implemented method includes receiving an authentication request from an external device for authenticating an application on the external device, and receiving a plurality of information items in connection with the authentication request from a plurality of different externally residing information sources. The authentication request is then evaluated, which includes evaluating each of the plurality of information items, to determine an authentication status of the application. Based on the authentication status, the device is then selectively permitted access to private information through the application. A computer system and/or machine-readable media may be provided to perform some or all steps of the method.

A method and a payment terminal enable verification of the authenticity of a payment terminal. More particularly, a method is provided for processing a piece of initial data, carried out within the payment terminal, the payment terminal being configured to authorize a verification of its authenticity by using the piece of initial data. The method includes: obtaining at least one piece of information external to the payment terminal, called a piece of initial data; cryptographic processing of the piece of initial data, delivering a piece of processed data; visual and/or sound rendering of the piece of processed data.

System for ex post facto upgrading of at least one Legacy personal communication device including a legacy modem and lacking at least one desired wireless communication feature, the system comprising an upgraded communication device including an auxiliary modem physically connected via an ex post facto physical connection to a Legacy personal communication device having at least one legacy wireless output channel which has been neutralized or disabled.

A portable, application-specific USB autorun device, following connection to a computer terminal, automatically initialises or presents itself as a known type of device and then automatically sends to the terminal a sequence of data complying with a standard protocol, that sequence of data automatically causing content to be accessed or a task to be initiated. The device (i) includes a standardised USB module that includes a USB microcontroller, the standardised module being designed to be attached to or embedded in multiple types of different, application specific packages but (ii) excludes mass memory storage for applications or end-user data.

Embodiments described herein enable the interoperability between processes configured for pointer authentication and processes that are not configured for pointer authentication. Enabling the interoperability between such processes enables essential libraries, such as system libraries, to be compiled with pointer authentication, while enabling those libraries to still be used by processes that have not yet been compiled or configured to use pointer authentication.