A method of securing data in an industrial processing facility (IPF) includes creating a private blockchain (PB) using a OPC UA standard functionality and storing the PB in an OPC UA address space adding it to an OPC UA communication protocol framework including edge-nodes coupled to a cloud-based or edge-located data storage. The edge-nodes are PB participant nodes, and a regulator or leader assigns them a single role as a blockmaker, block voter, or observer. The hash in the public ledger is updated once a new block is validated by a majority of the block voters, and the new block is propagated to all PB participant nodes. The regulator, leader or observer utilizes a time bound majority voting consensus to determine whether the PB participant nodes come to a consensus on a current state in the storage medium, and if a consensus the new block added to the public ledger.

An information processing system includes a first device and a second device that is configured to perform a short-range wireless communication with the first device. In a case where the first device requests an external authentication apparatus for authentication, the first device sends information regarding the second device to the external authentication apparatus.

The present disclosure provides a method and devices for defending against distributed denial of service attacks. The method comprises: intercepting, by a defending device, a service message transmitted by a client to a server; obtaining, by the defending device, information carried in a first preset field of the service message and information carried in a second preset field of the service message according to a rule agreed on with the client; processing, by the defending device, the information carried in the second preset field and a preset key according to a hash algorithm agreed on with the client, and obtaining a hash value; and discarding, by the defending device, the service message upon determining that the hash value is different from the information carried in the first preset field.

Defending a distributed denial of service attack includes intercepting a service packet sent by the client to a server, according to a rule agreed with the client, obtaining the information carried by a first preset field of the service packet, the inherent information carried by an inherent field of the service packet, and the added information carried by at least one second preset field, according to the hash algorithm agreed with the client, performing a hash processing on the inherent information and at least one added information so as to obtain a hash result, and determining the service packet is discarded when the hash result is different from the information carried by the first preset field.

Techniques are described for enrolling an authentication device for generating time-based one-time passwords (TOTPs) for use with multi-factor authentication (MFA). A user is prompted to initiate an enrollment procedure after successful authentication based on a first authentication factor in connection with a request for a resource protected by an access management (AM) system. The authentication device contacts the AM system to establish that the authentication device is a trusted device (e.g., through validation of an authentication token contained in a Quick Response (QR) code generated by the AM system). After the authentication device has been established as a trusted device, the AM system sends a shared secret to the authentication device, which uses the shared secret to complete enrollment (e.g., by generating a TOTP for verification by the AM system). A session is then created for the user to enable access to the protected resource.

Methods, systems and programming for classifying network requests. In one example, a network request for content to be fetched by a content server is received from a client device. At least one non-internet protocol (IP) key is obtained based on the network request. Whether to deny or allow the network request is determined based on the at least one non-IP key.

A computing system includes a web browser and a native application configured to, at a first time, receive first instructions to log out of a first session authorized by way of an authorization server. Based on the first instructions, the native application removes a first access token that was provided to the native application by the authorization server and is related to authorization of the first session. At a second time later than the first time, the native application receives second instructions to authorize a second session and, based thereon, generates third instructions configured to cause the authorization server to terminate active sessions between the authorization server and the web browser prior to initiating a log-in procedure with the web browser for the second session. The third instructions are provided to the authorization server, which provides an authorization code exchangeable for a second access token related to the second session.

An electronic device and a method for managing an electronic key thereof are provided. The electronic device includes a wireless communication circuit, a hardware-based security element comprising circuitry configured to provide a timestamp, a processor operatively coupled with the communication circuit and the security element, and a memory operatively coupled with the processor. The memory stores instructions that when executed by the processor, control the electronic device to: launch an application related with an electronic key of a door lock, receive an input for using the electronic key to open the door lock through the application, determine the validity of credential information related with the input, based at least in part on the timestamp, and open the door lock based on the validity of the credential information.

Methods and systems are described in which a system provides a user interface to confirm whether to review or take an action associated with an untrusted email. A driver on a device monitors the startup of any processes. Responsive to monitoring, the driver detects an application process that was created that indicates than an application was launched, and notifies a user console about the creation of the application process. The user console determines if the application process is of significance, if so, it injects a monitor library into the process. Once injected into the process, the monitor library detects if the application process receives an action of a user to access a domain that is not identified as trusted. The monitor library notifies the user console of the user's URL-access request.

Disclosed herein are a stepping-stone detection apparatus and method. The stepping-stone detection apparatus includes a target connection information reception unit for receiving information about a target connection from an intrusion detection system (IDS), a fingerprint generation unit for generating a target connection fingerprint based on the information about the target connection, and generating one or more candidate connection fingerprints using information about one or more candidate connections corresponding to one or more flow information collectors, and a stepping-stone detection unit for detecting a stepping stone by comparing the target connection fingerprint, in which a maximum allowable delay time is reflected, with the candidate connection fingerprints.