Abstract: A device comprises a processor. The processor is configured to generate a first signal using a first communication protocol. The first signal corresponds to data received by the processor. The processor is configured to generate a second signal using a second communication protocol. The second signal comprises fabricated data generated by the processor. Additionally, the processor is configured to transmit the first signal. The processor is also configured to transmit the second signal.

Abstract: A device may receive a connection request including a digital certificate from an endpoint for establishing a secure connection for a communication, the digital certificate including a digital certificate chain identifying one or more certificate authorities associated with the digital certificate. The device may determine whether the digital certificate is valid based on the digital certificate chain identifying one or more certificate authorities trusted by the device. The device may determine whether the connection request includes a valid token. The device may generate a token based on the digital certificate being valid and an absence of a valid token included in the connection request. The device may associate the token with the digital certificate. The device may distribute the token to the endpoint. The device may establish the secure connection with the endpoint using the token associated with the digital certificate.

Abstract: An information processing apparatus which manages identification information of a first user and device identification information of a device of the first user in association with each other, manages identification information of a second user and device identification information of a plurality of devices of the second user in association with each other, and controls data transmission and reception between the devices of the first user and the second user. The apparatus receives a request to the second user from the first user, transmits the request from the first user to the plurality of devices of the second user, and notifies a device other than the device that transmitted the permission information among the plurality of devices of the second user of cancellation of the request.

Abstract: A wireless connection authentication method includes: receiving first information transmitted by a first access point according to a message transmitted from a first wireless communications apparatus; receiving second information transmitted by a second access point according to a message transmitted from a second wireless communications apparatus which has already established communication with a second access point; and, if the first access point indicated in the first information and the second access point indicated in the second information are the same access point, determining the same access point as a connection destination access point of the first wireless communications apparatus.

Abstract: A network intrusion detection system and method is configured to receive off-line network traffic. The off-line network traffic with a predefined format, PCAP file, is capable of indicating existence of a plurality of covert channels associated with a corresponding plurality of covert channel signatures. Each covert channel comprises a tool that communicates messages by deviating from a standard protocol to avoid detection. A plurality of covert channel processors are configured to analyze off-line network traffic. The analysis determines whether the off-line network traffic deviates from the standard protocol based on one or more covert channel signatures. The covert channels are employed in at least one standard layer of the standard protocol stack and the off-line network data traffic comprises at least one standard protocol stack having multiple standard layers.

Abstract: Aspects of the subject disclosure may include, for example, a method comprising authenticating, by a server comprising a processor, a communication device to a first communication network, in accordance with authentication information stored in a first repository of the first communication network. The method also comprises determining, by the server, that a second communication network is accessible to the communication device. The method further comprises providing, by the server, the authentication information to a second repository of the second communication network in accordance with the determining, wherein the providing is performed independently of a request from the second communication network. Other embodiments are disclosed.

Abstract: Embodiments of the invention prevent unauthorized access to electronic systems by providing an enclosure with improved intrusion detection around sensitive areas of a secured electronic system. Certain embodiments eliminate the need for constant battery power and yet provide uninterrupted high-security supervision at the device perimeter such that even following a power down event it is possible to determine whether a device has been tampered with, so that appropriate action can be taken. This is especially useful in applications in which batteries are not acceptable.

Abstract: An example information encryption method that includes acquiring to-be-encrypted information and converting the to-be-encrypted information into a polynomial of a predetermined format; extracting biometric information, and acquiring biometric data; and substituting the biometric data into the polynomial for calculation to acquire a value of the polynomial and using a two-dimensional dataset including the biometric data and the value of the polynomial corresponding to the biometric data as first encrypted information. The techniques of the present disclosure improve the security of information encryption, and reduce the risk of illegal decryption of encrypted information.

Abstract: A system for anonymizing and aggregating protected information (PI) from a plurality of data sources includes a master index server coupled to a data repository. The master index server receives an anonymized records associated with an individual from a plurality of data hashing appliances. The system includes a cluster matching engine that applies a plurality of rules to hashed data elements of the received record for comparing hashed data elements of the record with hashed data elements of a plurality of clusters of anonymized records associated with different individuals stored in the data repository to determine whether the individual associated with the received record corresponds to an individual associated with one of the clusters of anonymized records. When a match is found, the cluster matching engine adds the received record to the cluster of anonymized records associated with that individual.

Abstract: A method, an apparatus, and a system for controlling access of a user terminal, where the method includes receiving, by a controller, an authentication packet sent by an access switching node through an established data tunnel; obtaining, by the controller, a source media access control (MAC) address of the authentication packet; after access authentication implemented on a user terminal, determining, from a maintained correspondence between MAC addresses of user terminals and interface identifiers, an interface identifier corresponding to the MAC address of the successfully-authenticated user terminal, where the interface identifier identifies an interface connected to the user terminal; and sending, by the controller, the determined interface identifier to the access switching node through an established control tunnel, and instructing the access switching node to enable the interface corresponding to the interface identifier.

Abstract: One embodiment of the present invention provides a system for stable selection of collaborating partners for exchanging security data. During operation, the system receives vectors of collaboration values from a plurality of entities. A collaboration value is a measure of an expected benefit of collaborating with a respective entity. The system sorts each of the vectors by the collaboration values of the respective vector. The system then determines matching entities given a number of partners wanted by each organization in N. The system may add matching entities to lists of collaborating partners given the number of partners wanted by each organization in N. Subsequently, the system sends the lists of collaborating partners to facilitate exchanging security data with partners in the list of collaborating partners.

Abstract: According to an embodiment of the present invention, a system and method for transmitting sensitive data in a contact center environment comprising a transient datastore containing data, for each customer, defining a customer's profile including historical interactions with a host entity and account information, the customer profile containing sensitive and non-sensitive data; a computer processor, coupled to the computer store and programmed to: generate, using a computer processor, a transient key associated with a subset of data for the customer based on the current interaction data and a customer identity; transmit, using a computer processor, the transient key and non-sensitive data to the live agent; receive a request, the transient key and a requester identifier from a requesting component of the system, and identify a corresponding subset of data responsive to the transient key and the requester identifier.

Abstract: A method is provided for protecting an electronic terminal. The method includes: activating a state of monitoring the terminal; in the state of monitoring, detecting a manipulation of the terminal, generating the passage of the terminal to a so-called suspect state, representative of a risk of attempted fraudulent use of the terminal; in the suspect state, triggering a reaction by the terminal, the reaction of the terminal including updating an alert level representative of a probability of attempted fraudulent use of the terminal, and a implementing at least one reactive action dependent on the alert level.

Abstract: In an example, there is disclosed a computing apparatus, including: a network interface; one or more logic elements providing a security orchestration server engine operable for: receiving contextual data from a client via a network interface; providing the contextual data to a security orchestration state machine, the security orchestration state machine operable for deriving a policy decision from the contextual data; and receiving the policy decision from the policy orchestration state machine. There is also disclosed one or more tangible, non-transitory computer-readable mediums having stored thereon executable instructions for providing a security orchestration engine, and a method of providing a security orchestration engine.

Abstract: A network node, such as a Wi-Fi Access Point/Authenticator, is able to obtain a permanent device identity of a wireless device requesting authentication, in case the wireless device has only provided an alias. This is achieved by the network node intercepting an authentication message from the wireless device, wherein the authentication message includes a signaled identity of the wireless device, and extracts the signaled identity. In case the extracted identity is an alias and not a permanent identity of the wireless device, the network node responsively manipulates at least one further authentication message to cause the wireless device to signal its permanent identity in a subsequent authentication message.

Abstract: Content maintained in a first repository of a first installation (which can optionally be an on-premise installation) of a content management system, as well as metadata associated with the content, can be shared via an approach in which content items maintained in the first repository are synchronized with a copy of the content items maintained in a second repository of a second installation (which can optionally be a cloud-based installation). The first installation can be optionally firewall protected. The copy of the content items can be accessed by collaborative users both within and external to a firewall. Related systems, methods, products, etc. are described.

Abstract: A cryptographic processor is described comprising a processing circuit configured to perform a round function of an iterated cryptographic algorithm, a controller configured to control the processing circuit to apply a plurality of iterations of the round function on a message to process the message in accordance with the iterated cryptographic algorithm and a transformation circuit configured to transform the input of a second iteration of the round function following a first iteration of the round function of the plurality of iterations and to supply the transformed input as input to the second iteration wherein the transformation circuit is implemented using a circuit camouflage technique.

Abstract: Techniques to manage access to organization information for an entity are described. An apparatus may include a presentation component operative to present an organizational chart on a presentation area. The organizational chart may comprise multiple nodes associated with members of an organization, and connections between the nodes representing hierarchical relationships between the nodes. A security component may be communicatively coupled to the presentation component. The security component may be operative to receive a request to modify a characteristic of the organizational chart from an operator, access security settings for the operator, and authorize the operator to modify a characteristic of the organizational chart. Authorization may be granted, for example, when the operator is a delegate and a permission level for the delegate allows a modification operation associated with the modify request. Other embodiments are described and claimed.

Abstract: A system for performing distributed computing. The system comprises a plurality of compute node resources for performing computations for the distributed computing, a management resource for managing each of the compute node resources in the plurality, and a virtual cloud network. The management resource and the plurality of compute node resources are interconnected via the virtual cloud network.

Abstract: The subject matter described herein includes methods, systems, and computer program products for data traffic signature-based detection and protection against malware. According to one method, data traffic and behavior associated with a computing device is monitored and a device activity signature is created that includes an abstraction of the data traffic. A classification of the device activity signature is determined and a policy decision for the computing device is applied based on the determined classification.