Abstract: Embodiments of the invention provide systems and methods for a cipher then segment approach in a Power Line Communication (PLC). A node or device generates frames to be transmitted to a destination node in the PLC network. A processor in the node is configured to generate a data payload comprising data to be sent to the destination node. The processor divides the data payload into two or more payload segments and encrypts the payload segments. The processor creates a frame for each of the encrypted payload segments, wherein each frame comprises a message integrity code. The processor creates a segment identifier for each frame using the message integrity code and an authentication key that is shared with the destination PLC node. The segment identifier is added to each frame.

Abstract: A system includes a memory and a controller. The controller controls access to the memory and is adapted to be programmed with a key that is associated with a context. The controller is adapted to, in response to a request to access the memory, perform a cryptographic function on data associated with the request based on the key.

Abstract: An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory.

Abstract: A cryptographic system makes everyday data objects, such as a document or conversation, unreadable to anyone other than the owner or those currently having permission to access the data objects. The cryptographic system is transparent by requiring no additional effort on the part of any user in the encryption/decryption process other than entering a user identifier and password. Each document is encrypted with a unique encryption key. Changes to data object access permissions are immediately honored and enforced by enabling or disabling access to certain decryption keys. Decryption of data objects requires information known only to the owner of the data object or those permitted to access the data object. This decryption information is not stored anywhere in the system.

Abstract: A system is described for managing storage and access of confidential data downloaded from a server (e.g., an enterprise data server) onto a mobile device. The confidential data may be received over a network directly or be embedded as part of an email or other application. Instead of storing the data item locally, the data item may be communicated to a peripheral device that is communicatively coupled to the mobile device via a peripheral interface. The data item is encrypted and stored on the peripheral device.

Abstract: A system for matching a system event to a rule is disclosed. The system includes a computer-readable data structure comprising a plurality of system event rules organizable as a partially ordered set. The system also includes a processor configured to analyze the computer-readable data structure to determine whether an event matches a description set of at least one rule from the plurality of system event rules. Methods and machine-readable mediums are also disclosed.

Abstract: The present invention relates to a cloud based system for providing data security. The system comprises a processor which receives a data file from a user. The data file is directed to a first file location and encrypted and segmented into a plurality of data blocks. The plurality of data blocks is then assigned with a unique identifier and redirected to a plurality of cloud based storage providers. The plurality of cloud based storage providers are located in a plurality of jurisdictions. Each of the plurality of data blocks is then assigned a second file location. The unique identifier and the file locations of each of the plurality of data blocks is updated in the system.

Abstract: Multi-server passcode verification is provided for one-time authentication tokens with auxiliary channel compatibility. An exemplary method comprises receiving an authentication passcode generated by a token associated with a user; and processing the received authentication passcode using at least a first authentication server and a second authentication server, wherein the received authentication passcode is based on at least one protocode and embedded auxiliary information and wherein at least one of the first authentication server, the second authentication server and a relying party extract the embedded auxiliary information from the received authentication passcode. The disclosed method can extend an existing multi-server verification process to provide the processing of the received authentication passcode based on the embedded auxiliary information.

Abstract: A system and method for monitoring secure digital data on a network are provided. An exemplary network monitoring system may include a network device in communication with a user and a network. Further, a server may be in communication with the network. A browser and monitoring program may be stored on the network device, and the network device may receive secure digital data from the network. The browser may convert the secure digital data or a portion thereof into source data, and the monitoring program may transfer the source data or a portion thereof to the server. In an exemplary embodiment, the monitoring program may include a service component and an interface program.

Abstract: A management entity connects with multiple security devices across a network. Each security device operates in accordance with one or more security policies. The management entity imports, over the network, data describing the security policies from the multiple security devices. The management entity classifies the imported security policies into security policy classifications based on commonality in information included in the security policies across the multiple security devices.

Abstract: The invention relates to a secured identity document having an externally readable chip storing a cryptographic configuration of the chip, defining the cryptographic security levels supported by the chip, for establishing a secure communication with a controlling terminal, storing a private key of a cryptography key pair and adapted to cipher data based on the stored private key; a support to which the chip is fastened, the support having a machine optically readable area, the data encoded in this area including the cryptographic configuration of the chip for establishing a secure communication with a controlling terminal in non ciphered form and the cryptographic configuration of the chip ciphered based on said private key.

Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server proxies messages to/from the different server including a set of signed cryptographic parameters signed using the private key on the different server. The different server generates the master secret, and generates and transmits the session keys to the server that are to be used in the secure session for encrypting and decrypting communication between the client device and the server.

Abstract: A method of protecting a computing system or device against a malicious threat such as malware comprises generating a behavioral model configured to describe one or more interactions associated with a protected data accessible by way of a computing device. The method also comprises determining an attempt to access the protected is abnormal based, at least in part, on a comparison between the attempt to access the protected data and the behavioral model. The method further comprises determining the abnormal attempt to access the protected data is a malicious process based, at least in part, on a determined degree of variation from the behavioral model. The method additionally comprises causing, by a processor, the malicious process to be remediated with respect to the computing device.

Abstract: Technologies for managing security threats on a computing system include detecting a security threat to the computing system, determining a plurality of mitigation scenarios to employ on the computing system to mitigate the security threat, and implementing the plurality of mitigation scenarios. Each mitigation scenario includes one or more threat mitigation actions to be taken by the computing system, one or more response systems of the computing system to perform the threat mitigation actions, and a temporal sequence in which the threat mitigation actions are to be taken. The results of each mitigation scenario is evaluated and a validated mitigation scenario is determined based on the results. A user of the computing device may be subsequently trained or habituated to mitigate the security threat by requesting interaction from the user during the implementation of the validated mitigation scenario in response to a threat scenario designed to replicate the security threat.

Abstract: A memory controller controlling a nonvolatile memory is provided. The memory controller includes an encryption key feeder configured to feed a cipher key according to a logical address transferred from a host; and an encryption engine configured to perform an encryption operation on data transferred from the host or a decryption operation on data transferred from the nonvolatile memory device, using the cipher key provided from the encryption key feeder.

Abstract: In one embodiment, a method implemented on a node connected to a network bus includes: storing one or more message identifiers, the one or more identifiers comprising at least one message identifier identifying the node, the at least one message identifier being included in a message at a time when the message is sent by the node onto the network bus; monitoring network bus traffic, the network bus traffic comprising messages transmitted by the node and by other nodes connected to the network bus; and alerting a processor of the node if a message transmitted on the network bus by at least one of the other nodes is identified as having a message identifier corresponding to the at least one message identifier.

Abstract: In an approach for determining an unauthorized device, a computer receives detection information from a computing device, wherein the detection information includes a broadcast transmission from one or more devices. The computer creates a state trajectory map based on the received detection information, wherein the state trajectory map identifies connections between at least the computing device and a first device of the one or more devices and the computing device and a second device of the one or more devices. The computer one or more anomalies within the created state trajectory map. The computer determines an unauthorized device based on the determined one or more anomalies.

Abstract: A mechanism is provided for secure data storage in a distributed computing system by a client of the distributed computing system. A gateway device intercepts a data file from at least a portion of stream data during transmission. If the destination of the data file is the storage, the gateway device selects a set of analysis algorithms to determine whether the data file comprises sensitive data.

Abstract: Embodiments are provided for managing user credentials that enable access to secure websites. According to certain aspects, a browser device connects (230) to a website server that hosts a secure website. The browser device initiates (236) a credential request and enters (238) a discovery routine with a mobile device. After establishing (240) a secure channel with the mobile device, the browser device sends (248) an identification of the secure website to the mobile device, which identifies (250) corresponding user credentials and sends (252) the user credentials to the browser device. The browser device populates (254) a login page with the user credentials and accesses (256) the secure website.

Abstract: The invention provides computer-implemented methods and computer systems for testing applications such as web-based (HTTP) applications for cross-site scripting (XSS) and related security vulnerabilities and permits the discovery of previously unknown XSS and related vulnerabilities in applications without relying on known or previously generated static XSS signatures. The invention may be applied to any type of XSS or related vulnerability for any variation of application code.