Abstract: A computing device may perform integrity checks on a closed operating system defining a preconfigured user portion and a preconfigured system portion using an integrity checking module. The integrity checking module may access parameters associated with an object stored on the system portion of the operating system. Files on the system portion may be accessed by submitting a query that comprises a file name, a file directory, and at least one parameter to the system portion of the operating system. The integrity checking module may provide an indication of a potential compromise to the integrity of the computing device based on the integrity check. The integrity check may be performed periodically and/or aperiodically. Updated integrity values may be compared against previously determined integrity values to update the integrity check. The integrity checking module may perform the integrity check using a signature function or hashing function to generate the integrity values.

Abstract: A system includes at least one forms service computing device, the forms service computing device executing code to produce a user interface allowing access to the forms service, a user computing device in communication with the forms service computing device, the user computing device capable of displaying the user interface from the forms service computing device, and at least one file service computing device, wherein the file service computing device is in communication with the forms service computing device, the forms service computing device providing access to the file service computer device through the user interface.

Abstract: Systems and methods for improved security for a core in a portable computing device (PCD), such as a core operating a high level operating system (HLOS) are presented. In operation, a monitor module on the SoC is initialized. The monitor module sends a request to the core of the SoC and the monitor module receives a response from the core. A timer in communication with the monitor module is checked. The timer is reset or disabled by the monitor module if the response from the core is received at the monitor module before the expiration of the timer. Otherwise, the monitor module applies at least one security measure to the core as a result of the timer expiring.

Abstract: In one embodiment, a method includes creating a set of network related indicators of compromise at a computing device, the set associated with a malicious network operation, identifying at the computing device, samples comprising at least one of the indicators of compromise in the set, creating sub-clusters of the samples at the computing device, and selecting at the computing device, one of the samples from the sub-clusters for additional analysis, wherein results of the analysis provide information for use in malware detection. An apparatus and logic are also disclosed herein.

Abstract: A system may encrypt the contents of a memory using an encryption key that is generated based on an entropy-based key derivation function. The system may generate a random value as a key split associated with an instance of writing data to memory. The system may generate an encryption key for encrypting the data using an entropy-based key derivation function based at least in part on the key split. The system may encrypt the data using the encryption key. The system may store the encrypted data and the key split to the memory.

Abstract: The disclosed computer-implemented method for location-aware access to cloud data stores may include (1) obtaining a location policy that governs access to a cloud data store, the location policy specifying one or more location rules to be satisfied in order to access files in the cloud data store, (2) receiving a request, from a client system, to access one or more files in the cloud data store, (3) verifying that the request satisfies the location rule and therefore complies with the location policy, and (4) providing the client system access to the file in the cloud data store. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: In some examples, a controller is configured to generate a key based on a physics-based output of a component. The controller may, for example, use the key to authenticate communication between at least two nodes, to encrypt data, or to decrypt data, may be generated based on a physics-based output generated a component. The output generated by the component may vary over time, such that the controller is configured to generate a different key, depending on the time at which the output from the component used to generate the key was generated by the component. In some examples, the key is not stored in a memory, and is a discrete signal that only exists in real-time while the component is active and generating the detectable output.

Abstract: Example apparatus and methods provide a device (e.g., smartphone) that is more secure for electronic commerce. An example device includes a trusted platform module (TPM) that stores a public key and a private key. The device is provisioned with account information, user information, and device information. The TPM uses the account, user, and device information to acquire attestation credentials and endorsement credentials. The device uses the account, user and device information along with the attestation credentials and endorsement credentials to acquire limited use keys (LUKs) that are encrypted with the public key. The LUKs will only be decrypted as needed to support an actual transaction at the time of the transaction. Before decrypting an LUK, the TPM will authenticate a user of the device at the time of the transaction using. for example, a personal identification number (PIN), fingerprint, or other personal information.

Abstract: A communication apparatus including: a plurality of physical ports to be coupled to different terminals via a network; a plurality of authentication processing units configured to execute an authentication process; and a controller configured to determine which one of the physical ports on which a packet was received from a terminal, to specify a preset authentication process corresponding to the determined physical port on which a packet was received, and to distribute the specified authentication process of the packet from the terminal to an authentication processing unit for executing.

Abstract: A fully user-centric mobile relation networking management of business social networking, personal social networking and general social networking for mobile terminal device with networking services adaptively and intelligently optimized by converged wireless connections based on open wireless architecture (OWA) mobile cloud infrastructure with QoW (Quality of Wireless connection) control through OWA Operating System (OS) to enable highly secured relation networking for mobile business and personal networking users by innovative social friendship scoring method.

Abstract: Systems and methods using a cryptographic key loader embedded in a removable data storage device are provided. In one embodiment, the removable data storage device can include a dedicated key memory storing one or more cryptographic keys for cryptographic processing of data by a host system. The removable data storage device can further include a dedicated data memory storing data subject to cryptographic processing by the host system. When the removable data cartridge is interfaced with the host system, the cryptographic key(s) and the data subject to cryptographic processing can become accessible to host system.

Abstract: A secure element, for example an improved SIM card or the like, for a telecommunications terminal, such as a mobile telephone. The secure element may implement a trusted services management application, for example, by executing the trusted services management application on a secure processor. The trusted services management application may manage at least one trusted application to be run by the telecommunications terminal, where trusted applications are used for functions requiring a high level of security such as payment, the supply of “premium” content, which may be certified or guaranteed, or guaranteeing the integrity of the terminal.

Abstract: A first collection including a pattern of life (POL) feature vector and a Q&A feature vector is constructed. A second collection is constructed from the first collection by inserting noise in at least one of the vectors. A third collection is constructed by combining a vector of the second collection with a corresponding vector of a different collection. Using a forecasting configuration, a POL feature vector of the third collection is aged to generate a changed POL feature vector containing POL feature values expected at a future time. The changed POL feature vector is input into a trained neural network to predict a probability of the cyber-attack occurring at the future time.

Abstract: An approach for addressing (e.g., preventing) detected network intrusions in a virtualized/networked (e.g., cloud) computing environment is provided. In a typical embodiment, users may group components/systems of an environment/domain according to a range of security sensitivity levels/classifications. The users may further configure rules for responding to security threats for each security sensitivity level/classification. For example, if a “highly dangerous” security threat is detected in or near a network segment that contains highly sensitive systems, the user may configure rules that will automatically isolate those systems that fall under the high security classification. Such an approach allows for more granular optimization and/or management of system security/intrusion prevention that may be managed at a system level rather than at a domain level.

Abstract: Disclosed herein are representative embodiments of methods, apparatus, and systems for processing and managing information from one or more security control tools, such as a security configuration management tool, a vulnerability management tool, an event logging tool, or other IT infrastructure security or monitoring tool that is used to monitor, secure, and/or control assets in an IT infrastructure. For example, in some embodiments, user interfaces are disclosed that allow a user to quickly view, filter, and evaluate the degree of security control coverage in selected assets of an enterprise. In further embodiments, user interfaces are disclosed that allow a user to view and evaluate the current security state for selected assets in across a variety of categories and, in some cases, as guided by a two-dimensional vulnerability risk matrix.

Abstract: Embodiments of the present invention provide a method to temporally isolate data accessed by a computing device so that the data accessed by the computing device is limited to a single set of data. The method includes removing any data that is accessed by the computing device when operating in different modes so that the data is inaccessible by the computing device when operating in the mode. The method also includes switching to the mode after the data associated with the modes different from the mode have been removed. The method also includes operating in the mode based on a plurality of rules associated with the security policy in temporal isolation from any other mode associated with the computing device. The computing device is limited to operating in the mode and is prevented from accessing any data that is distinct from the single set of data of the mode.

Abstract: Apparatus and methods for providing content to IP-enabled devices in a content distribution network. In one embodiment, a network architecture is disclosed which enables delivery of content to such IP-enabled devices without the use of a high-speed data connection This capability allow the managed network operator to provide content services to an IP-enabled device associated with a non-data subscriber. In one implementation, requests for content from user IP-enabled devices are received, authenticated, and content processed into a series of encrypted segments. Once the requesting user/device is authenticated, the segments are provided with a playlist. The rendering device is also provided access to a decryption key (e.g., via a URL to a managed key server). Variants providing (i) user access to the MSO distribution network via an indigenous modem or gateway; and (ii) user access to the MSO core via a gateway and a third party unmanaged network are described.

Abstract: Identifying malicious executables by analyzing proxy logs includes, at a server having connectivity to the Internet, retrieving sets of proxy logs from a plurality of proxy servers. Each proxy server of the plurality of proxy servers is associated with a network and generates network traffic logs for one or more nodes included in the network. Then, a set of executables hosted by each of the one or more nodes associated with each of the plurality of proxy servers is determined. Each set of executables is analyzed to detect a specific executable and portions of each of the network traffic logs that are associated with the specific executable are identified. An alert is generated indicating the portions of each of the network traffic logs as likely to be associated with the specific executable.

Abstract: A method of playing back streaming content includes decoding the content based on a first decryption circuit configured based on a first key and outputting the content; requesting a second key from a server; receiving the second key and configuring a second decryption circuit based on the second key; and decoding the content based on a second decryption circuit and outputting the content, wherein the decoding of the content based on the first decryption circuit and outputting the content is performed until the second decryption circuit is configured.

Abstract: Systems and methods for managing cryptographic keys in an avionic data transfer system are provided. A host device associated with the avionic data transfer system can receive one or cryptographic keys via a key fill interface. For instance, in one embodiment, the host device can receive one or more cryptographic keys from a removable data cartridge. The host device can act as a key server for other cryptographic units associated with the avionic data transfer system via a data bus. For instance, the host device can distribute one or more cryptographic keys to other cryptographic units associated with aircraft via an aircraft bus. The other cryptographic units can use the one or more cryptographic keys for cryptographic processing of data.