Abstract: A hardware secure element includes a processing unit and a receiver circuit configured to receive data comprising a command field and a parameter field adapted to contain a plurality of parameters. The hardware secure element also includes at least one hardware parameter check module configured to receive at an input a parameter to be processed selected from the plurality of parameters, and to process the parameter to be processed to verify whether the parameter has given characteristics. The hardware parameter check module has associated one or more look-up tables configured to receive at an input the command field and a parameter index identifying the parameter to be processed by the hardware parameter check module, and to determine for the command field and the parameter index a configuration data element.

Abstract: In an example, a method of managing access to resources managed by heterogeneous resource servers having different policy document formats in a cloud services environment includes obtaining, at an identity and access management (IAM) service, a policy document describing privileges of an end user with respect to accessing at least one resource of the resources managed by a resource server of the heterogeneous resource servers; sending the policy document from the IAM service to an resource server endpoint designated by the resource server for validation; storing, by the IAM service, the policy document in a datastore in response to a determination by the resource server endpoint that the policy document is valid; and generating, by the IAM service, an indication that the policy document is invalid in response to a determination by the resource server endpoint that the policy document is invalid.

Abstract: Example embodiments disclosed herein relate to analyze code of a web application associated with a framework. The code is loaded. Data objects of the framework that are used by the code are modeled using local parameters with explicit control flow. The code is analyzed to identify at least one vulnerability by analyzing one or more execution paths of the code using the explicit control flow.

Abstract: This disclosure provides example techniques to invoke one or more tools, with an investigative tool. The investigative tool provides a common framework that allows investigators to invoke their own trusted tools or third-party generated tools. The investigative tool described herein seamlessly and transparently invokes the tools in accordance with an investigative profile created by the investigator.

Abstract: To provide an information processing system, a storage medium and a control method through which a user privacy level in a telepresence system can be set depending on a counterpart. An information processing system including: a setting unit that automatically sets a privacy level depending on a user of a communication destination device; a communication unit that transmits a picture of a user of a communication source device to the communication destination device; and a controller that performs control to mask the picture of the user of the communication source device depending on the automatically set privacy level.

Abstract: The disclosure includes novel encryption and/or decryption methods and systems that provide various security benefits. More specifically, the disclosure includes a description of a file encryption process and its ability to dynamically control permissions on who is allowed to decrypt the file. Moreover, the disclosed process permits an encrypted file to be freely distributed without losing the ability to govern/regulate decryption.

Abstract: A method of encrypting at least a portion of PostScript vector language, where the PostScript vector language includes a cleartext portion and a ciphertext portion, the method including: (a) encrypting at least a part of the PostScript cleartext portion via an encryption algorithm with a generated encryption key resulting in at least a part of the ciphertext portion and overwriting the PostScript cleartext portion with the resulting at least part of the ciphertext portion; (b) saving the encryption key in a file separate from a file containing the PostScript vector language; (c) linking both the encryption key file and the PostScript file in an image processor interpreting the PostScript vector language to display or print PostScript graphics; (d) decrypting the at least part of the ciphertext portion resulting in decrypted PostScript cleartext; and (e) executing the resulting decrypted Postscript cleartext to produce an image on a document or screen.

Abstract: A security verification system and method that includes outputting a list of potential dataflow vulnerabilities as a first output from inputting a subject program and security specification, mapping candidate vulnerabilities to a user interface (UI) entry point and payload from the output of the list of potential dataflow vulnerabilities to provide a second output, and performing directed testing of the second output.

Abstract: A computer implemented method is used for changing a password in a multi-domain environment. The method includes obtaining a private key and a public key from a security card at a user device in a user domain, transferring the public key to a controller in a secure domain, requesting a password change, receiving a public key encrypted new password from the secure domain, and decrypting the new password using the private key.

Abstract: Systems and methods implemented by an application executed on a user device for service discovery and connectivity include discovering one or more cloud services for a user associated with the user device; creating and operating an interface on the user device; and intercepting traffic at the interface from one or more client applications on the user device and splitting the traffic based on configuration to the one or more cloud services. The method can further include authenticating the user into the one or more cloud services prior to the splitting.

Abstract: A credential store for an endpoint contains credentials for accessing a remote service. In general, the credentials will not have an ordinary, legitimate use for the endpoint, serving instead to log in to a dedicated trapping service or the like. In the event that the endpoint becomes compromised and an attacker gains access to the credential store, the presentation of the credentials to the remote service can provide an indication of compromise to the endpoint and any suitable remediation may be taken.

Abstract: Methods and devices for monitoring scan attempts in a network. Various embodiments provide enhancements to existing honeypot devices. These enhancements may include at least one of: (1) a port access module configured to make at least one honeypot port appear to be closed; (2) a mobility module configured to change the address of the honeypot within the network; (3) an emulation module configured to discover a network neighbor's profile and further configured to emulate the network neighbor's profile.

Abstract: The disclosed technology is generally directed to device authentication in an IoT environment. For example, such technology is usable in authenticating IoT devices to an IoT Hub. In one example of the technology, data field targets are received for an IoT device. The data field targets may include at least one device identity data field target and at least one telemetry data field target. Data field entries are received from the IoT device at a first time. The data field entries may include at least one device identity data field entry and at least one telemetry data field entry. A determination is made as to whether the data field entries match the corresponding data field targets for the IoT device. The IoT device is selectively allowed to connect to the IoT hub based on the determination.

Abstract: A user device implements a certificate authority for issuing digital certificates that extend to other computing devices a level of trust to a particular user paired with the user device. The user device may obtain user persona information, generate a user key, and combine the user key with a device key for the generation of a digital certificate. The computing device may further transmit the digital certificate to a certificate management system, which manages interactions between other computing devices and the user device or authorizes operation of other computing devices by the particular user based on the digital certificate.

Abstract: In some embodiments, techniques for displaying a URL comprise receiving a URL; normalizing the URL, wherein normalizing the URL includes standardizing an encoding of a character contained in the URL; determining a first element of the URL, wherein the first element of the URL includes a domain; determining a second element of the URL; displaying the URL, wherein displaying the URL includes emphasizing the first element of the URL, and wherein emphasizing the first element of the URL includes displaying the first element of the URL using a first font attribute; and wherein displaying the URL includes displaying a first portion of the second element of the URL using a second font attribute and eliding a second portion of the second element of the URL; and responsive to an interaction with a user interface element, providing a view of the URL in its entirety.

Abstract: Systems and methods are provided for managing electronic tokens associated with an account. A system may include a memory storing instructions and account information associated with an account, and a processor configured to executed the stored instructions to: access information associated with one or more electronic tokens associated with the account, wherein the information includes one or more token settings, receive, via a network, information for a transaction request including a first token; analyze the received information to determine whether at least one rule in the one or more token settings is violated, responsive to a determination that at least one rule is violated, transmit an indication that the transaction request is denied, and responsive to a determination that no rules are violated, detokenize the transaction request.

Abstract: Embodiments of the present disclosure disclose an authentication method, an electronic device, and a computer-readable program medium. A specific embodiment of the method comprises: acquiring multimedia input information of a user in response to receiving an authentication request from the user; parsing the multimedia input information to obtain a parsing result; authenticating the user based on the parsing result; and transmitting an authentication result to the user; wherein the multimedia input information includes human face video input information and voice input information of the user; and the parsing result includes at least two of: biometric feature information of the user, voice content information, and behavior feature information of the user. The embodiments may lower a risk that a hacker forges the information for authentication inputted by the user.

Abstract: Cryptographic keys can include logging properties that enable those keys to be used only if the properties can be enforced by the cryptographic system requested to perform one or more actions using the keys. The logging property can specify how to log use of a respective key. A key can also include a mutability property for specifying whether the logging property can be changed, and if so under what circumstances or in which way(s). The ability to specify and automatically enforce logging can be important for environments where audit logs are essential. These can include, for example, public certificate authorities that must provide accurate and complete audit trails. In cases where the data is not to be provided outside a determined secure environment, the key can be generated with a property indicating not to log any of the usage.

Abstract: Embodiments are directed to monitoring local users' activity without installing an agent on a monitored machine. Periodic scans of the local users' directory using the standard protocol messages and APIs of a remote admin interface provide access to local machine data. Using the remote admin interface, defenders gain visibility to local users' logons, group membership, password changes, and other parameters. Security applications enabled by this visibility include, but are not limited to, abnormal logons detection, abnormal group addition and removal detection, and abnormal password changes detection.

Abstract: The disclosed technology is generally directed to device authentication in an IoT environment. For example, such technology is usable in authenticating IoT devices to an IoT Hub. In one example of the technology, data field targets are received for an IoT device. The data field targets may include at least one device identity data field target and at least one telemetry data field target. Data field entries are received from the IoT device at a first time. The data field entries may include at least one device identity data field entry and at least one telemetry data field entry. A determination is made as to whether the data field entries match the corresponding data field targets for the IoT device. The IoT device is selectively allowed to connect to the IoT hub based on the determination.