Abstract: A method comprising partitioning a space of user requests into subsets, and determining a risk score for a user request based on the evolution of the number of user requests in the subset of user requests to which this user request belongs.

Abstract: Various embodiments of the present invention relates generally to an integrated circuit, and more particularly, to systems, devices and methods of incorporating a tamper detection countermeasure into a security ASIC to deter physical attacks. The tamper detection countermeasure architects an active mesh to cover a sensitive area in the security ASIC. A plurality of time-varying random numbers is generated by a random number generator (RNG), and the active mesh is driven and configured according to these random numbers. During tamper detection cycles, the active mesh is monitored with respect to the plurality of random numbers that is directly provided by the RNG. Upon a tampering attempt, a flag signal is generated and used to initialize subsequent anti-tampering actions. The active mesh may be controlled and monitored based on time-varying codes, and therefore, an adversary may not easily bypass the active mesh and attack the sensitive area.

Abstract: Embodiments described herein provide systems and method for implementing privacy control in a co-browsing environment. In a particular embodiment, a method provides receiving an instruction in a co-browsing server to initiate a co-browsing session for a website with a first client and a second client. The method further provides receiving first privacy settings from the first client, wherein the first privacy settings indicate how the website should be presented at the second client. The method further provides presenting the website at the first client and presenting the website at the second client based on the first privacy settings.

Abstract: A blueprint that produces a family of FHE schemes given any homomorphic monoidal encryption scheme. The ciphertext space is a subspace of the monoid algebra over F2 generated by the initial encryption monoid. The method can be generally applied to any monoid encryption schemes. Advantageously, monoid encryption schemes produce efficient FHE schemes with the inventive blueprint. Furthermore, the corresponding FHE scheme can correctly decrypt and efficiently compute circuits with low (polynomial in the security parameter) additive depth, a feature not realized by prior encryption methods.

Abstract: An apparatus for intrusion detection includes processing circuitry, a switch, signal detection circuitry, and an analog-to-digital converter (“ADC”). The processing circuitry is coupled to send a challenge signal to a device when the device is coupled to the processing circuitry. The switch is coupled to be enabled and disabled by the processing circuitry. The switch is for coupling to the device to receive a response signal in response to the challenge signal sent by the processing circuitry. The signal detection circuitry is coupled to receive the response signal in via the switch, when the processing circuitry enables the switch. The ADC is coupled to take measurements of the signal detection circuitry at a first output. The processing circuitry is coupled to the ADC and configured to analyze whether an intruder is present in the device based on the measurements of the signal detection circuitry.

Abstract: Access to personal information is restricted when analyzing errors in computer programs. Variables are named with prefixes to identify data that must be transformed before disclosure. If a variable has a name that requires transformation, the associated data must be transformed before resolving an error.

Abstract: An apparatus for use as a single sign on entity (100) for controlling access to one or more devices (104a-d) in a computer network, the devices accessible with a device access password; the apparatus comprises a password generator configured to generate current and future device access passwords, a back-up controller configured to store a back-up comprising the current and future device access passwords at the time of the back-up in a memory, a password changer configured to change the current device password to one of the future device access passwords and to control a transmitter to transmit data implementing the change to the device, wherein the back-up controller is configured to restore the device access password from the backed-up future device access passwords, losing the current device access password.

Abstract: A method and an apparatus to dynamically distribute privileges among a plurality of processes are described. Each process may have attributes including a privilege to control access to processing resources. A first process may be running with a first privilege prohibited from access to a processing resource. A second process may be running with a second privilege allowed to access the processing resource. The first process may receive a request from the second process to perform a data processing task for the second process. In response, the second privilege may be dynamically transferred to the first process to allow the first process to access the processing resource. The first process may perform operations for the data processing task with the second privilege transferred from the second process.

Abstract: A smart device can include a data oriented sensor providing a numerical value, a logic oriented sensor providing a state, a sensor value collector connected to the data oriented sensor, a sensor logic state detector connected to the logic oriented sensor, a data processor connected to the sensor value collector and the sensor logic state detector, and a data analyzer connected to the data processor. The data processor can take the numerical value received from the sensor value collector, calculate an average value from the numerical value, sample the state receiving from the sensor logic state detector, and create an input matrix by using the average value and the sampled state. The data analyzer can receive the input matrix, train an analytical model, and check a data to indicate whether a state of the smart device is malicious or not.

Abstract: In one embodiment, a set of feature vectors can be derived from any biometric data, and then using a deep neural network (“DNN”) on those one-way homomorphic encryptions (i.e., each biometrics' feature vector) can determine matches or execute searches on encrypted data. Each biometrics' feature vector can then be stored and/or used in conjunction with respective classifications, for use in subsequent comparisons without fear of compromising the original biometric data. In various embodiments, the original biometric data is discarded responsive to generating the encrypted values. In another embodiment, the homomorphic encryption enables computations and comparisons on cypher text without decryption. This improves security over conventional approaches. Searching biometrics in the clear on any system, represents a significant security vulnerability. In various examples described herein, only the one-way encrypted biometric data is available on a given device.

Abstract: A system and method for giving access to streaming media that is associated with purchased physical media item is disclosed herein. Upon the purchase of a physical media item, a unique identifier is received. The unique identifier is analyzed to determine if the unique identifier is associated with a streaming service account. If so, the streaming service account is modified to grant access to streaming media that is associated with the physical media. The user is notified of the availability of the streaming media. The user can then initiate playback of the streaming media. Other embodiments are also disclosed herein.

Abstract: Disclosed are system and method for executing calls to a file system of a computer. An exemplary method comprises intercepting, by a software agent, a call to the file system; determining one or more parameters of the call that identify its functionality; determining a priority of executing the call based on the one or more parameters; storing information about the call, the parameters and the priority into a database; selecting from the database, one or more calls for execution based at least in part on relative priorities of execution of the plurality of calls stored in the database; determining whether to execute or not to execute a selected call based on whether the selected call interferes with execution of an earlier selected call; and when the selected call does not interfere with execution of an earlier selected call, passing the selected call to the file system for execution.

Abstract: A system, apparatus, method, and machine readable medium are described for performing client risk assessment for authentication. For example, one embodiment of an apparatus comprises: a client risk assessment agent to perform an assessment of client configuration data to determine a risk level associated with a client device; and an authentication engine to performing authentication for a particular transaction in accordance with the risk level.

Abstract: A system, method, and device includes a platform data storage that stores a wrap that secures an executable controller and executable sensors. The wrap is verified, optionally through a downloaded authentication driver. After verifying the wrap, the wrap is opened and a sister of the executable controller is installed into the platform memory to cooperate with the executable controller. Additionally or alternatively, the authentication driver may cooperate with the executable controller. The executable controller allows the platform processor to access data secured in a vault and/or verify the platform to create a connection to an application server.

Abstract: The present invention provides a system, method and apparatus for increasing relevance of a content provided to a visitor by a content provider by providing one or more server computers and at least one data storage communicably coupled to the one or more server computers, receiving at least a portion of a visitor token and at least a portion of a content provider token at the one or more server computers from a content provider device, determining whether a release of an anonymous unfilled demand for the visitor is authorized based on the visitor token, the content provider token and one or more preferences stored in the at least one data storage, and sending at least a portion of the anonymous unfilled demand for the visitor to the content provider device when the release is authorized.

Abstract: A system, apparatus, method, and machine readable medium are described for delegating trust to a new client device or a new authenticator on a trusted device. For example, one embodiment of a method comprises: implementing a series of trust delegation operations to transfer registration data associated with one or more trusted authenticators on a trusted client device to one or more new authenticators on a new client device or on the trusted client device.

Abstract: An electronic device will identify an electronic message received by a messaging client that is associated with a first recipient, and it will analyze the electronic message to determine whether the electronic message is a simulated malicious message. Upon determining that electronic message is a simulated malicious message, the device will identify an actuatable element in the electronic message. The actuatable element will include a service address. The device will modify the electronic message by appending a user identifier of the first recipient to the service address of the actuatable element. Then, when the actutable element is actuated, the system may determine whether the first recipient actuated the actuatable element or an alternate recipient did so based on whether the user identifier of the first recipient is still appended (or is the only user identifier appended) to the actuatable element.

Abstract: This document describes apparatuses and techniques for monitoring social media for breach of organizational privacy. In some aspects, these techniques receive social media content from a social media site or social media stream. The social media content is compared with organizational information that includes private information and public information to determine an amount of private data disclosed by the social media content. Based on a ratio of amounts of the private data and public data disclosed, a score is provided that indicates a degree to which the social media content breaches organizational privacy.

Abstract: A method for providing multiple users with security access to an electronic system is provided. The method comprising: providing a plurality of parent security roles, wherein each parent security role includes a plurality of transactions authorized to be performed in the electronic system, providing a plurality of child security roles, wherein each child security role is derived from one of the plurality of parent security roles, setting up the multiple users in the electronic system and their associated user passwords, assigning one of the plurality of child security roles to each of the multiple users to provide the multiple users with security access to the electronic system at once, and providing each of the multiple users with security access to the electronic system, via the associated user password, in accordance with the child security role assigned to the user.

Abstract: The techniques and/or systems described herein are directed to improvements in homomorphic encryption to improve processing speed and storage requirements. For example, the techniques and/or systems can be used on a client device to encode data to be sent to a remote server, to be operated on while maintaining confidentiality of data. For example, data including a real number can be encoded as a polynomial, with the fractional part of the real number encoded as high-order coefficients in the polynomial. Further, real numbers can be approximated and encoded in a polynomial using a fractional base, and/or the encoding can include slot encoding. Thus, the optimized encodings disclosed herein provide an optimized homomorphic encryption scheme.