Abstract: Methods, systems, and computer program products are provided. A network device receives, from a client device, a description of a dataset to be de-identified, and a list of one or more data de-identification techniques selected from groups consisting of a group of data masking techniques and a group of data pseudonymization techniques, and their configuration options supported by the client device. A first technique, from the at least one group of techniques and its configuration options supported by the client device and the network device are determined. The network device receives a dataset produced at the client device by applying the first technique and selected configuration options to corresponding attributes from the client device. The network device applies a de-identification technique to the dataset to produce a resulting set of de-identified data, wherein the de-identification technique is coordinated with the first technique and its configuration options to de-identify the dataset.

Abstract: For a network including multiple computers acting as tunnel endpoints in a network, some embodiments provide a method for processing data messages in parallel using multiple processors (e.g., cores) of each computer. Each computer in some embodiments has a set of interfaces configured as tunnel endpoints connecting to multiple tunnels. In some embodiments, the multiple processors encrypt data messages according to a set of encryption parameters or multiple sets of encryption parameters that specify an encryption policy for data messages requiring encryption, an encryption algorithm, an encryption key, a destination network address, and an encryption-parameter-set identifier.

Abstract: Methods, systems, and computer program products are provided. A network device receives, from a client device, a description of a dataset to be de-identified, and a list of one or more data de-identification techniques selected from groups consisting of a group of data masking techniques and a group of data pseudonymization techniques, and their configuration options supported by the client device. A first technique, from the at least one group of techniques and its configuration options supported by the client device and the network device are determined. The network device receives a dataset produced at the client device by applying the first technique and selected configuration options to corresponding attributes from the client device. The network device applies a de-identification technique to the dataset to produce a resulting set of de-identified data, wherein the de-identification technique is coordinated with the first technique and its configuration options to de-identify the dataset.

Abstract: A change-tolerant method of generating a fingerprint of a computing environment based on asset parameters associated components of the computing environment. Asset parameters are grouped into multiple subsets based on characteristics of the components. A share is generated for each asset parameter of the category to produce a plurality of shares. A secret sharing algorithm is applied to the subsets to generate a plurality of candidate identifiers corresponding to the plurality of subsets of shares. A candidate identifier is selected from the plurality of candidate identifiers as a final identifier for each category based at least in part on a frequency of occurrence of that candidate identifier. The final identifiers are combined into a fingerprint corresponding to the computing environment, wherein the fingerprint is provides verification of the plurality of components without requiring individual verification of any shares in the plurality of shares.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, to authenticate mobile traffic. One of the methods includes receiving a first request for a strategy from a client device over a network. The method includes providing a current strategy to the client device, the current strategy including characteristics used to authenticate requests from the client device based on the inclusion of the characteristics in the request. The method includes receiving, from the client device, a second request for access to a processing system. The method includes validating the second request according to one or more strategies, including the current strategy. The method also includes forwarding the second request to the processing system based on the validation.

Abstract: A secure boot violation system includes a BIOS with an authenticated variables storage storing at least one authorization key and at least one signatures database. The BIOS receives a first policy action entry for association with a first signature in the at least one signatures database, determines that the first policy action entry is signed with the at least one authorization key and, in response, associates the first policy action entry with the first signature in the at least one signatures database. The BIOS then determines, during a boot process and subsequent to the associating the first policy action entry with the first signature, that a first secure boot violation has occurred based on the first signature in the at least one signatures database. In response to determining that the first secure boot violation has occurred, the BIOS performs a first policy action defined by the first policy action entry.

Abstract: A method and arrangement for providing warnings based upon potential security compromising actions is discussed. Monitoring of system changes, temperature, humidity, power levels and reconfiguration of system components is performed and compared to threshold levels, with warning generated when monitored conditions fall outside of expected bounds.

Abstract: Disclosed is a client system for facilitating authentication of a user characterized by validating a password, at the client machine, transmitted by a server. In order to authenticate the user, initially, the client machine transmits a User Identification (ID) to the server. Upon receipt of the User ID, the server receives the User ID from the client machine and accordingly transmits a password to the client machine. In one aspect, the password may be transmitted by identifying the password, pertaining to the User ID, from a server password database and altering the password, to be transmitted, based on the metadata by using a Random Character Generator (RCG) algorithm. Subsequently, the client machine receives the password pertaining to the User ID from the server. Post receipt of the password, the client machine compares the password with a complementary password stored in a client password database presents on a client machine.

Abstract: Example techniques locate or identify malware based on events from or at monitored computing devices. A control unit can detect a sequence of events of various types. The control unit can locate a loop within the sequence of events based at least in part on relative frequencies of the event types. The control unit can determine a distribution of event types of the events within the loop, and determining that software running the sequence is associated with malware based at least in part on the distribution of event types within the loop. In some examples, the control unit can locate a point of commonality among a plurality of stack traces associated with respective events within the loop. The control unit can determine a malware module comprising the point of commonality.

Abstract: Method and apparatus for authenticating analog mixed-signal integrated circuits using process-specific functions (PSF) comprising: presenting wafer having plurality of dies, each die having circuit with identical design but having inherent physical differences due to process variation in their manufacture, each circuit designed to enhance the effects of the inherent differences; defining selected number of inputs/stimuli for authenticating and identifying each integrated circuit; defining expected response for each circuit, wherein the expected response for each circuit is the same due to the identical design; defining statistical window for analog response by the circuit to the inputs/stimuli; applying the inputs/stimuli to each circuit; receiving analog response corresponding to the applied inputs/stimuli, wherein the analog response falls outside statistical window when there are functional or physical changes to the circuit; separating from plurality of dies each die providing a response outside the stati

Abstract: An approach for securing a DHCP server against unauthorized client attacks in a SDN environment is presented. In an embodiment, a method comprises: determining a count of sub-interfaces implemented on an interface card of a virtual machine; setting a count of unique client identifiers for the virtual machine to zero; determining whether a dynamic host configuration protocol (DHCP) request has been received from the virtual machine; in response to determining that a DHCP request has been received from the virtual machine, incrementing the count of unique client identifiers; determining whether the count of unique client identifiers exceeds the count of sub-interfaces implemented on the interface card of the virtual machine; and in response to determining that the count of unique client identifiers does not exceed the count of sub-interfaces implemented on the interface card of the virtual machine, forwarding the DHCP request to an uplink port.

Abstract: The present disclosure provides a system and a method for communication service verification and a verification server thereof. The method includes: obtaining a light code from a light code transmission device through a user device; demodulating the light code by the user device to generate a cipher; receiving a service request sent from the user device by a service system server; receiving a verification request sent from the user device or the service system server by a verification server; and retrieving a decryption key by the verification server based on the verification request, so as to decode the cipher in the verification request using the decryption key and obtain a decoding result.

Abstract: A method, computer program product, and a system where a processor(s), obtains pre-recorded visual data from a given location, captured by an image capture device at a visual input location at the given location. The processor(s) determines a position of the image capture device utilized to capture the visual data. The processor(s) obtains known landmarks from data related to the given location. The processor(s) analyzes the visual data to identify a portion of the known landmarks in the visual data, where the analyzing generates matched landmarks. The processor(s) determines a spatial orientation and positioning of the visual input location with respect to the matched landmarks, at the given location. The processor(s) generates an encryption key, utilizing the spatial orientation and the positioning of the visual input location with respect to the matched landmarks. The processor(s) encrypts a message with the encryption key, generating an encrypted message.

Abstract: Securely performing file operations. A method includes determining a licensing characteristic assigned to a file. When the licensing characteristic assigned to the file meets or exceeds a predetermined licensing condition, then the method includes performing a file operation on the file in a host operating system while preventing the file operation from being performed in the guest operating system. When the licensing characteristic assigned to the file does not meet or exceed the predetermined licensing condition, then the method includes performing the file operation on the file in the guest operating system while preventing the file operation from being performed directly in the host operating system.

Abstract: Methods, systems, and media for improving computer security and performance of security are disclosed. In one example, a computer security system comprises a key management monitor, and two key elements comprising a first key element and a second key element. The first key element is stored at a first location address within a computer memory and the second key element is stored at a second location address. The key management monitor is configured to determine or receive a time duration for performing a data dump of contents of the computer memory. In one example, the key management monitor is further configured to control a location of the first key element within the computer memory, wherein the location address of the first key element is changed within a time period that is less than the time duration for performing the data dump of contents of the computer memory.

Abstract: An example display device for securing graphics outputs includes: a checker to check whether a secure output marker is located in a pre-determined position in graphical information of a digital image; a verifier to verify whether first data in the secure output marker matches actual data in a trusted output area of the digital image; and autonomous indicator control logic to activate a hardware-based trusted output indicator when the first data matches the actual data, the autonomous indicator control logic not accessible by computing applications executing on a system in communication with the display device.

Abstract: Systems, methods, and computer-readable media for communications between applications in a mobile operating system. A first application may receive a request for data from a second application. The first application may generate a first URL to the second application, a parameter of the first URL comprising an identifier of the first application. A mobile operating system may access the first URL to open the second application. The second application may validate credentials for an account and initiate a server on a port. The second application may generate a second URL to the first application, a parameter of the second URL comprising the port. The operating system may access the second URL to open the first application. The first application may establish a connection with the server using the port specified in the second URL and receive data from the second application via the connection with the server.

Abstract: Disclosed are systems and methods for routing during statistics collection. A method is described of exchanging data in a client/server architecture across a node with an anonymization module situated in a regional network different from the network in which the server is located and not being in the same intranet as the server or the client when making the request.

Abstract: Techniques for generating dynamic challenge questions for use in an authentication process are provided herein. An example computer-implemented method can include outputting a first prompt to a user via a user device interface, wherein the first prompt comprises a first set of information-gathering questions; generating dynamic challenge questions for use in an authentication process, wherein the dynamic challenge questions are generated based on user responses to the first set of information-gathering questions; generating a second prompt in connection with an authentication request, wherein the second prompt is based at least in part on at least one of the dynamic challenge questions; processing a user response to the at least one dynamic challenge question, wherein said processing comprises determining a likelihood that the user response matches an automatically estimated response; and resolving the authentication request based on the processing.

Abstract: Disclosed are an application security protection method, a terminal, and a storage medium. The method includes the steps of: monitoring whether an application software protection triggering condition is satisfied (S301); if yes, judging whether current application software is malicious software (S302); if yes, providing prompt information indicating that the current application software is malicious software (S303); and when an opening continuing instruction for continuing to open the current application software is received (S304), starting the current application software (S305). The application security protection method, the terminal and the storage medium greatly improve the security when an application program runs at the terminal.