Abstract: In one example an apparatus comprises accelerator logic to pre-compute at least a portion of a message representative, hash logic to generate the message representative based on an input message, and signature logic to generate a signature to be transmitted in association with the message representative, the signature logic to apply a hash-based signature scheme to a private key to generate the signature comprising a public key, and determine whether the message representative satisfies a target threshold allocation of computational costs between a cost to generate the signature and a cost to verify the signature. Other examples may be described.

Abstract: A communication system provides secure communication between two nodes in a self-organizing network without the need for a centralized security or control device. A first node of the two nodes is provisioned with one or more security profiles, auto-discovers a second node of the two nodes, authenticates the second node based on a security profile of the one or more security profiles, selects a security profile of the one or more security profiles to encrypt a communication session between the two nodes, and encrypts the communication session between the two nodes based on the selected security profile. The second node also is provisioned with the same one or more security profiles, authenticates the first node based on a same security profile as is used to authenticate the second node, and encrypts the communication session based on the same security profile as is used for encryption by the first node.

Abstract: A plug-in module, which, in combination with a host module, prevents unauthorized copying—like screen captures, screenshots, or screen recordings—of the streaming content provided to a participant in an online content-sharing session via an Instant Messenger (IM) service. The plug-in module may be a part of an IM application running on the participant's system or the host module may transmit a self-installing plug-in module to the participant's system upon receiving an indication that a user is hosting the online session. The plug-in module provides kernel-specific interface of the participant system's Operating System (OS) to the host module, which, then sends an OS-specific instruction to the plug-in module to trigger the OS to disable or control the copying of the streaming content as specified in a privacy preference received from the user hosting the online session. In this manner, sensitive and critical business data may be conveniently and securely shared online.

Abstract: A computing resource service provider provides a certificate management service that allows customers of the computing resource service provider to create, distribute, manage, and revoke digital certificates issued by public and/or private certificate authorities. In an embodiment, when a new certificate is generated, a certificate template is used to apply various settings and policies for the new certificate. In various examples, templates may be used to establish default values, enforce required and optional values, place restrictions on one or more data fields, and enforce signature requirements. In some embodiments, the template establishes rules for rejecting certificate requests that don't conform to the template.

Abstract: Authentication processing is provided which includes generating an authentication parameter as a function of a time-dependent input using a predetermined transformation having an inverse transformation. Multiple authentication modes are supported, with a bit-length of the time-dependent input of one authentication mode being different from a bit-length of the time-dependent input of another authentication mode. Generating the authentication parameter is dependent, in part, on whether the time-dependent input is of the one authentication mode or the other authentication mode, and includes performing multiple rounds of transformation of the time-dependent input. A time-dependent password including a character string is generated from the authentication parameter using another predetermined transformation having another inverse transformation. The time-dependent password is forwarded within the authentication system for authentication by an authenticator.

Abstract: The disclosed computer-implemented method for detecting inter-personal attack applications may include (i) receiving application marketplace information describing application feature information, (ii) creating, by performing natural language processing on the feature information, a feature vector identifying a potentially malicious functionality of the application, (iii) creating a profiling vector that is a categorical feature representation of installation information from an application installation file, and (iv) performing a security action including (A) mapping, using a machine learning model, the feature vector and the profiling vector to a multi-dimensional output vector having element corresponding to a malware category and (B) determining a malicious extent of the application by combining the categories identified by the multi-dimensional output vector with bi-partite graph information identifying (I) relations between a plurality of applications and (II) relations between a plurality of computing

Abstract: For detecting and preventing cipher key disclosure, a method detects software code in a copy buffer. In response to detecting the software code, the method detects a cipher key in the software code. In response to detecting the cipher key, the method communicates a cipher alert that the cipher key is in the software code.

Abstract: Concepts and technologies are disclosed herein for providing an electronic document processing system, an electronic document generation mechanism, an encrypted digital certificate generator, a tool for coordinating the processing of electronic documents, a packaging mechanism for finalizing and authenticating electronic documents, a tracking log for recording relevant electronic document information, and a transferring protocol for transferring the ownership of electronic documents. The present disclosure also is directed to an electronic authentication system including an electronic document authentication watermark seal or signature line for confirming a document's signing within the view.

Abstract: Systems, methods, devices, and computer readable media related to fraud detection. Fraud detection is achieved using a flexible scripting language and syntax that simplifies the generation of fraud detection rules. The rules are structured as conditional IF-THEN statements that include data objects referred to as Anchors and Add-Ons. The Anchors and Add-Ons used to generate the rules also correspond to a distinct data path for the retrieval data from any of a variety of data sources. The generated rules with distinct data paths are then converted using a transpiler from the scripting language into native language source code (e.g., PHP, Java, etc.) for deployment in a particular environment. The rules are then executed in real-time in the environment to detect potential fraudulent activity.

Abstract: Systems and methods for embodiments of a graph based artificial intelligence systems for identity management are disclosed. Embodiments of the identity management systems disclosed herein may utilize a network graph approach to analyzing roles of a distributed networked enterprise computing environment. Specifically, in certain embodiments, an artificial intelligence based identity management systems may utilize role graphs to assess the role structure of a distributed enterprise computing environment.

Abstract: A computer-implemented authentication method, the method comprising: matching a brain pattern sequence with a predetermined password to allow access to a system, wherein the brain pattern sequence is calculated by analyzing a signal slope of a slope threshold of the brain activity to determine a timing and a duration of the brain activity.

Abstract: An information processing device includes a controller that, when a first device is identified by an identification operation by a first user and a second device is identified by an identification operation by a second user, controls display of a linkage function executable using the first device and the second device. In a further modification of the invention, when the first user and the second user belong to a linkable group and the first device and the second device are identified, the controller may control the display of the linkage function.

Abstract: A method generates, in a higher security domain (SD), public and secret keys using a first homomorphic encryption scheme (HES), passes the public key to a first shared security zone (SSZ) between the higher SD and a lower SD and through the first SSZ to a second entity in the lower SD, passes a plain text query from the higher SD to the first SSZ, encrypts the plain text query using a second HES, passes the encrypted plain text query to the second entity, performs an oblivious query to generate an encrypted result, and passes that from the lower SD to a second SSZ located between the higher and lower SDs, passes the secret key from the higher SD to the second SSZ, and decrypts the encrypted result using the secret key to generate a plain text result, and passes the plain text result to the higher SD.

Abstract: An application server sends a public key from an asynchronous key-pair to a user system to encrypt a user encryption secret that forms part of a first encryption key. The application server uses a second encryption key provided by a key derivation server to encrypt a private key from the asynchronous key-pair. The application server then deletes the second encryption key to prevent decryption of the user encryption secret received from the user system. The application server receives the encrypted user encryption secret from the user system and sends a request to the key derivation server to re-encrypt the user encryption secret. The key derivation server uses a key encryption secret to generate the second encryption key and decrypt the private key. The key derivation server uses the decrypted private key to decrypt the user encryption secret and then re-encrypts the first encryption secret to prevent decryption by the application server.

Abstract: Aspects of the subject disclosure may include, for example, detecting a request for access to a wireless network via an access point. Responsive to a first determination that the identifier corresponds to an entry in the list, access is facilitated to the wireless network via the access point without the equipment of the requesting user providing credentials to the wireless network. The list includes a first set of entries corresponding to a first set of users having unrestricted access and a second set of entries corresponding to a second set of users having restricted access. Responsive to a second determination that the identifier does not correspond to any of the entries, a message is transmitted to equipment of the host regarding the request, and responsive to receiving approval, the list is updated to include the identifier. Other embodiments are disclosed.

Abstract: A method and apparatus for digital watermarking, recording multimedia contents, as well as detection, by using data recorded in a base, of potentially infringing multimedia contents. The method is based on a watermarking done in conjunction with the recording of specific data in a data base, this data being thereafter used to detect a watermark, if any, in an infringing content in using or not using the original content.

Abstract: A method of securely transmitting a message from a sending entity to a receiving entity via a network. A Processing String Engine is communicatively coupled to the sending and receiving entities. The sending entity requests the Processing String Engine to provide a network routing path for message transmission from the sending entity to the receiving entity and to provide a processing string for the message transmission. The Processing String Engine identifies a network path and generates a processing string. The sending entity appends the processing string to the message and sends the message to the receiving entity. The message is unreadable while the processing string is appended thereto. Upon receipt of the message with the appended processing string, the receiving entity requests removal the processing string. Upon successful verification of the receiving entity, the processing string is removed, and the message is returned to the receiving entity.

Abstract: A gateway device includes a network interface connected to data sources, and computer instructions, that when executed cause a processor to access data portions from the data sources. The processor accesses classification rules, which are configured to classify a data portion of the plurality of data portions as sensitive data in response to the data portion satisfying the rule. Each rule is associated with a significance factor representative of an accuracy of the classification rule. The processor applies each of the set of classification rules to a data portion to obtain an output of whether the data is sensitive data. The output are weighed by significance factors to produce a set of weighted outputs. The processor determines if the data portion is sensitive data by aggregating the set of weighted outputs, and presents the determination in a user interface. Security operations may also be performed on the data portion.

Abstract: A communication system for an aircraft comprises a communication interface with the outside of the aircraft and an avionics domain of which the security level is the highest of the communication system. It also comprises a communication domain to which is connected the communication interface and of which the security level is lower than the security level of the avionics domain. A barrier of a first type is arranged to filter the information coming from the communication interface so as to allow the information to pass into the communication domain only if the information corresponds to an authenticated communication. A barrier of a second type is arranged to filter information transmitted from the communication domain to the avionics domain, carrying out at least a syntactic filtering of the information.

Abstract: A shared computing infrastructure has associated therewith a portal application through which users access the infrastructure and provision one or more services, such as content storage and delivery. The portal comprises a security policy editor, a web-based configuration tool that is intended for use by customers to generate and apply security policies to their media content. The security policy editor provides the user the ability to create and manage security policies, to assign policies so created to desired media content and/or player components, and to view information regarding all of the customer's current policy assignments. The editor provides a unified interface to configure all media security services that are available to the CDN customer from a single interface, and to enable the configured security features to be promptly propagated and enforced throughout the overlay network infrastructure.