Abstract: Systems and method for providing for suspension and transfer of remote access sessions. In accordance with the methods, a request to suspend a session may be received at a server tier. The server tier prepares a URL that may be used at a later time by a client to resume the session. The URL is communicated to a client tier from which the request was received and, thereafter, a connection between the client tier and the server tier is closed. At a subsequent time, a request may be received to resume the session at the URL. After receipt of the request to resume the session, a connection with the requesting client tier is established by the server tier, and the session is resumed.

Abstract: This disclosure describes methods and systems for a biometric identity management system capable of being deployed incrementally one organization at a time, and also reversibly, such that any organization can unsubscribe at any time. A biometric processing engine can perform biometric matching between records from a first database and a second database, whereby the databases have been established independently of each other. Each record comprises a biometric record and a corresponding identifier unique across databases. If a biometric record of a first record and a biometric record of a second record are from a same individual, the first record comprising a first unique identifier and the second record comprising a second unique identifier are linked. Using the first or second unique identifiers, access to information about the individual linked to both the first record in the first database and the second record in the second database is provided.

Abstract: Embodiments generally relate to data security in a computing system. The present technology discloses techniques that can enable an automatic generation of encryption keys using a service controller in communication with a key management server. By enabling an automatic mechanism for encryption key generation, the present technology can achieve data encryption efficiency for a large number of servers.

Abstract: Embodiments disclosed herein provide systems, methods, and computer-readable media for accessing a wearable computing system using randomized input origins for user login. In a particular embodiment, a method provides presenting a user with a first origin on which user login information is based, wherein the first origin is randomly selected from a plurality of possible origins. The method further provides, receiving first motion information from the user indicating a first position relative to the first origin that corresponds to a first element of the user login information. Upon receiving the user login information, the method provides determining whether the user login information authorizes the user to access the wearable computing system.

Abstract: A system and method provides security features for inter-computer communications. After a user has proved an association with one of several firms, a user identifier of the user that cannot be used to log the user in to a data consolidating system is received by a matching system from the data consolidating system. The validity of the user and the firm is checked at the matching system and, in response to the checking, the user identifier is converted to a different user identifier and the different user identifier is provided to a data providing system by the matching system. The data providing system provides the data of the user in response, and the matching system forwards the data to the data consolidating system.

Abstract: One embodiment relates to a method of updating, by an electronic device of a first user of a tree of data files and/or folders of the first user stored in a storage server configured to implement a re-encryption mechanism, this tree comprising at least one target folder that the first user has authorized a second user to access by providing the storage server with a re-encryption key for this target folder from the first user to the second user.

Abstract: A network security device (NSD) is connected between a network and an endpoint device configured to host a client application. The client application communicates with the network through the network security device using a request-response protocol. The NSD receives from the client application a request destined for the network and that seeks a response from the network. The request has a context header including context information about the client application. The NSD determines whether the client application or a file accessed thereby has a suspicious nature based on the context information. If it is determined that the client application or the file accessed thereby has a suspicious nature, the NSD blocks the request from the network, and sends to the client application a response indicating the block.

Abstract: In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, An expiration time may be assigned to sensitive data, and expired data and associated tokens may be deleted.

Abstract: A technique redirects a Diameter client command from a first server that has become unavailable to a second server consistent with a Diameter protocol. A method includes identifying a first authentication server as unavailable based on a redirect indication received from a second authentication server via a routing agent in response to a request for authentication of a user to the first authentication server. The method includes authenticating the user by the second authentication server in response to a subsequent request for authentication of the user to the second authentication server. The subsequent request for authentication includes an indication of a failure of the first authentication server. The method may include establishing a first service session in response to authenticating the user by the first authentication server and maintaining the first service session using the IP address of the first service session while the second authentication server authenticates the user.

Abstract: Techniques for generating malware signatures based on developer fingerprints in debug information are disclosed. In some embodiments, a system, process, and/or computer program product for generating malware signatures based on developer fingerprints in debug information includes receiving a sample, in which the sample includes a binary executable file; matching one or more paths in content of the binary executable file based on a plurality of patterns; extracting meta information from the one or more matched paths; and automatically generating a signature based on the extracted meta information.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to execute an application in a system with an operating system, perform event tracing for the application, analyze each instruction pointer from the event tracing, and determine if an instruction pointer points to an orphan page of memory. The orphan page can be a region of code that is not associated with the application, a region of code that is unidentified, or unusual code that is not associated with the application. In addition, the event tracing can be an embedded application that is part of the operating system.

Abstract: A wireless security system is provided. The system includes a first wireless device, a second wireless device, an uninstalled wireless device, and an access controller. The first wireless device is disposed within a first security zone having first security provisions within a network configuration. The second wireless device is disposed within a second security zone having second security provisions within the network configuration. The second security provisions are greater than the first security provisions. The access controller communicates with the uninstalled wireless device, and determines a proximity of the uninstalled wireless device relative to the first and second wireless devices, and configures third security provisions for the uninstalled device corresponding to the proximity.

Abstract: A system and approach having security assurance for a controller relative to outside connections such as internet. The controller may have locked and exposed modes. A locked mode may mean that the system is correctly configured in that security related settings meet minimum standards. For example, the controller is protected through sufficiently strong user accounts and passwords whether entered or by default. Also, there may be an entity, such as person or organization that has responsibility for securing the controller against undesired intrusions. In the exposed mode, where the system may be incorrectly configured, the controller may shut down some or all of the functionality that has relevance to remote access. In the exposed mode, a built-in web server may show one or more screens that allow one to access the controller. There may be security indicators, such as lights that indicate whether the controller is exposed or locked.

Abstract: Embodiments of a system for, and method for using, an elliptic curve cryptography integrated circuit are generally described herein. An elliptic curve cryptography (ECC) operation request may be received. One of a plurality of circuit portions may be instructed to perform the ECC operation. The plurality of circuit portions that may be used include a finite field arithmetic circuit portion, an EC point addition and doubler circuit portion, a finite field exponentiation circuit portion, and a point multiplier circuit portion. The result of the ECC operation may then be output.

Abstract: Ad hoc communications are established between unknown contacts. For example, in today's mobile communications environment, there are many instances in which a user of smart phone may wish to send a message to an unknown user's smartphone. An ad hoc communication thus allows messaging with an unknown user.

Abstract: Some embodiments provide a novel method for monitoring network requests from a machine. The method captures the network request at various layers of a protocol stack. At a first layer of a protocol stack, the method tags a packet related to the network request with a tag value, maps the tag value to a set of tuples associated with the packet, and sends a first set of data related to the packet to a security engine. At a second layer of the protocol stack, the method determines whether the packet has been modified through the protocol stack, and sends an updated second set of data to the security engine when the packet has been modified.

Abstract: Secured debug of an integrated circuit having a test operation mode and a secure mission operation mode. The integrated circuit has a processing unit, a test interface through which the test operation mode is controllable, an on-chip memory which is accessible in the test operation mode and in the secure mission operation mode, and one or more protected resources inaccessible in the test operation mode. The processing unit is configured, in the test operation mode, to receive an authenticated object through the test interface, and store the received authenticated object in the on-chip memory. The processing unit is moreover configured, upon reset into the secure mission operation mode, to execute a boot procedure to determine that the authenticated object is available in the on-chip memory, authenticate the authenticated object, and—upon successful authentication—render the more protected resources accessible to a debug host external to the integrated circuit.

Abstract: Methods, computing systems and computer program products implement embodiments of the present invention that include associating a token with a computing device, defining preferences for the computing device, and conveying, by the computing device, the token and the preferences to an event processing system. Upon the event processing system, an event message from a computing system via a one-way firewall and matching the computing device preferences to the event message, the event processing system can convey the token and the event message to a push notification system. In some embodiments, upon the push notification service receiving the token and the event message, the mobile device can be identified based on the token, and the event message can be conveyed to the computing device. The event messages may include a severity level, and the preferences may include a severity threshold and a message detail level.

Abstract: An attack defense processing method and a protection device. The attack defense processing method includes the protection device receives a first packet by a protection device, if it is determined that the first packet is an Internet Control Message Protocol version 6 (ICMPv6) Packet Too Big packet, parses the first packet to obtain an internet protocol (IP) address of a source node, an IP address of a destination node, and a Maximum Transmission Unit (MTU) value that are carried in the first packet, determines a range of valid MTUs on a path between the source node and the destination node according to the IP address of the source node and the IP address of the destination node, and performs attack defense processing for the first packet when it is determined that the MTU value does not belong to the range of the valid MTUs.

Abstract: A method is provided for securely transmitting a digital message that is transmitted by means of an electronic letter service. A user of the service has a computer with a functioning browser and an Internet connection, and the electronic letter service makes use of a TrustCenter. The user creates a password using his/her browser. A user password verifier is cryptographically derived from the password. The user password verifier is transmitted to the electronic letter service and stored on a storage medium. A user secret is generated from the password by means of a cryptographic derivation. The user secret constitutes the symmetrical key for the encryption of a user-specific user master secret. The user secret is encrypted using the public key of the TrustCenter and the encrypted user secret is transmitted to the electronic letter service, from where it is then forwarded to the TrustCenter.