Abstract: A system includes an ingestion component configured to receive a request from an entity for content related to a content item and a user identity. The request has a content identifier representative of the content item and a token. A request processing component of the system is configured to access a database associated with the system and identify the content item and the user identity using the content identifier and the token, wherein the database has information associating the token with the user identity and associating the content identifier with the content item. In response to identification of the content item and the user identity, the request processing component directs a recommendation engine associated with the system to identify the content related to the content item and the user identity. Information identifying the content related to the content item and the user identity is then transmitted back to the entity.

Abstract: An integrated circuit having a Physically Unclonable Function (PUF) circuit is provided. The PUF circuit may be part of a secure subsystem, which also includes a random number generator, a syndrome generator, non-volatile memory, and control circuitry. A predetermined syndrome of a desired PUF response is stored in the non-volatile memory. During normal operation, a current PUF response may be read out from the PUF circuit. The current PUF response may differ from the desired PUF response. The random number generator may generate a random number that masks the current PUF response, whereas the syndrome generator outputs a syndrome of the current PUF response. This information may then be passed to an error-correcting code (ECC) processor. The ECC processor may return information to the secure subsystem. The control circuitry may then obtain a corrected PUF response that matches the desired PUF response.

Abstract: Disclosed are systems and methods for controlling opening of computer files by vulnerable applications. An example method includes: detecting a request from a software application to open a computer file on the user computer; determining one or more parameters of the file; determining a file access policy based on the parameters of the file, wherein the file access policy specifies at least access rights of the software application to the resources of the user computer; identifying vulnerabilities of the software application; determining an application launching policy for the software application based at least on the determined vulnerabilities, wherein the application launching policy specifies at least whether opening of the file is permitted or prohibited; and controlling opening of the file on the user computer and accessing of the computer resources by the software application working with the opened file based on the file access policy and application launching policy.

Abstract: An apparatus and method for establishing socket-based communication between wireless communication circuits without formally pairing the wireless communication circuits. For example, if a Bluetooth® (e.g., BTLE) wireless channel is used, a BTLE data structure comprising a set of characteristics may be used to manage bi-directional communication. Each characteristic, identified with an characteristic ID, has a value buffer associated therewith. A first characteristic/value buffer is defined for incoming data traffic and a second characteristic/value buffer is defined for outgoing data traffic. A layer of encryption and other security techniques may also be applied to protect the data transmitted between the wireless communication circuits.

Abstract: A method for determining a compute amount contributed by a device is provided. The method comprises receiving encrypted data from a processor of a customer system and parsing the encrypted data into a plurality of encrypted subsets. Then, the method associates a token specific to the device with an encrypted subset of the plurality of encrypted subsets to produce a packaged subset. The packaged subset is sent to the device. In response, a processed packaged subset that includes the token is received. The compute time contributed by the device is determined from the token of the processed packaged subset.

Abstract: The instruction code including an instruction code stored in the area where the encrypted instruction code is stored in a non-rewritable format is authenticated using a specific key which is specific to the core where the instruction code is executed or an authenticated key by a specific key to perform an encryption processing for the input and output data between the core and the outside.

Abstract: Systems and methods including are provided including computing devices operable to divide content into component parts of content data and/or editing parameters which may be individually attributed to their respective authors. Content and editing parameters may be sent and viewed separately and may have different privacy parameters set by their respective authors. Computing devices may be operable to synthesize and display edited content from separate components including content and privacy parameters.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to determine a string sample of data, determine a hash of the string sample of data, automatically cluster the hash with other hashes from other string samples of data, and automatically create a signature hash string for the string sample of data.

Abstract: One aspect relates to a communication protocol for communicating between one or more entities, such as devices, hosts or any other system capable of communicating over a network. A protocol is provided that allows communication between entities without a priori knowledge of the communication protocol. In such a protocol, for example, information describing a data structure of the communication protocol is transferred between communicating entities. Further, an authentication protocol is provided for providing bidirectional authentication between communicating entities. In one specific example, the entities include a master device and a slave device coupled by a serial link. In another specific example, the communication protocol may be used for performing unbalanced transmission between communicating entities.

Abstract: A communication system includes a first communication device, a second communication device, and a key management apparatus. The second communication device generates a random number, generates encrypted data using an encryption key, encrypts the random number, generates key information data, and transmits the key information data, identification information of the second communication device, and the encrypted data to the first communication device. The first communication device receives the key information data, the identification information, and the encrypted data, transmits the key information data and the identification information to the key management apparatus, receives the encryption key from the key management device, decodes the encrypted data and obtains the predetermined data using the received encryption key.

Abstract: Methods and systems for periodically generating and managing passwords for one or more websites of users are disclosed. The users are provided with the ability to automatically replace their old passwords with new passwords for their one or more website accounts. The users can set a pre-determined frequency at which their passwords are to be updated and replaced with new passwords. The users can further define additional one or more rules based on which their passwords are updated. The methods and systems are further configured to auto log into user's website accounts with the updated passwords.

Abstract: In one embodiment, a method is provided that may include one or more operations. One of these operations may include, in response, at least in part, to a request to store input data in storage, encrypting, based least in part upon one or more keys, the input data to generate output data to store in the storage. The one or more keys may be authorized by a remote authority. Alternatively or additionally, another of these operations may include, in response, at least in part, to a request to retrieve the input data from the storage, decrypting, based at least in part upon the at least one key, the output data. Many modifications, variations, and alternatives are possible without departing from this embodiment.

Abstract: The instruction code including an instruction code stored in the area where the encrypted instruction code is stored in a non-rewritable format is authenticated using a specific key which is specific to the core where the instruction code is executed or an authenticated key by a specific key to perform an encryption processing for the input and output data between the core and the outside.

Abstract: A computer-implemented method for managing an authentication policy for a user on a network of an organization includes determining at least one social media attribute of the user, and a social media risk value is assigned based on the at least one social media attribute of the user. The method further includes determining at least one network activity risk attribute of the user, and a network activity risk score is assigned based on the at least one network activity risk attribute. A current risk assessment score of the user is calculated based on the social media risk value and the network activity risk value. An authentication policy for the user is determined based on the current risk assessment score.

Abstract: Real-time techniques for determining all access requests to an attribute-based access control policy which evaluate to a given decision, “permit” or “deny”. The policy is enforced to control access to one or more resources in a computer network. In one embodiment, a method includes: (i) receiving a reverse query and a set of admissible access requests, each of which includes one or more attributes in the policy and values of these; (ii) extracting attributes to which all access requests in the set assign identical values; (iii) reducing the ABAC policy by substituting values for the extracted attributes; (iv) caching the policy as a simplified policy; (v) translating the simplified policy and the given decision into a satisfiable logic proposition; (vi) deriving all solutions satisfying the proposition; and (vi) extracting, based on the solutions, all access requests from the set for which the policy yields the given decision.

Abstract: Systems and methods are disclosed for securely storing and accessing data records. In an embodiment, a random seed value and a time period counter received from a warrant server. The seed value may correspond to a starting time period and be updated by applying a one-way function to the seed value upon expiration of the starting time period and each subsequent time period. A data record may then be received including one or more data fields. A data field may be identified to use as an index value, and an encryption key may be generated based on the current random seed value and the index value. The data record and/or the index value may then be encrypted using the encryption key, and the encryption key may be securely deleted after encrypting the data record and/or the index value. The warrant server may then assist with recovery of the data.

Abstract: A system for and method of protecting a resource is presented. The system and method include a trusted pair consisting of an initiator and a receiver. The receiver faces outward and is connected to a network, such as the Internet. The initiator is connected to the protected resource. In establishing a connection between the initiator and the receiver, the initiator initiates all communications. This configuration simplifies environment management, improves security including access controls, and facilitates deployment of internet-facing resources by changing the traditional model of component-to-component connection.

Abstract: A system retroactively detects malicious software on an end user system without performing expensive cross-referencing directly on the endpoint device. A client provides a server with information about files that are on it together with what it knows about these files. The server tracks this information and cross-references it against new intelligence it gathers on clean or malicious files. If a discrepancy in found (i.e., a file that had been called malicious, but that is actually benign or vice versa), the server informs the client, which in turn takes an appropriate action based on this information.

Abstract: A system and method are provided for the secure sharing of information stored using cloud storage services and for performing data verification and replay protection for information stored on an open network.

Abstract: A computing system assigns an anonymous cloud account to a user in response to a determination that identity information of the user is validated for a request to access a cloud. The anonymous cloud account does not reveal an identity of the user to the cloud. The computing system creates mapping data that associates the user with the anonymous cloud account. The cloud does not have access to the mapping data. The computing system facilitates user access to the cloud based on the anonymous cloud account. The cloud generates cloud access pattern data for the anonymous cloud account without determining the identity of the user.