Abstract: A security device may receive, from a server device, a response to a request. The request may be provided by an attacker device and may include a plurality of input values. The security device may determine the plurality of input values, included in the request, based on receiving the response. The security device may modify the response to form a modified response. The response may be modified to include information associated with the plurality of input values. The response may be modified in an attempt to prevent the attacker device from identifying a vulnerability, associated with the server device, based on the plurality of input values being included in the response. The security device may provide the modified response to the attacker device.

Abstract: Embodiments are disclosed for profiling network-level malicious activity. Profiling embodiments include observing malicious activity, representing such activity in accordance with a set of representative features, capturing temporal evolution of this malicious behavior and its dynamics, and using this temporal evolution to reveal key risk related properties of these networks. Embodiments are further disclosed addressing the connectedness of various networks and similarity in network-level maliciousness. Embodiments directed to similarity analyses include focusing on the notion of similarity—a quantitative measure of the extent to which the dynamic evolutions of malicious activities from two networks are alike, and mapping this behavioral similarity to their similarity in certain spatial features, which includes their relative proximity to each other and may be used to help predict the future maliciousness of a particular network.

Abstract: In a distributed system, data is shared between three or more electronic devices. The first device generates and signs an object that includes the data. A second device receives the signed object and determines whether the signed object is valid. If valid, the second device will generate a validated signed object and send it to a third device. The third device will validate the object by determining whether the object includes valid signatures of both the first and second devices.

Abstract: A system and method to cause an obfuscated non-functional device to transition to a starting functional state using a specified number of cycles are disclosed.

Abstract: Embodiments for securely determining a separation distance between wireless communication devices is provided. These embodiments include receiving a measurement request and a first random identifier from a first wireless communication device at a second wireless communication device. The embodiments also includes deriving a transient key using the first random identifier, a second random identifier (generated by the second device), and a pre-shared key. The first and second random identifiers, the pre-shared key, and the transient key derived therefrom are shared between the first and second devices, but are not known to any other devices. The embodiments further include encrypting measurement data exchanged between the two devices using the transient key, and using the encrypted measurement data to calculate and verify a separation distance between the devices.

Abstract: A method performed by a processing system includes reconstructing a metadata tree of a patient from a metadata tree journal, the metadata tree including a plurality of references to a corresponding plurality of encrypted electronic health records of the patient in an encrypted data store, and validating the metadata tree by comparing first integrity information of the metadata tree to second integrity information corresponding to the metadata tree journal provided by a metadata integrity validator.

Abstract: In an approach for authenticating a user attempting to access to a resource, a processor receives an indication of a user attempting to access a resource within a timeframe, wherein the indication includes a location of the user. A processor identifies a location requirement for the user attempting to access the resource, wherein the location requirement originates from an entry indicating an expected location of the user within the timeframe, and wherein the entry is unmodifiable by the user. A processor determines whether the expected location of the user matches, within a threshold, the received location of the user attempting to access the resource.

Abstract: A memory system is constituted of a file storage flash memory storing a control program required for a control portion and a large amount of data, and a random access memory storing a program used by the control portion and functioning as a buffer memory for received data. Thus, a memory system for a portable telephone capable of storing a large amount of received data at high-speed and allowing reading of the stored data at high-speed is provided.

Abstract: There is provided an information processing apparatus including an encrypted-ID generation section which encrypts a unique ID to generate an encrypted ID, the unique ID being set as an ID unique to the information processing apparatus, a communication section which sends the encrypted ID as ID information to be sent to another apparatus, an individualization code holding section which holds, in advance, an individualization code capable of being generated by decrypting the ID information in the other apparatus, and an access key generation section which generates an access key used for authentication with the other apparatus based on the individualization code held by the individualization code holding section.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for analyzing threat intelligence information. One of the methods includes receiving by a threat information server, threat intelligence information from one or more intelligence feeds and generating one or more identified security threats, identifying a compromise by a management process orchestration server and retrieving information from the threat information server and identifying one or more actions to be performed, determining by an indicator analytics processor, a composite credibility based on the actions, and determining one or more components for profiling and determining indicators of compromise for each component, and communicating the indicators of compromise to the management process orchestration server.

Abstract: Illustrative methods, processes, and software are disclosed herein that remotely prove the identity of individuals fully compliant with identity proofing standards and policies. The embodiments may utilize photo identification and government identities using networked capabilities and capabilities within a process for end-to-end fully remote identity proofing followed by the automated provisioning and issuance of a trusted identity and optional credentials. In alternative manifestations the embodiments use automated government identity lookups including but not limited to digital imagery equipment with artificial intelligence and pattern recognition to detect fraudulent physical identification articles remotely, electronic scans of magnetic stripes and other electronic markers on government-issued identification media including but not limited to drivers licenses, government employee identities, passports, or other government-issued identities combined with real-time lookup in trusted databases.

Abstract: The present disclosure provides a screen shielding method, applied to a display device of an electronic device, wherein the display device has a display region, and the electronic device is arranged to execute a plurality of applications. The screen shielding method includes determining whether a first predetermined input signal has been received when a first application of the plurality of applications has been executed in the foreground, and producing a privacy block in response to the first predetermined input signal for entering a privacy protect mode.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data that may be communicated using multiple communications paths.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data that may be communicated using multiple communications paths.

Abstract: Systems, methods and media are shown for detecting a stack pivot programming exploit that involve extracting return addresses from a call stack from a snapshot of a running program and, for each extracted return address, identifying a stack frame and following frame from stack pointer information, checking whether the stack is consistent with the type of stack generated by the operating system and architecture conventions, and alerting that a stack pivot is likely if an anomaly in stack layout is found. Some examples involve determining whether the stack frame and following frame follow consistently in one of ascending or descending addresses. Some examples involve, given a consistent directional polarity and metadata about the directional polarity of the stack specified by one of the microarchitecture, operating system, software, or other configuration, determining whether the observed directional polarity corresponds to the expected directional polarity.

Abstract: Provided are an encryption processing method and device for an application, and a terminal. In the method, a first application to be encrypted is acquired, wherein the first application to be encrypted is selected by a user of the terminal; the user is prompted to input first information; a first key is generated according to the first information; the first application is encrypted by using the first key and the first key is stored in the first application. The technical solution can encrypt an application.

Abstract: Implementations are provided herein for maintaining a set of cryptographic algorithms in the kernel. User space applications can call on the set of cryptographic logic algorithms in the kernel to perform computations on data payloads residing in kernel space memory without having to copy the data payloads out of kernel space memory into user space memory. The results of the cryptographic logic being applied to data payloads can be packaged together with message framing originating from user space and data payloads in the kernel space as a protocol message that can sent through the network stack to a socket. It can be appreciated that by retaining protocol logic in user space, just the cryptographic algorithms need be added to the kernel.

Abstract: The product unit disclosed herein has identification data that are stored internally in memory. This stored identification data can be viewed as the product unit's “digital nameplate,” in that the data can represent the product unit's identifier, brand, and so on. Each data set is digitally signed while on the production line by using an encryption technique. The digitally signed data set is then written into the product unit's memory where it can be used for verification. A first digitally-signed data set can be used to control the use of one or more software modules that are provided by a software owner. The data that are undergoing signature contain at least one globally-unique identifier, which can be used to identify cloning attempts. Additionally, more than one digital signature can be used, in order to protect and control the use of features other than the software, such as the product brand.

Abstract: Verifiable, secure communications between a sender and a receiver on at least one shared communication channel is provided. A manicoded key encoder produces an argument of knowledge for a secret key to the at least one shared communication channel, and a manicoded message encoder provides an implication argument indicating that knowledge of the secret key enables access to message content of the manicoded message. The argument of knowledge is included in a key manifest for the secret key within a manicoded key, and the implication argument is included in a message manifest of a manicoded message. In this way, the sender may provide message content within the manicoded message, and the receiver may operate a decoder to access the message content. A verifier may use the manicoded key and the manicoded message to verify that the receiver has access to the message content.

Abstract: Methods and Systems for detecting anomalies in a control area of a control system. Estimating for the control area, a first state from a historical state over a first time period using a model of dynamics, and defining a transition of the first state as a function of control inputs, the first state includes a generator state for each generator, the control inputs include a network state for each bus, a mechanical input to each generator or power consumptions at the buses. Updating estimated first state, by connecting measurements of rotor frequency of each generator and measurements of the network states on the buses with the generator state of each generator, to obtain a second state over a second time period later than the first time period, and detecting anomalies based on a statistic deviation of the second state from its corresponding prediction derived from the first state.