Abstract: Described is a technology by which code, such as an untrusted web application hosted in a browser, provides content through an interface for playback by an application environment, such as an application environment running in a browser plug-in. Content may be in the form of elementary video, audio and/or script streams. The content is in a container that is unpackaged by the application code, whereby the content may be packaged in any format that the application understands, and/or or come from any source from which the application can download the container. An application environment component such as a platform-level media element receives information from an application that informs the application environment that the application is to provide media stream data for playback. The application environment requests media stream data (e.g., samples) from the application, receives them as processed by the application, and provides the requested media stream data for playback.

Abstract: Bridging encrypted datasets is provided. A system transmits, to a server, a first identifier vector encrypted with a first encryption that is commutative. The system receives an encrypted first identifier vector encrypted based on the first encryption and encrypted by a second encryption associated with the server. The system receives a second identifier vector encrypted based on the second encryption. The system encrypts the second identifier vector with the first encryption to generate an encrypted second identifier vector that is encrypted based on the second encryption and further encrypted based on the first encryption. The system determines a correlation count between the encrypted first identifier vector and the encrypted second identifier vector. The system generates one identifier key for both the first identifier and the second identifier. The system can provide the one identifier key for input into an application to process interactions.

Abstract: In an example, a security-connected platform is provided on a data exchange layer (DXL), which provides messaging on a publish-subscribe model. The DXL provides a plurality of DXL endpoints connected via DXL brokers. In one case, DXL endpoints designated as producers are authorized to produce certain types of messages, including security-related messages such as object reputations. Other DXL endpoints are designated as consumers of those messages. A domain master may also be provided, and may be configured to provide physical and logical location services via an asset management engine.

Abstract: In an example, a context-aware network is disclosed, including threat intelligence services provided over a data exchange layer (DXL). The data exchange layer may be provided on an enterprise service bus, and may include services for classifying objects as malware or not malware. One or more DXL brokers may provide messaging services including, for example, publish-subscribe messaging and request-response messaging. Advantageously, DXL endpoint devices must make very few assumptions about other DXL endpoint devices.

Abstract: A closed-loop system is operatively connected with a block chain distributed network for using the block chain distributed network for facilitating operation of a transaction record sharing system between member institutions comprising a host system and a source system. Host and source institutions function to share the transaction records from member institutions such that a host institution that is a member of the block chain may obtain the transaction records of all source institutions of the block chain. The transaction records are validated on the block chain such that the transaction records are secure represent a source of truth.

Abstract: The present invention is directed to a method for providing secure dynamic address resolution and communication directly between two nodes, without communication to third party DNS and/or MX server(s). A first a second node are initially paired, which may include the identification of an authentication scheme and creating a DNS record with the current address of the other node, the address of the other node may be dynamically updated. Further secure transmission of messages may be implemented, which include first resolving based on the DNS record a current address of the other node, authentication the destination node, and transmitting a message upon successful authentication. Dynamic message encryption and the provision of a DNS cache may further be implemented.

Abstract: A device may determine that a first wireless local area network (WLAN) connection, established with a first WLAN access point using an extensible authentication protocol, has been dropped. The device may store a pairwise master key identifier, associated with the first WLAN access point, based on determining that the first WLAN connection has been dropped. The device may detect a WLAN signal, associated with the first WLAN access point or a second WLAN access point, after determining that the first WLAN connection has been dropped. The device may provide the pairwise master key identifier to the first WLAN access point or the second WLAN access point based on detecting the WLAN signal. The device may establish a second WLAN connection with the first WLAN access point or the second WLAN access point based on providing the pairwise master key identifier and without re-authenticating using the extensible authentication protocol.

Abstract: A device for providing hierarchical threat intelligence includes a non-transitory machine-readable storage medium storing instructions that cause the device to receive, a plurality of calculated threat scores for a plurality of threat management devices, wherein the threat scores are respectively associated with context information, determine a first threat scores for a first entity based on a first subset of the calculated threat scores, determine a second threat score for a second entity based on a second subset of the calculated threat scores, receive update information of one of the calculated threat scores of the first subset from a listener of the threat management devices, and update the first threat score based on the update information.

Abstract: Techniques for implementing face-controlled liveness verification are provided. In one embodiment, a computing device can present, to a user, a sequential series of targets on a graphical user interface (GUI) of the computing device, where each target is a visual element designed to direct the user's attention to a location in the GUI. The computing device can further determine whether the user has successfully hit each target, where the determining comprises tracking movement of a virtual pointer controlled by the user's gaze or face pose and checking whether the user has moved the virtual pointer over each target. If the user has successfully hit each target, the computing device can conclude that the user is a live subject.

Abstract: Technologies for securely exchanging sensor information include an in-vehicle computing system of a vehicle to establish a trusted execution environment and a secure communication channel between the trusted execution environment and a corresponding trusted execution environment of a coordination server. A private key is bound to the trusted execution environment of the in-vehicle computing system. The in-vehicle computing system confirms the authenticity of the coordination server, receives sensor data generated by a sensor of the vehicle, and generates an attestation quote based on the trusted execution environment of the in-vehicle computing system. The in-vehicle computing system further transmits, to the coordination server over the secure communication channel, the sensor data, the attestation quote, and a cryptographically-signed communication signed with the private key.

Abstract: A system for providing data communication is provided. The system includes at least one computer test tool configured to perform one or more diagnostic tests on a computer network. The system further includes at least one communication device configured to couple to the at least one computer test tool to receive and cache test data from the at least one computer test tool and to wirelessly couple to a communication network. In addition, the system includes a cloud-based server configured to couple to the communication network so as to receive test data transmitted from the at least one communication device wherein the test data is encrypted in the at least one computer test tool and decrypted in the cloud-based server.

Abstract: A method and apparatus for authenticating a user is disclosed that includes measuring biometric information of the user to create biometric measurement information, determining whether a private key included in a user authentication request signal matches a private key issued in advance to the user, comparing pre-set biometric authentication information for the user with the biometric measurement information, calculating a matching ratio when a match is detected, authenticating the user having provided the biometric information as an authorized user based on a result of comparison of the calculated matching ratio with a pre-determined biometric authentication threshold value, and providing an updated private key to the information processing device based on a result of comparison of the calculated matching ratio with a pre-determined updated threshold value.

Abstract: The present disclosure describes systems and methods for detection and mitigation of malicious activity regarding user data by a network backup system. In a first aspect, a backup system receiving and deduplicating backup data from a plurality of computing devices may detect, based on changes in uniqueness or shared rates for files, atypical modifications to common files, and may take steps to mitigate any potential attack by maintaining versions of the common files prior to the modifications or locking backup snapshots. In a second aspect, the backup system may monitor file modification behaviors on a single device, relative to practices of an aggregated plurality of devices. Upon detection of potentially malicious modification activity, a previously backed up or synchronized store of data may be locked and/or duplicated, preventing any of the malicious modifications from being transferred to the backup system.

Abstract: A mobile device sends a network attach request to a network node, and receives an authentication challenge from the network node, where the authentication challenge includes an authentication token, a random number, and a time variable associated with a current time at the network node. A microprocessor smart card of the mobile device retrieves the time variable from the authentication challenge, and starts a clock counter based on the retrieved time variable. The microprocessor smart card uses a current time represented by the clock counter to perform time expiration validation tests on certificates during Public Key Infrastructure (PKI) authentication or on authentication tokens during token-based authentication.

Abstract: A biometric image output control method in a biometric authentication device comprises the step of generating a biometric image by imaging an living body to be authenticated; determining whether an imaging environment; if the imaging environment satisfies a predetermined recognition condition, controlling a change rate of a size of a biometric image, a change rate of a focal point of the biometric image and a change rate of a brightness of the biometric image according to a distance to the living body to be authenticated; and if the imaging environment does not satisfy the predetermined recognition condition, overly controlling at least one of the change rate of the size of the biometric image, the change rate of the focal point of the biometric image and the change rate of the brightness of the biometric image according to the distance.

Abstract: A method and apparatus for visually querying an aircraft. A model is identified for the aircraft. Sections of the aircraft are displayed in a graphical user interface on a display device. The sections correspond to sections as manufactured for assembly of the aircraft. The sections are selectable.

Abstract: A method includes reading by a computing system a rule file including one or more rules having specified paths to methods, each method corresponding to one of a sink, source, or sanitizer. The method includes matching by the computing system the methods to corresponding ones of sinks, sources, or sanitizers determined through a static analysis of an application. The static analysis determines at least flows from sources of information to sinks that use the information. The method includes performing by the computing system, using the sinks, sources, and sanitizers found by the matching, a taint analysis to determine at least tainted flows from sources to sinks, wherein the tainted flows are flows passing information to sinks without the information being endorsed by a sanitizer. Apparatus and program products are also disclosed.

Abstract: In an approach for displaying applications associated with content in a clipboard, a computer receives a selection of content to transfer to a clipboard, wherein the content is selected from a first application on a computing device. The computer identifies one or more applications on one or more computing devices capable of processing the received selection. The computer assigns the identified one or more applications to one or more categories. The computer displays one or more user interface objects representative of the one or more applications with a respective assigned category.

Abstract: A system for mitigating network attacks is provided. The system includes a protected network including a plurality of devices. The system further includes one or more attack mitigation devices communicatively coupled to the protected network. The attack mitigation devices are configured and operable to employ a recurrent neural network (RNN) to obtain probability information related to a request stream. The request stream may include a plurality of at least one of: HTTP, RTSP and/or DNS messages. The attack mitigation devices are further configured to analyze the obtained probability information to detect one or more atypical requests in the request stream. The attack mitigation services are also configured and operable to perform, in response to detecting one or more atypical requests, mitigation actions on the one or more atypical requests in order to block an attack.

Abstract: The embodiments provide for binding files to an external drive, a secured external drive, or portable data locker. The files are bound in order to help restrict or to prevent access and modification by certain computers or users. Computers or users that are authorized or within the authorized domain are permitted full access. The files stored on the external drive may be bound in various ways. The files may be encapsulated in a wrapper that restricts the use and access to these files. The bound files may require execution of a specific application, plug-in, or extension. A computer may thus be required to execute program code that limits the use of the secured files. In one embodiment, the external drive provides the required program code to the computer. In other embodiments, the required program code may be downloaded from a network or provided by an external authority.