Abstract: A system and method include a shield application executing on a processor. The shield application can convert a business application to provide data isolation between the business application and personal applications, and data sharing between the business application and other business applications, e.g., in the bring-your-own-device and enterprise mobility management scenarios.

Abstract: In accordance with embodiments of the present disclosure, a method may include: (i) retrieving a profile from a management controller of an information handling system, the management controller configured to provide management of the information handling system via management traffic communicated between the management controller and a dedicated management network external to the information handling system, and the profile including data regarding a configuration of the management controller; (ii) comparing the profile to one or more golden profiles to determine whether security of the management controller has been compromised; (iii) responsive to the profile matching a golden profile of the one or more golden profiles, permitting the management controller to continue execution; and (iv) responsive to the profile failing to match a golden profile of the one or more golden profiles, taking remedial action with respect to the management controller.

Abstract: Some embodiments of the present invention include a method for detecting and preventing phishing and include generating an authentication cookie based on encrypting an authentication token and a time when the authentication token is generated, the authentication cookie to be installed in a user computing system. The method further includes receiving a login request from the user computing system, the login request including login information, the authentication cookie, and a first detection token, decrypting the authentication cookie in the login request to generate a second detection token, and comparing the first detection token with the second detection token to determine whether the login information is compromised.

Abstract: An embodiment of the invention provides a method for secure biometrics matching with split phase client-server matching protocol, wherein a first biometric input is received in an electronic device. The first biometric input is stored in the electronic device as a biometric profile; and, the biometric profile is sent to a server. An additional biometric input is received from a user in the electronic device; and, the additional biometric input is compared to the biometric profile stored in the electronic device to generate a local matching score. The additional biometric input is sent to the server. The local matching score and a remote matching score generated by the at least one server are compared; and, it is determined whether to authenticate the user based on the comparison of the local matching score and the remote matching score.

Abstract: An operation information specification unit 82, with use of terminal-specific countermeasure information indicating an applicable countermeasure for each terminal against a security risk and definition information defining a correspondence relationship between a type of operation information of the terminal and a countermeasure against the security risk, specifies a type of operation information corresponding to the countermeasure applicable to the terminal. An operation information acquisition unit 83 acquires operation information of the type specified by the operation information specification unit 82, from among operation information of the terminal.

Abstract: A technique for authenticating network users is disclosed. In one particular exemplary embodiment, the technique may be realized as a method for authenticating network users. The method may comprise receiving, from a client device, a request for connection to a network. The method may also comprise evaluating a security context associated with the requested connection. The method may further comprise assigning the client device one or more access privileges based at least in part on the evaluation of the security context.

Abstract: Disclosed herein are system, method, and computer program product embodiments for a secured cloud storage system. An embodiment operates by receiving a compressed file comprising data that has been compressed using a compression algorithm. The compressed data is divided into a plurality of separate files. A password for each of the separate files is determined. Each of the separate files is encrypted with its corresponding password. The encrypted files are stored across a plurality of servers.

Abstract: A server and method for supporting device registration by the server are provided. The present disclosure relates to a sensor network, Machine Type Communication (MTC), Machine-to-Machine (M2M) communication, and technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the above technologies, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services.

Abstract: A data communication device includes a first communicator that receives encrypted data; a second communicator that transmits the encrypted data; an identification information acquisition unit that, when the first communicator has received information for encryption that is used for establishing encrypted communications including encrypted part and plaintext part where the plaintext part includes identification information of a transmission source of the encrypted data, acquires the identification information from the information for encryption; and a configurator that sets data transmission of the second communicator, based on the identification information.

Abstract: A method and system are provided for enabling collaborative access to a data object. The method comprises establishing an access control policy, the access control policy defining at least one collaborative condition under which access to the data object is permissible, monitoring a plurality of users for compliance with the collaborative condition and providing access to the data object after a predetermined number of the users meet the at least one collaborative condition.

Abstract: A method for securing communications for a given network topology is provided. The method comprises generating by a node N(i) of the network, security parameters for the node N(i); transmitting by the node N(i), said security parameters to a controller for the network; maintaining by the controller said security parameters for the node N(i); receiving by the controller a request from a node N(j) for the security parameters for the node N(i); retrieving by the controller the security parameters for the node N(i); and transmitting by the controller said security parameters to the node N(j).

Abstract: The present disclosure discloses a system and method for providing multi-factor authorization for IEEE 802.1x-enabled networks. Specifically, a network device authenticates a client device to obtain access to network resources in a network via a network authentication protocol. The network device then detects a device quarantine trigger indicating an increased level of suspicion that a current user of the client device is a non-authenticated user. In response to the device quarantine trigger, the network device temporarily places the client device from an authenticated state to a quarantined state pending completion of a particular workflow by the current user. The client device has limited access to the network resources while in the quarantined state regardless of a previous successful user and/or device authentication.

Abstract: Aspects of the invention include processing queries in a database system having a first database engine and a second database engine. A first instance of a first table is stored in the first database engine in plaintext. At one predefined column of the first table is encrypted, resulting in a set of encrypted columns, using a cascade encryption scheme that includes a set of ordered encryption methods. A subset of the set of columns is stored in a second instance of the first table in the second database engine. An encryption method of the cascade encryption scheme that allows a query operation of a received query on data encrypted with the identified encryption method is identified. The identified encryption method is used to rewrite the query, and the rewritten query is executed using the second instance of the first table.

Abstract: Aspects of the invention include processing queries in a database system having a first database engine and a second database engine. A first instance of a first table is stored in the first database engine in plaintext. At one predefined column of the first table is encrypted, resulting in a set of encrypted columns, using a cascade encryption scheme that includes a set of ordered encryption methods. A subset of the set of columns is stored in a second instance of the first table in the second database engine. An encryption method of the cascade encryption scheme that allows a query operation of a received query on data encrypted with the identified encryption method is identified. The identified encryption method is used to rewrite the query, and the rewritten query is executed using the second instance of the first table.

Abstract: A technology is described for evaluating object data associated with an object represented in an augmented environment. An example method may include detecting an object located within range of a proximity of a sensor included in a device configured to display object data for the object in an augmented environment display. The object data associated with the object may be requested and the object data may be authenticated using an authenticating authority that certifies that the object data is valid and/or by determining that an object attribute represented by the object data corresponds to the object attribute represented by sensor data obtained from the sensor. After the object data has been authenticated, the object data, or a portion of the object data may be displayed in the augmented environment display generated by the device.

Abstract: A method and apparatus for transmitting data. Data to be transmitted is an aggregated frame including a first subframe and a second subframe each including information used to verify integrity of each subframe, and an apparatus receiving the data verifies integrity of a subframe based on the information used to verify the integrity.

Abstract: Described herein are various technologies pertaining to randomizing logic associated with dangling nodes in a digital circuit design. A dangling node is an input to or output from a logic gate in the digital circuit design that is identified as not impacting a desired output of the digital circuit design. Randomizing the logic associated with a dangling node can include deleting a logic gate, adding a logic gate, replacing a logic gate with another logic gate, etc. Randomizing the logic associated with the dangling node prevents hardware trojans that may have been inserted into the circuit design from being implemented in a circuit that is generated based upon the design.

Abstract: An example of a system and method implementing a live migration of a guest on a virtual machine of a host server to a target server is provided. For example, a host server may utilize a flow key to encrypt and decrypt communications with a target server. This flow key may be encrypted using a receive master key, which may result in a receive token. The receive token may be sent to the Network Interface Controller of the host server, which will then encrypt the data packet and forward the information to the target server. Multiple sender schemes may be employed on the host server, and various updates may take place on the target server as a result of the new location of the migrating guest from the host server to the target server.

Abstract: A technique is provided for establishing a secure access connection with electronic devices. The technique includes receiving a request for establishing the secure access connection, from an electronic device, via an access point associated with the electronic device. The technique further includes dynamically determining at least a local reputation score associated the access point, based on at least a plurality of parameters and pre-defined weights assigned to each of the plurality of parameters. The technique further includes establishing the secure access connection between the host device and the electronic device, via the access point, based on a comparison of an updated global reputation score with a pre-defined threshold. The global reputation score is updated based on the dynamically determined local reputation score.

Abstract: When a computer system is compromised by a malicious user, detecting or preventing the malicious user can improve the security and efficiency of the computer system, as well as prevent data from being deleted or corrupted and/or stolen. An attacker who compromises a computer system is likely to take certain actions to exert control over the computer or avoid detection. When a compromised system is behind a network firewall, the attacker may seek to open a remote reverse shell on the compromised system to more easily issue commands, as the firewall may block direct attempts from outside the network to contact the compromised system. Detecting a reverse shell can be difficult, slow, and unreliable, however. The present disclosure discusses methods for detecting reverse shells based on analyzing redirection of data streams such as STDIN, STDOUT, and STDERR.