Abstract: A method for managing a secure element embedded in an equipment comprising an NFC controller. The secure element comprises a security indicator. The method comprises the steps of: on receipt of a triggering command sent by the NFC controller, the secure element switches in a test context; on receipt of a restore command sent by an application, the secure element sets the security indicator, such as a counter of unusual events, to a predefined value only if the secure element is in test context; and on receipt of an ending command sent by the NFC controller, the secure element switches in a Live context. The secure element keeps a track of the switch in the test context and denies any further triggering commands. The method enables reset of security indicator after manufacturing and test where the security indicator may have been affected.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing data element stored in a blockchain network. One of the methods includes receiving a request from a client computing device to store a data element into the blockchain network by a blockchain data element processing server. The blockchain data element processing server determines whether the client computing device is authorized to store the data element into the blockchain network and whether the data element is a sensitive data element. If the client computing device is authorized to store the data element into the blockchain network and the data element is not a sensitive data element, the blockchain data element processing server stores the data element that is encrypted using an encryption algorithm into the blockchain network.

Abstract: Systems and methods for controlling access to one or more computing resources relate to generating session credentials that can be used to access the one or more computing resources. Access to the computing resources may be governed by a set of policies and requests for access made using the session credentials may be fulfilled depending on whether they are allowed by the set of policies. The session credentials themselves may include metadata that may be used in determining whether to fulfill requests to access the one or more computing resources. The metadata may include permissions for a user of the session credential, claims related to one or more users, and other information.

Abstract: A technology is described for a virtual secure region. An example method may include receiving a request for data stored in a secure computing service environment executing on computing resources used to provide a public computing service environment, where the secure computing service environment may be separated from the public computing environment using encryption. In response to the request, a secure region account that corresponds to a public region account may be identified using a translation table that maps the secure region account to the public region account. A storage location for the data may be identified within the secure computing service environment specified by the secure region account, and the data may be obtained from the storage location within the secure computing service environment. The data may then be transferred to the public computing service environment.

Abstract: The technology disclosed simulates and analyzes spread of malware through an organization as a result of sharing files using cloud-based services. This analysis is based on actual user and file sharing characteristics collected on a user-by-user and file-by-file basis. The technology disclosed traces connections among the users by traversing a directed graph constructed from the user-by-user data and the file-by-file data. It then simulates the spread of malware, from an entry point user zero through the organization, via the cloud-based services, using the directed graph to simulate user exposure to, infection by, and transmission of the malware within the organization. It then produces a visualization of the spread from the entry point user zero, to users within a user partition to which the user zero belongs, at varying transmission distances from the user zero.

Abstract: One or more techniques and/or systems are provided for audio verification. An audio signal, comprising a code for user verification, may be identified. A second audio signal is created comprising speech. The audio signal and the second audio signal may be altered to comprise a same or similar volume, pitch, amplitude, and/or speech rate. The audio signal and the second audio signal may be combined to generate a verification audio signal. The verification audio signal may be presented to a user for the user verification. Verification may be performed to determine whether the user has access to content or a service based upon user input, obtained in response to the user verification audio signal, matching the code within the user verification audio signal. In an example, the user verification may comprise verifying that the user is human.

Abstract: In certain embodiments, a web services system receives a request to provision a device, such as a telephone, as an authentication device. The web services system initiates display of an image communicating a key to allow the telephone to capture the image and to send key information associated with the key. The web services system receives the key and determines that the key information is valid. In response to the determination, the web services system sends a seed to the telephone to provision the telephone to be an authentication device. The telephone can use the seed to generate one-time passcodes to access a service of the web services system.

Abstract: A set of resource requests that each includes authorization-supporting data for receiving a requested resource can be received. For each request, augmenting data associated with part of the data is retrieved, and it is determined whether access is authorized based on the augmenting data and the authorization-supporting data. A machine-learning model is trained using representations of the set of resource requests and the authorization determinations. Additional requests are processed by the trained model to generate corresponding authorization outputs. One or more identifiers to flag for inhibition of resource access are determined based on the authorization outputs. Upon detecting that a new resource request to access a particular resource includes an identifier of the one or more identifiers, a new authorization output is generated to inhibit access to the particular resource.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing data element stored in a blockchain network. One of the methods includes receiving a request from a client computing device to store a data element into the blockchain network by a blockchain data element processing server. The blockchain data element processing server determines whether the client computing device is authorized to store the data element into the blockchain network and whether the data element is a sensitive data element. If the client computing device is authorized to store the data element into the blockchain network and the data element is not a sensitive data element, the blockchain data element processing server stores the data element that is encrypted using an encryption algorithm into the blockchain network.

Abstract: A method, system, and apparatus are provided for preventing glitch attacks by using a glitch processing hardware unit (1) to deactivate a glitch filter connected between the monitored line and a reset processing unit in response to detecting a voltage glitch on a monitored line during a specified security system sequence and (2) to automatically drive a requested reaction in response to the voltage glitch by driving one of a plurality of configurable reactions comprising a device reset reaction and a process restart request, thereby preventing the voltage glitch from maliciously influencing the specified security system sequence.

Abstract: An Internet of Things (IoT)-based thing management system using block chain authentication, where unit nodes connect to each other through a network, things connect to each other in each of the unit nodes, and control instructions for causing the things to operate are mutually authenticated by the unit nodes. Each of the things performing individual functions separately, and a core which includes n block chain having n blocks recording operation histories of the things thereon. The core generating public and private keys based on the n block chain and providing the keys to each of the things, wherein one of the things includes a controller which has a list of public keys provided by the core. The controller sends a control instruction so as to control operations of the thing. The thing sends the controller a response signal and performs an operation according to the control instruction.

Abstract: A system and method for disrupting an information security threat that constitutes an attack on a computer asset in a computer network is provided. The provided system and method disrupts this information security threat after the attack on the computer asset has been detected by at least one of the monitoring devices on the affected computer network. An intermediate upstream gateway of the affected computer network is then utilized to disrupt this information security threat. As the detected attack is being disrupted, a mitigation action will be automatically initiated if a mitigation action associated with the attack is stored in the system's database; else information about the attack will be sent to a central command centre for further assessment. At the central command centre, a mitigating action will be further developed and executed to address the intention of the attack.

Abstract: A method, apparatus, and system for provisioning a device onto a network using a non-secure communication channel between the device and a provisioner is described. The provisioner receives a timestamp-based on-time password (TOTP), and a universal resource identifier (URI) from the device and provides the TOTP and an out-of-band (OOB) UUID to a remote server over a secure communication channel identified by the URI. The device is then provisioned onto a network based on comparisons of the UUID and the TOTP.

Abstract: Mobile device security techniques are described. For a specific computing device, for each of a plurality of distinct security categories, a risk score is determined. The determined risk scores are aggregated to obtain an overall risk score.

Abstract: A method of securely authorizing limited access by a software application to private user data may include operating a software application that can utilize user data, sending a request to a first server to authorize release of the user data, receiving an authorization from the first server to release the user data, and sending a request to retrieve the user data to a plurality of second servers. The method may also include receiving a portion of the user data from each of the plurality of second servers, assembling the user data from at least two of the portions of the user data, and providing the user data to the software application.

Abstract: A method, computer program product, and system where a processor(s) in a distributed computing environment intercepts a communication (of sequential elements) between a first computing node and a second computing node. The processor(s) determines if the communication is undesired by evaluating data related to or comprising each element individually.

Abstract: A server sends a key update request for requesting updating of the key, to a client terminal. The client terminal sends, to a key delivery server, a key delivery request for requesting the delivery of a key to the client terminal. The key delivery server delivers a key to the client terminal. The client terminal sends, to the server, a key reception notice indicating that the delivered key was received. The server sends, to the client terminal, a key-use start notice indicating that the client terminal starts data transmission and reception by using the delivered key with a different client terminal from the aforementioned client terminal. The client terminal performs data transmission and reception with the different client terminal by using the delivered key.

Abstract: There is provided a system and a computer-implemented method of detecting malware in real time in a live environment. The method comprises: monitoring one or more operations of at least one program concurrently running in the live environment, building at least one stateful model in accordance with the one or more operations, analyzing the at least one stateful model to identify one or more behaviors, and determining the presence of malware based on the identified one or more behaviors.

Abstract: A set of servers can support secure and efficient “Machine to Machine” communications using an application interface and a module controller. The set of servers can record data for a plurality of modules in a shared module database. The set of servers can (i) access the Internet to communicate with a module using a module identity, (i) receive server instructions, and (iii) send module instructions. Data can be encrypted and decrypted using a set of cryptographic algorithms and a set of cryptographic parameters. The set of servers can (i) receive a module public key with a module identity, (ii) authenticate the module public key, and (iii) receive a subsequent series of module public keys derived by the module with a module identity. The application interface can use a first server private key and the module controller can use a second server private key.

Abstract: A signature capture device is used to display a targeted message for a customer picking up an ordered item. The targeted message is selected based on an identifier for the ordered item. Personal information used for the display message is managed to maintain security and privacy of the information. In one embodiment, the ordered item is a prescription and the signature capture device is part of a pharmacy management system.