Abstract: A method for a data owner to enforce attribute-based and discretionary access control over a cloud-based data store by specifying an access policy, creating a plurality of users with attributes that satisfy the access policy, and revoking one or more of the plurality of users by embedding their respective identities as revoked into a ciphertext, whereby only those of the plurality of users whose attributes satisfy the access policy and that are not revoked can decrypt the ciphertext.

Abstract: Various embodiments of a framework for user authentication based on finger motion signal and hand geometry matching are disclosed herein.

Abstract: Various embodiments for a three-dimensional in-the-air finger motion based user login framework for gesture interface are disclosed.

Abstract: Embodiments are disclosed that relate generally to software defined networking (SDN), and more particularly, but not by way of limitation, to devices, systems, and methods for a security policy analysis framework for distributed SDN-based cloud computing environments. The ease of programmability in SDN makes it a great platform implementation of various initiatives that involve application deployment, dynamic topology changes, and decentralized network management in a multi-tenant data center environment. However, implementing security solutions in such an environment is fraught with policy conflicts and consistency issues with the hardness of this problem being affected by the distribution scheme for the SDN controllers.

Abstract: A method for a data owner to enforce attribute-based and discretionary access control over a cloud-based data store by specifying an access policy, creating a plurality of users with attributes that satisfy the access policy, and revoking one or more of the plurality of users by embedding their respective identities as revoked into a ciphertext, whereby only those of the plurality of users whose attributes satisfy the access policy and that are not revoked can decrypt the ciphertext.

Abstract: Various embodiments of a framework for user authentication based on finger motion signal and hand geometry matching are disclosed herein.

Abstract: Various embodiments for a three-dimensional in-the-air finger motion based user login framework for gesture interface are disclosed.

Abstract: Systems and apparatuses for a secure mobile cloud framework (referred to as MobiCloud) for mobile computing and communication are disclosed. Embodiments of MobiCloud transfer each mobile node from a traditional strictly layer-structured communication node into a service node (SN). Each SN may be used as a service provider or a service broker according its capability. Each SN may be incorporated as a virtualized component of the MobiCloud. In some embodiments, MobiCloud mirrors an SN to one or multiple virtual images in the Cloud for addressing communication and computation deficiencies of mobile devices. Virtual images can create a visualized MANET routing and communication layer that can maximally assist the mobile nodes to enable pervasive computing services for each mobile device owner. A secure data processing framework is disclosed for the MobiCloud.

Abstract: A new efficient framework based on a Constant-size Ciphertext Policy Comparative Attribute-Based Encryption (CCP-CABE) approach. CCP-CABE assists lightweight mobile devices and storing privacy-sensitive sensitive data into cloudbased storage by offloading major cryptography-computation overhead into the cloud without exposing data content to the cloud. CCP-CABE extends existing attribute-based data access control solutions by incorporating comparable attributes to incorporate more flexible security access control policies. CCP-CABE generates constant-size ciphertext regardless of the number of involved attributes, which is suitable for mobile devices considering their limited communication and storage capacities.

Abstract: Embodiments are disclosed that relate generally to software defined networking (SDN), and more particularly, but not by way of limitation, to devices, systems, and methods for a security policy analysis framework for distributed SDN-based cloud computing environments. The ease of programmability in SDN makes it a great platform implementation of various initiatives that involve application deployment, dynamic topology changes, and decentralized network management in a multi-tenant data center environment. However, implementing security solutions in such an environment is fraught with policy conflicts and consistency issues with the hardness of this problem being affected by the distribution scheme for the SDN controllers.

Abstract: A new efficient framework based on a Constant-size Ciphertext Policy Comparative Attribute-Based Encryption (CCP-CABE) approach. CCP-CABE assists lightweight mobile devices and storing privacy-sensitive sensitive data into cloudbased storage by offloading major cryptography-computation overhead into the cloud without exposing data content to the cloud. CCP-CABE extends existing attribute-based data access control solutions by incorporating comparable attributes to incorporate more flexible security access control policies. CCP-CABE generates constant-size ciphertext regardless of the number of involved attributes, which is suitable for mobile devices considering their limited communication and storage capacities.

Abstract: A new efficient framework based on a Constant-size Ciphertext Policy Comparative Attribute-Based Encryption (CCP-CABE) approach. CCP-CABE assists lightweight mobile devices and storing privacy-sensitive sensitive data into cloudbased storage by offloading major cryptography-computation overhead into the cloud without exposing data content to the cloud. CCP-CABE extends existing attribute-based data access control solutions by incorporating comparable attributes to incorporate more flexible security access control policies. CCP-CABE generates constant-size ciphertext regardless of the number of involved attributes, which is suitable for mobile devices considering their limited communication and storage capacities.

Abstract: A new construction of CP-ABE, named Privacy Preserving Constant CP-ABE (PPC-CP-ABE) that significantly reduces the ciphertext to a constant size with any given number of attributes is disclosed. PPCCP-ABE leverages a hidden policy construction such that the recipients' privacy is preserved efficiently. A Privacy Preserving Attribute Based Broadcast Encryption (PP-AB-BE) scheme is disclosed. PP-AB-BE is flexible because a broadcasted message can be encrypted by an expressive hidden access policy, either with or without explicit specifying the receivers. PP-AB-BE significantly reduces the storage and communication overhead. Also, PP-AB-BE attains minimal bound on storage overhead for each user to cover all possible subgroups in the communication system.

Abstract: Systems and apparatuses for a secure mobile cloud framework (referred to as MobiCloud) for mobile computing and communication are disclosed. Embodiments of MobiCloud transfer each mobile node from a traditional strictly layer-structured communication node into a service node (SN). Each SN may be used as a service provider or a service broker according its capability. Each SN may be incorporated as a virtualized component of the MobiCloud. In some embodiments, MobiCloud mirrors an SN to one or multiple virtual images in the Cloud for addressing communication and computation deficiencies of mobile devices. Virtual images can create a visualized MANET routing and communication layer that can maximally assist the mobile nodes to enable pervasive computing services for each mobile device owner. A secure data processing framework is disclosed for the MobiCloud.

Abstract: Systems and apparatuses for a secure mobile cloud framework (referred to as MobiCloud) for mobile computing and communication are disclosed. Embodiments of MobiCloud transfer each mobile node from a traditional strictly layer-structured communication node into a service node (SN). Each SN may be used as a service provider or a service broker according its capability. Each SN may be incorporated as a virtualized component of the MobiCloud. In some embodiments, MobiCloud mirrors an SN to one or multiple virtual images in the Cloud for addressing communication and computation deficiencies of mobile devices. Virtual images can create a visualized MANET routing and communication layer that can maximally assist the mobile nodes to enable pervasive computing services for each mobile device owner. A secure data processing framework is disclosed for the MobiCloud.

Abstract: Examples disclose a method, executable by a processor, to assign a metric of vulnerability to a virtual machine. Based on the metric of vulnerability, the method places the virtual machine into a detection phase. Additionally, the examples disclose the method is to receive an alert corresponding to the virtual machine and based this received alert, the method implements a countermeasure.

Abstract: Examples disclose a method, executable by a processor, to assign a metric of vulnerability to a virtual machine. Based on the metric of vulnerability, the method places the virtual machine into a detection phase. Additionally, the examples disclose the method is to receive an alert corresponding to the virtual machine and based this received alert, the method implements a countermeasure.

Abstract: A new efficient framework based on a Constant-size Ciphertext Policy Comparative Attribute-Based Encryption (CCP-CABE) approach. CCP-CABE assists lightweight mobile devices and storing privacy-sensitive sensitive data into cloudbased storage by offloading major cryptography-computation overhead into the cloud without exposing data content to the cloud. CCP-CABE extends existing attribute-based data access control solutions by incorporating comparable attributes to incorporate more flexible security access control policies. CCP-CABE generates constant-size ciphertext regardless of the number of involved attributes, which is suitable for mobile devices considering their limited communication and storage capacities.

Abstract: Apparatuses, systems, and methods for optimal group key (OGK) management that may achieve non-colluding and/or the storage-communication optimality are disclosed. In some embodiments, a group controller (GC) is responsible for key generation and distribution and the group data are encrypted by a group key. When joining the group, in some embodiments, each group member (GM) is assigned a unique n-bit ID and a set of secrets, in which each bit is one-to-one mapped to a unique secret. Whenever GMs are revoked from the group, in some embodiments, the GC will multicast an encrypted key-update message. Only the remaining GMs may be able to recover the message and update GK as well as their private keys. The disclosed OGK scheme can achieve storage-communication optimality with constant message size and immune to collusion attack and also may outperform existing group key management schemes in terms of communication and storage efficiency.

Abstract: Apparatuses, systems, and methods for optimal group key (OGK) management that may achieve non-colluding and/or the storage-communication optimality are disclosed. In some embodiments, a group controller (GC) is responsible for key generation and distribution and the group data are encrypted by a group key. When joining the group, in some embodiments, each group member (GM) is assigned a unique n-bit ID and a set of secrets, in which each bit is one-to-one mapped to a unique secret. Whenever GMs are revoked from the group, in some embodiments, the GC will multicast an encrypted key-update message. Only the remaining GMs may be able to recover the message and update GK as well as their private keys. The disclosed OGK scheme can achieve storage-communication optimality with constant message size and immune to collusion attack and also may outperform existing group key management schemes in terms of communication and storage efficiency.