Abstract: Embodiments include methods and systems for detecting security risks in network pages, comprising providing at least one secure transaction page to a secure transaction provider, the secure transaction page enabling the secure transaction provider to request secure transactions, determining a request rate for the secure transaction page associated with the secure transaction provider, determining a predetermined threshold for a change in request rate for the secure transaction page by the secure transaction provider, determining that the predetermined threshold, for the change in request rate for the secure transaction page by the secure transaction provider, has been exceeded, and providing a notification to the secure transaction provider based on the determination that the predetermined threshold, for the change in request rate for the secure transaction page by the secure transaction provider, has been exceeded.

Abstract: A method for managing engagement and presentation content of an electronic document involves providing container metadata identifying engagement containers within the electronic document, providing engagement data linked to the engagement containers, the engagement data comprising parameters of an engagement based on the segments of content in the linked engagement containers, executing a procedure to traverse engagement containers identified in the container metadata. The procedure includes accepting, based on user input, data responsive to the engagement, and assigning a score for the current engagement container based on the received data and the parameters defined in the engagement metadata.

Abstract: Methods, systems and computer programs are presented for classifying malware using audio signal processing. One method includes an operation for converting a non-audio data file to an audio signal. Audio features are extracted from the audio signal and are used to classify the non-audio data file.

Abstract: A system for committing event data includes an interface and a processor. The interface is configured to receive input data and receive a client key. The processor is configured to generate an Nth sequence number; determine an Nth event hash using the input data, an N?1 signature, and the Nth sequence number; encrypt the Nth event hash with the client key to generate an Nth signature; generate an Nth event from the input data, the N?1 signature, the Nth sequence number, and the Nth signature; and, in response to an aggregate N?1 of one or more prior events being valid, apply Nth event onto the aggregate N?1.

Abstract: The static data masking system may perform one or more operations including unbinding tables in a database, evaluating masking operations on the tables to determine that at least one masking operation on a particular column of a candidate table is a complex masking operation that cannot be completed using a query, adding a temporary key column with unique values to the candidate table, generating a temporary table including the temporary key column and an empty masked column, generating masked values for the particular column at a client, and populating the masked values for the particular column in the empty masked column of the temporary table.

Abstract: Generating, by a computing device, a device secret, the generating comprising: providing, by at least one physical unclonable function (PUF), at least one value; and generating, using a key derivative function (KDF), the device secret, wherein the at least one value provided by the at least one PUF is an input to the KDF; and storing, in memory of the computing device, the generated device secret.

Abstract: Techniques include securely maintaining data associated with a plurality of authentication credentials; generating, as a function of the data associated with a selected group of the plurality of authentication credentials, a secret data element; making available, the secret data element, to be embedded in a first authentication credential; identifying an attempt to change the first authentication credential, the attempt including new authentication credential data to replace data in the first authentication credential; validating, conditional on whether the new authentication credential data includes the secret data element, the new authentication credential data; and determining, based on the validating, whether to perform a control action based on the new authentication credential data.

Abstract: Aspects of the present invention disclose a method, computer program product, and system for detecting and mitigating adversarial virtual interactions. The method includes one or more processors initiating a mitigation protocol on interactions between the user and the virtual agent, wherein the mitigation protocol is based on the actions performed by the user while interacting with the virtual agent. The method further includes one or more processors, in response to initiating the mitigation protocol on interactions between the user and the virtual agent, generating a lower fidelity response from the virtual agent to the user, wherein the lower fidelity response is a progressive dilution of the precision of language of an original response from the virtual agent to the user prior to the user exceeding the risk level threshold.

Abstract: Certain embodiments described herein are generally directed to performing receive side scaling at a virtual network interface card for encapsulated encrypted data packets based on an security parameter index value of the encapsulated encrypted data packets.

Abstract: The present disclosure provides an information handling system (IHS) and related methods that provide secure shared memory access (SMA) to shared memory locations within a Peripheral Component Interconnect (PCI) device of an IHS. The IHS and methods disclosed herein provide secure SMA to one or more operating system (OS) applications that are granted access to the shared memory. According to one embodiment, the disclosed method provides secure SMA to one or more OS applications by receiving a secure runtime request from at least one OS application to access shared memory locations within a PCI device, authenticating the secure runtime request received from the OS application, creating a secure session for communicating with the OS application, and providing the OS application secure runtime access to the shared memory locations within the PCI device.

Abstract: A method for storing data on a storage entity (SE) includes the steps of: (a) dividing a file to be stored into a plurality of chunks by a client; (b) computing a secret key for each of the chunks of the file; (c) computing for each of the chunks a chunk identifier by the client; (d) checking, by the SE, whether one or more of the chunks have already been stored based on the computed chunk identifiers; and (e) it a case where it is determined that one or more of the chunks have not already been stored, performing the following: encoding the corresponding chunks; computing chunk tags for the chunks using the computed secret key; and storing the encoded chunks and the chunk tags.

Abstract: Disclosed is an electronic device for performing code-based encryption supporting integrity verification of a message and an operating method thereof. When a data transmission side encrypts a message through code-based encryption and transmits the encrypted message to a data reception apparatus, the data transmission side is allowed to use a hash value generated based on a part of the message as an error in code-based encryption to support the data reception apparatus to verify an integrity of a received message by using the hash value.

Abstract: According to one embodiment, the system maintains and enforces assertions about a user's intent and identity at a point of access (e.g., a computer system being used to access a service, system, cloud, etc.). In one example, the system includes lightweight browser components and mobile and/or desktop agents that communicate in the background with a cloud-based authentication service. The system integrates seamlessly with enterprise applications, cloud services, multi-factor authentication solutions and existing identity management solutions. In one example, the system includes protocols, application programming interfaces, etc. that facilitate integration with standards such as Fast Identity Online (“FIDO”) Universal Authentication and OpenID Connect. In one example, the system includes protocols, application programming interfaces, etc.

Abstract: In the context of network activity by an endpoint in an enterprise network, malware detection is improved by using a combination of reputation information for a network address that is accessed by the endpoint with reputation information for an application on the endpoint that is accessing the network address. This information, when combined with a network usage history for the application, provides improved differentiation between malicious network activity and legitimate, user-initiated network activity.

Abstract: Principal components analysis is applied to data sets to fingerprint the dataset or to compare the dataset to a “wild file” that may have been constructed from data found in the dataset. Principal components analysis allows for the reduction of data used for comparison down to a parsimonious compressed signature of a dataset. Datasets with different patterns among the variables will have different patterns of principal components. The principal components of variables (or a relevant subset thereof) in a wild file may be computed and statistically compared to the principal components of identical variables in a data provider's reference file to provide a score. This constitutes a unique and compressed signature of a file that can be used for identification and comparison with similarly defined patterns from other files.

Abstract: A method includes: initiating a data channel over a networked gaming service, including generating a channel key, the channel key being used to encrypt content communicated over the data channel, and generating a first encrypted channel key by encrypting the channel key with a public key associated to an owner of the data channel; adding a participant to the data channel, including generating a second encrypted channel key by encrypting the channel key with a public key associated to the participant; wherein a message sent via the data channel includes encrypted content generated by using the channel key to encrypt content for the message, and further includes the first encrypted channel key and the second encrypted channel key.

Abstract: Methods for hardening security between web services using protected forwarded access tokens are implemented via systems and devices. User applications receive user tokens with user information from an identity provider and provide the user tokens to first services with data requests. Each first service extracts and transforms a portion of a user token to validate a user token signature, and determines a target service for the data request. The first services acquire actor tokens from the identity provider that uniquely identify the first services using public keys, and then generate authentication tokens, signed with corresponding private keys, that encapsulate the actor tokens and the transformed user tokens. The signed authentication tokens are provided to target services which validate the authentication tokens as well as the encapsulated tokens and their respective signatures. Upon validation, requested data is retrieved and provided back for the user applications from the target services.

Abstract: As a technology for preventing the leaking of confidential information more properly, provided is a work recording apparatus including: a recording control unit configured to record a work situation; a position detection unit configured to detect a position; and a usable function restriction unit configured to specify an applicable predetermined state through use of the position detected by the position detection unit and restrict a part or all of functions of the recording control unit based on the specified applicable predetermined state.

Abstract: A method for generating an authentication key for providing a digital signature at a device for authenticating an output from a ring comprising a plurality of peers, the method comprising generating respective security credentials for each peer of a plurality of peers constituting a ring of peers, at least one security credential being generated in dependence on one or more feature of the respective peer device; generating a ring key in respect of the ring in dependence on the respective security credential of each peer constituting the ring; and generating an authentication key in dependence on the ring key, a security credential of a first peer and respective security credentials of at least one of the other peers.

Abstract: A communication network system, in which a transmission node for transmitting a message is connected to a reception node for receiving the message, is configured to periodically transmit a count-value notification message to notify a count value, which is used to generate and check a message authentication code for the message, to the transmission node and the reception node.