Abstract: A schema for a hierarchical data structure may include application specific extensions to the schema applied to a hierarchical data structure. Class may be added to the schema by individual applications granted access to a hierarchical data structure. When an access request for an object of the hierarchical data structure is received, the class may be identified in the schema and applied to process the access request to the object. Different classes may be added by different applications without disrupting the utilization of the schema for accessing the hierarchical data structure of other applications.

Abstract: Secure Programming of Secret data A method is provided. The method comprises providing a device comprising a secure element coupled to a non-volatile memory, the non-volatile memory comprising a first cryptographic key stored therein; the secure element decrypting and authenticating first secret data using the first cryptographic key to form second secret data; and then rendering the true value of the first cryptographic key unreadable.

Abstract: Approaches for providing data protection in a networked computing environment are provided. A method includes detecting, by at least one computer device, a breach of a first system in the networked computing environment. The method also includes generating, by the at least one computer device, a second system in the networked computing environment, wherein the second system includes a patch based on the breach. The method additionally includes converting, by the at least one computer device, the first system to a decoy system. The method further includes generating, by the at least one computer device, a third system in the networked computing environment, wherein the third system has reduced security relative to the first system.

Abstract: A system and method (referred to as the system) detects malware, viruses, and/or malicious activity by generating a direct current source power consumption profile by causing a monitored device to execute a fully automated recurrent software operation. The system receives by an automated detection system, the direct current source power consumption profile generated by an intelligent power sensor and generates by a detection engine, a power security profile that identifies suspicious code by profiling direct current consumed by monitored type devices. The system executes a detection engine remote from the monitored device that identifies an infected device.

Abstract: In general, the disclosure describes examples where a single software-defined network (SDN) controller establishes tunnels and controls communication on these tunnels between a plurality of virtual computing environments (VCEs). The SDN controller establishes the logical tunnel mesh to interconnect the plurality of VCEs in the multi-cloud network via respective connect gateway routers. To establish the logical tunnel mesh, the SDN controller is configured to determine one or more logical tunnels from the logical tunnel mesh to establish one or more communication links between a first VCE and a second VCE of the plurality of VCEs in the multi-cloud network. The SDN controller is configured to advertise the one or more logical tunnels to the first VCE and the second VCE.

Abstract: A method of selecting websites for displaying in a quick-access field in a web browser is provided. The method includes receiving an indication of user's geographical data and selecting websites from two sub-sets of websites. The first subset of websites is based on popularity amongst other users associated with the user's geographical data. The second subset of websites is based on user's browsing history. Each of the web sites gets ranked based on: a first rank based on a popularity of the given website among some of users associated with the geographical data and a second rank for the given website based on the browser history data associated with the user. The method further includes generating a combined rank based on the first and second rank for each website from the first and second set of websites and using the combined rank for selecting web sites for display.

Abstract: A system featuring a cloud-based malware detection system for analyzing an object to determine whether the object is associated with a cyber-attack. Herein, subscription review service comprises a data store storing subscription information. The subscription information includes identifier for the customer and one or more identifiers each associated with a corresponding customer submitter operable to submit an object to the cloud-based malware detection system for analysis. The first customer submitter receives credentials provided by the subscription review service to establish communications with the cloud-based malware detection system.

Abstract: Approaches for managing security breaches in a networked computing environment are provided. A method includes detecting, by at least one computer device, a breach of a production system in the networked computing environment, wherein the networked computing environment includes a decoy system interweaved with the production system. The method also includes receiving, by the at least one computer device, a communication after the detecting the breach. The method further includes determining, by the at least one computer device, the communication is associated with one of a valid user and a malicious user. The method additionally includes, based on the determining, routing the valid user to an element of the production system when the communication is associated with the valid user and routing the malicious user to a corresponding element of the decoy system when the communication is associated with the malicious user.

Abstract: A method, system, mobile device, apparatus and computer program product are provided for accurately determining whether one or more rights objects associated with a mobile device are valid. In particular, a secure time source (e.g., DRM clock or time) may be maintained by the mobile device and used to check the validity of the one or more rights objects. In order to ensure that the secure time source or clock remains accurate, the mobile device may update the secure time source by regularly requesting and receiving the DVB-H network time from a DVB-H network entity. Because the DVB-H network time is secure, accurate and readily accessible, it provides an ideal tool for correcting possible drift in the mobile device's secure time source.

Abstract: A circuit arrangement includes an encryption circuit and a decryption circuit. A cryptographic shell circuit has a transmit channel and a receive channel in parallel with the transmit channel. The transmit channel includes an encryption interface circuit coupled to the encryption circuit. The encryption interface circuit determines first cryptographic parameters based on data in a plaintext input packet and inputs the first cryptographic parameters and plaintext input packet to the encryption circuit. The receive channel includes a decryption interface circuit coupled to the decryption circuit. The decryption interface circuit determines second cryptographic parameters based on data in a ciphertext input packet and inputs the second cryptographic parameters and ciphertext input packet to the decryption circuit.

Abstract: The present disclosure describes a system that notifies users regarding specific user decisions with respect to solution phishing emails. The system notifies users when users perform specific actions with respect to the untrusted phishing emails. The system pauses execution of these actions and prompts the user to confirm whether to take the actions or to revert back to review the actions. In contrast from anti-ransomware technologies which are entirely in control, the system gives the user autonomy in deciding actions relating to untrusted phishing emails. The system interrupts execution of actions related to untrusted phishing emails in order to give users a choice on whether to proceed with actions.

Abstract: A method for protecting a mobile terminal device from cyber security threats, including the steps of: detecting that the mobile terminal device is successfully connected only through one or both of a selected physical serial interface connected to a device for facilitating the testing or a wired network interface, which is connected to an electrical utility device. Prior to executing a test routine by the mobile terminal device, switching the mobile terminal device to a test state by: disabling an internal firewall, disabling one or more remaining network interfaces and serial interfaces, such that existing communications or connections are terminated and new communications and connections are prevented. Enabling communication to one or both of the selected physical serial interface and the wired network interface, performing the testing on the at least one electrical utility device according to the executed test routines under control of the mobile terminal device until completion.

Abstract: Implementations of the present disclosure include receiving, by a consensus node from a first account, a digitally signed copy of a commitment value of a transaction amount, a second random number encrypted using a public key of the first account, a third random number encrypted using a public key of the second account, one or more range proofs, and a set of values generated based on one or more selected random numbers. The consensus node then verifies a digital signature corresponding to the digitally signed copy using a public key of the first account corresponding to a private key used to generate the digital signature. It also updates the balance of the first account and a balance of the second account based on the amount of the balance transfer if the first random number, the second random number, and the third random number are the same.

Abstract: Mechanisms are provided for providing a private consolidated cloud service architecture. The mechanisms operate to implement a private consolidated cloud service (PCCS) engine. The PCCS engine generates a private consolidated cloud (PCC) for a consumer based on one or more PCC characteristics specified by a request from the consumer. The PCCS engine also generates, in the PCC, for each of a plurality of public cloud services, a private instance of the public cloud service in the PCC. The PCC receives, from a consumer device, a request for processing of consumer private data by a specified private instance of a public cloud service in the PCC. The private instance of the public cloud service in the PCC performs the requested processing of consumer private data within the PCC without exposing the consumer private data outside the PCC. The PCC provides results of the requested processing to one of the consumer device or the public cloud service.

Abstract: Present disclosure relates to a system for providing a simulated environment and a method thereof. The system comprises a wearable device and a computing unit. The wearable device is configured to output a scenario of the simulated environment and to obtain a biometric characteristic. The computing unit is configured to determine a permission level according to the biometric characteristic, and to determine whether to conceal at least one portion of a virtual object which is being displayed in the scenario according to the permission level.

Abstract: Methods and apparatus are disclosed for device discovery, pairing, and transmission of audio and video media, using two or more communication paths between a media sender/source node and a media receiver/sink node. In one example of the disclosed technology, a method performed with a sink node adapted to receive data via a peer-to-peer communication and a different, second communication path, includes selecting at least a portion of a second communication path to the sink node, determining whether the second communication path is secure, and, if the second communication path is determined to be secure, then accepting connections via the second communication path.

Abstract: A system including: at least one processor; and at least one memory, having stored thereon computer program code that, when executed by the at least one processor, controls the at least one processor to: receive a first sequence of values; segment the first sequence of values into a first subsequence having a first length and a second subsequence having a second length; modify the first subsequence by inserting one or more values into the first subsequence to create a modified first subsequence of a third length; modify the second subsequence by one or more inserting values into the second subsequence to create a modified second subsequence of the third length; combine the modified first subsequence and the modified second subsequence to create a second sequence of values; and output the second sequence of values.

Abstract: A system and method for a privacy mode are disclosed. A trusted execution environment and general operating system that has restricted access to the trusted execution environment are maintained on a processor. A privacy mode command indicating either one of a first value and a second value is received. A peripheral control interface, which is communicatively coupled to the trusted execution environment and otherwise communicatively isolated from the general operating system, is disabled when the privacy mode enable indicator has the first value and is enabled when the privacy mode enable indicator has the second value. An associated peripheral is disabled from providing signals to processing circuits when the peripheral control interface is in the disabled state and enabled to provide signals to processing circuits when the peripheral control interface is in the enabled state.

Abstract: A computing system may operate in a first mode during which it calculates a set of training metrics on a running basis as a stream of multivariate data points originating from a data source is being received. While operating in the first mode, the computing system may determine that the set of training metrics has reached a threshold level of stability. In response, the computing system may transition to a second mode during which its extracts a model object and calculates a set of model parameters for an anomaly detection model. While operating in the second mode, the computing system may determine that the set of model parameters has reached a threshold level of stability. In response, the computing system may transition to a third mode during which it uses the anomaly detection model to monitor for anomalies in the stream of multivariate data points originating from the data source.

Abstract: Embodiments of the invention are directed to systems, methods, and computer program products for electroencephalogram patterning recognition for user authentication into one or more physical or digital locations. In this way, the system may generate a spectral analysis baseline electroencephalogram reading for a user that can be segmented and analyzed based on a specific time span associated with a known stimulus or event, and diagnostic applications generally focus on either event-related potentials or the like. Upon initiating a request to enter a location requiring authentication, an electroencephalogram reading may be generated and patterned after the baseline electroencephalogram reading for the user. The system may perform patterned recognition of the readings and provide an authentication confidence of the user for authentication into the location.