Abstract: A service provider (SP) network device or system can operate to enable a WiFi protected access 2 (WPA2) pass-through with a user equipment (UE). The WPA2 pass-through can be an interface connection that passes through a computer premise equipment (CPE) or wireless residential gateway (GW) without the CPE or GW modifying or affecting the data traffic such as by authentication or security protocol. The SP network device can receive traffic data from a UE through or via the WPA 2 pass-through from a UE of a community Wi-Fi network at a home, residence, or entity network. Regardless of whether the UE is connected to any other home network at the CPE or is a subscriber to the SP network, the UE can communicate transparently by the WPA 2 pass-through with the SP network device to establish a secure initial access process with the SP network.

Abstract: The invention is a method for handling data in a secure container comprising first and second private keys uniquely allocated to the secure container. The secure container is configured to use the first private key to handle said data in a first operating mode and to use the second private key to handle said data in a second operating mode. The secure container is configured to prevent the update of the first private key after its clearing. The method comprises the step of automatically clearing the first private key in response to a request for enabling a software module in the second operating mode and a step of automatically using the first operating mode by the secure container if the first private key has not been cleared and of automatically using the second operating mode by the secure container if the first private key has been cleared.

Abstract: Methods and systems for managing user privacy information in a distributed fashion are provided. In one embodiment, a method is provided that may include receiving an identity with device information that is less sensitive and user information that is more sensitive. The user information may then be encrypted and stored on a repository, and indications of the encrypted device information and the encrypted user information may be stored on a distributed ledger. The method may further include enforcing a first access policy on the encrypted device information and a second access policy on encrypted user information.

Abstract: A cryptographic module has an input/output port to receive a first temporary key. A processor receives the first temporary key from the input/output port. A secure authentication key memory is connected to the processor. A temporary key generator is connected to the processor to produce a second temporary key for routing to the input/output port. A cryptographic salt generator is connected to the processor to produce cryptographic salt. A cryptographic key generator is connected to the processor to process key parts derived from the first temporary key, the second temporary key and the cryptographic salt to produce cryptographic keys.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing cryptographic keys based on user identity information. One of the methods includes receiving a request to store identity information and a user key pair to a memory on a chip, the request being digitally signed with a digital signature, the identity information uniquely identifying the user, and the user key pair being assigned to the user; determining that the digital signature is authentic based on a public key pre-stored in the memory; encrypting the identity information and the user key pair; and storing the identity information and the user key pair to the memory.

Abstract: A system includes a memory, a processor in communication with the memory, and a scanner. The scanner is configured to execute a first simulation instructions and track a register value and/or a stack value while executing the simulation. Responsive to encountering a conditional branch, the scanner is configured to split the first simulation into a second simulation and a third simulation to follow respective legs of the conditional branch. The scanner is also configured to track a movement from a register and/or a stack associated with the memory, record the movement and instruction associated with the movement, and report potential vulnerabilities.

Abstract: A data store to store and access digital records is provided, and a key object record is initialized in the data store to store data associated with a physical key object. A digital fingerprint of the physical key object is stored in the key object record. Another digital record is created in the data store that is not the key object record. The digital record is linked to the digital fingerprint of the physical key object. The linking is arranged to provide secure control access to the linked digital record. A tendered access key is received via a programmatic interface or user interface, and the data store is queried based on the tendered access key to identify a matching digital fingerprint of a key object. In a case that the querying identifies the matching digital fingerprint of the key object within a prescribed level of confidence, access to the linked digital record secured by the key object is granted.

Abstract: Systems and methods are described to predict spikes in requests for content on a computing network based on referrer field values of prior requests associated with spikes. Specifically, a traffic spike prediction service is disclosed that can analyze information regarding past requests on the computing network to detect a spike in requests to a content item, where a significant number of request within the spike include a common referrer field value. The traffic spike prediction service can then detect a request to a second content also including the common referrer field value, and predict that a spike is expected to occur with respect to the second content. The traffic spike prediction service can manage the expected spike by increasing an amount of computing resources available to service requests to the second content.

Abstract: An example operation may include one or more of receiving, by a broadcast server node, data from a plurality of data provider nodes; and executing, by the broadcast server node, a smart contract to: encrypt the data with encryption keys; generate a broadcast queue based on the encrypted data; and assign a subset of consumer nodes authorized to receive the encrypted data of the broadcast queue.

Abstract: Tenant approval for operator access to tenant data is provided. In order to grant service personnel operators access to a tenant's data for performing a requested action, a lockbox determines a security group role to which an operator needs to be elevated to perform a requested action, computes a set of internal administrators and tenant administrators authorized to grant a temporary role elevation, and sends an access control request to the administrators. Upon receiving approval of the access control request from an internal administrator and a tenant administrator, the lockbox elevates the operator to the security group role, granting the operator a set of permissions needed in order to allow the operator to perform the requested action. Accordingly, tenants are enabled to control access to their data and scrutinize access requests per their company procedures and compliance needs.

Abstract: Techniques are described for delayed serving of protected content. A request has been made by a client computing device for a requested resource comprising a first portion and a second portion that is initially withheld from the client computing device. First content comprising the first portion of the requested resource and reconnaissance code is served for execution on the client computing device. When executed at the client computing device, the reconnaissance code gathers data at the client computing device that indicates whether the client computing device is human-controlled or bot-controlled. The data gathered by the reconnaissance code is received. Based on the data, it is determined that the client computing device is not bot-controlled. In response to determining that the client computing device is not bot-controlled, the second portion of the requested resource is served to the client computing device.

Abstract: Systems and methods of automatically controlling a user's data footprint are provided. Data associated with a user may be analyzed to determine an action the user is preparing to take. Based on the analysis, a potential risk associated with the action the user is preparing to take may be identified. The potential risk associated with the action the user is preparing to take may be, for example, a data security risk, a data privacy risk, a physical risk, a risk of damage to property, and/or a financial risk. A notification indicating the potential risk associated with the action the user is preparing to take may be provided to the user. The notification may include one or more suggestions for mitigating the potential risk associated with the action the user is preparing to take.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing cryptographic keys based on user identity information. One of the methods includes receiving a request to store identity information and a user key pair to a memory on a chip, the request being digitally signed with a digital signature, the identity information uniquely identifying the user, and the user key pair being assigned to the user; determining that the digital signature is authentic based on a public key pre-stored in the memory; encrypting the identity information and the user key pair; and storing the identity information and the user key pair to the memory.

Abstract: A system and method are presented for the re-authentication of asynchronous messaging, specifically within enterprise to consumer communications. A third-party enterprise messaging server may be used as a conduit for a messaging service allowing for customer interaction with a business. The messaging server can append a re-authentication process for customers once a customer has been authenticated by the enterprise. Each time a customer resumes an interaction exceeding a timeout threshold, the messaging server invokes its re-authentication process. Lapsed interactions may be treated as continuous without having the customer re-authenticate through the enterprise specific authentication.

Abstract: A hearing device includes: a processing unit configured to compensate for hearing loss of a user of the hearing device; a memory unit; and an interface; wherein the hearing device is configured to: receive an authentication message from a client device via the interface, derive a client device identifier from the authentication message, and store the client device identifier in the memory unit.

Abstract: A device may receive data from a first endpoint device. The device may identify a network protocol. The network protocol may be associated with receiving the data. The device may identify a format. The format may be associated with encoding textual information in the data. The device may determine, based on the format and the network protocol, text in the data. The device may determine whether the text includes a reference from a plurality of references. The plurality of references may identify addresses associated with malicious devices. The device may selectively forward the data to a second endpoint device based on determining whether the text includes the reference.

Abstract: The present invention relates to a method for managing IoT devices by a security fabric. According to one embodiment, an analyzing tier collects data of Internet of Things (IoT) devices from a plurality of data sources and abstracts profiled element baselines (PEBs) of IoT devices of the same type from the data. An executing tier retrieves the PEBs from the analyzing tier and generates security policies for IoT devices of the same type from PEBs. The executing tier controls network traffic of the IoT devices of the private network to comply with the security policies.

Abstract: The current document is directed to distributed-secure-storage systems, and processes carried out within the distributed-secure-storage systems, that provide for secure storage and retrieval of confidential and critical data, referred to as “secrets,” within distributed computer systems. The secret-storage systems partition an input secret into multiple secret shares and distribute the secret shares among multiple secret-share-storing node subsystems, without persistently storing the secret itself. An agent within a client device subsequently requests a secret share corresponding to a secret, or a share of data derived from the secret share, from each of the multiple secret-share-storing nodes. The multiple secret-share-storing nodes additionally cooperate to periodically alter the stored secret shares corresponding to a secret in a way that allows agents to recover the original secret, or derived data, from all or a portion of the altered secret shares or derived-data shares.

Abstract: A processor-implemented method of performing authentication includes obtaining a first biometric information of a user according to a first modality; calculating a first score based on the first biometric information; filtering the first score; determining whether the filtered first score satisfies a second condition; and selectively, based on a result of the determining, authenticating the user based on the first score and a first condition corresponding to the first modality. The second condition is different from the first condition.

Abstract: Systems and methods for providing security to an integrated circuit/processor and the processor cores in an endpoint device using a dynamic security architecture environment (DSAE) are disclosed.