Abstract: Embodiments of the disclosure implement techniques to create secure Original Equipment Manufacturer (OEM) identifiers. In one embodiment, a processing system is disclosed. The processing system includes a memory to store an Original Equipment Manufacturer (OEM) key and a processing device, operatively coupled to the memory. The processing device is to receive the OEM key for an OEM system as input to a cryptographic hash function. A device key is produced by applying the cryptographic hash function to the OEM key and a global key associated with a vendor of the OEM system. The device key is provided to a security firmware device to authenticate the OEM system.

Abstract: Methods and apparatus related to improving secure communications are described. In an embodiment, a security agent pins a domain to a certificate. The certificate is used in authenticating the domain, and the existence of a pinning indicator within the certificate is used in authenticating the domain. Once the security agent pins the domain to a certificate, a relationship between the domain and the certificate used in authenticating the domain is stored. Other embodiments are also disclosed and claimed.

Abstract: A method and system for conducting simulated phishing attacks. This may include identifying a target device from a list, such as a corporate directory, and sending a message to the device with a link to a website. On the website, the user may be directed to or enrolled in a network security course, or may be directed to install an app, which may then be used to gather data or further conduct simulated phishing attacks on other devices on a network.

Abstract: Features are disclosed relating to a network-based consent management system that securely manages various aspects of consenting and agreeing to engage in physical relationships, including sexual relationships. For example, the system can manage processes such as requesting and obtaining consent, agreeing to provide consent, declining to provide consent, preemptively providing or declining consent without a consent request, verifying identities of individual users, verifying users' capacity to consent, and the like. In addition, the system can securely maintain a record of consent agreements and refusals. Thus, users of the system can initiate or otherwise participate in certain physical interactions with other users, secure in the knowledge that the participants have provided unambiguous informed consent and that a record of such consent has been created and securely stored by a third party.

Abstract: A method for establishing an authorized communication between a physical object (4, 9, 10) and a communication device (1), wherein said physical object and said communication device comprise both a data processing unit, a contact communication interface (6, 7) and a wide area network interface, the method comprising: —a step of establishing a physical connection between the physical object (4, 9, 10) and the communication device (1) through a contact between the contact communication interfaces (6, 7) of the physical object and the communication device, —a step of transmitting authorization data between the physical object and the communication device through said physical connection to grant access rights over the physical object to the communication using the authorization data, wherein the access rights enable the communication device to make a write access to protected data of the physical object through the wide area network interface of the physical object and the wide area network interface of the comm

Abstract: Methods and associated data processing system for handling sensitive data required by an application in a secure computer system. The secure computer identifies sensitive data in one or more data aspects of a request message. The secure computer system tokenizes the sensitive data in the one or more data aspects by replacing the sensitive data with tokenized data and stores a mapping between the sensitive data and the tokenized data in the secure computer system. The secure computer system sends the request message to an external computer system. After the request message is sent to the external computer system, the secure computer system receives a response message from the external computer system. The response message includes annotations for the tokenized data with transform instructions for the tokenized data. The secure computer system replaces the tokenized data with the sensitive data and performs the transform instructions on the sensitive data.

Abstract: A method for detection of malicious encryption programs, the method comprising: intercepting, at a server, a file operation request from a client on a file stored on the server; collecting information about at least the requested file and the requested operation; determining, by a hardware processor of the server, based on the collected information, whether the file operation request came from a known malicious encryption program; when the file operation request came from an unknown program, then calculating, by the hardware processor, entropies of at least a portion of the file before and after the execution of the requested operation on the file; and calculating, by the hardware processor, a difference between the calculated entropies; when the difference is below a threshold, allowing the requested operation on the file; and when the difference is above the threshold, denying the requested operation on the file.

Abstract: Systems and methods may provide for implementing a secure communication using physical proximity. In one example, the method may include transmitting an encrypted first communication including a sensitive information file, decrypting the encrypted first communication to generate a decrypted first communication including the sensitive information file, displaying the decrypted first communication, capturing a version of the decrypted first communication displayed on the intermediary device, and extracting the sensitive information file at a user device.

Abstract: A system and method allows a user to register one or more PINs on one or more user devices, and then authenticates the user to a server via the PIN and a token deposited on the user device being used by the user to allow access to an application on the user device. Individual tokens, or all tokens deposited on the user devices for a user account, may be invalidated, and the user is prevented from authenticating himself or herself via a PIN to allow access to an application on any device for which the last token deposited was invalidated, until the same or different PIN is registered for that device.

Abstract: A method for screen unlocking, a method for image acquiring, and an electronic terminal are provided. In the method for screen unlocking, a most frequently used debug parameter is counted according to recorded debug parameters used for image selection in the most recent N instances. Auto-adjustment is performed on the debug parameters from the most frequently used debug parameter, and an image current acquired is debugged with the debug parameters adjusted, to obtain debugged images. A target fingerprint image is selected from the debugged images. Whether the target image satisfies an unlocking condition is identified and a screen of the electronic terminal is unlocked when the unlocking condition is satisfied. Accordingly, a method for image acquiring and an electronic terminal are also provided.

Abstract: Techniques for automatic firewall configuration in a virtual network environment are described. In one example embodiment, firewall rules are configured using virtual machine (VM) inventory objects. The firewall rules are then transformed by replacing the VM inventory objects in the configured firewall rules with associated Internet protocol (IP) addresses using an IP address management table (IPAM) table and a network address translation (NAT) table. The transformed firewall rules are then sent to a firewall engine for filtering communication from and to VMs running on a first machine on one or more computing networks and communication from and to VMs running on a second machine on one or more computing networks at a firewall according to the transformed firewall rules.

Abstract: Technologies for trusted device on-boarding include a first computing device to generate a first public Diffie-Hellman key based on a private Diffie-Hellman key and a first unique identifier of the first computing device. The first unique identifier is retrieved from secure memory of the first computing device. The first computing device transmits the first public Diffie-Hellman key to a second computing device and receives, from the second computing device, a second public Diffie-Hellman key of the second computing device. The second public Diffie-Hellman key incorporates a second unique identifier of the second computing device. Further, the first computing device removes a contribution of the second unique identifier from the second public Diffie-Hellman key to generate a modified public Diffie-Hellman key and generates a shared Diffie-Hellman key based on the modified public Diffie-Hellman key and the private Diffie-Hellman key of the first computing device.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for decoding Turing tests. One of the methods includes managing a database that stores data of each of a plurality of aggregation accounts; sending, for a particular account identified by one of the aggregation accounts and to a server, a request for access to account data for the particular account; receiving, from the server, data that includes a login credentials field and a Turing test challenge; extracting the Turing test challenge; providing, to an external system that is a different system from the server, the Turing test challenge; receiving, from the external system, a response to the Turing test challenge; providing, to the server, the response to the Turing test challenge; providing, to the server, the login credentials for the particular account; and receiving, from the server, account data for the particular account.

Abstract: An apparatus and method for providing external bump-in-the-wire cryptographic capability to a legacy radio (which may or may not include embedded cryptography) includes an appliqué couplable to the legacy radio and to an intercom, handset, or other user device. The appliqué extracts and stores in memory radio status information from the legacy radio (channel information, cryptographic instructions, alarm conditions) by intercepting control signals, polling the legacy radio, or listening in on channels used by the legacy radio. If TSVCIS 2.1 or CMI-compatible encryption is required, the appliqué may encrypt or decrypt a message with the appropriate cryptographic keys based on the extracted radio status information. The appliqué may include a bump-in-the-wire device or a bump-in-the-connector device directly couplable to an intercom port of a vehicular mounted SINCGARS legacy radio.

Abstract: Systems and processes that may be implemented to manage access by software applications to various resources of a user telecommunications device are disclosed. The systems and processes may implement a trust policy which reflects privacy criteria selected by a user of the user telecommunications device, wherein the trust policy overrides registered permissions of the software applications. The user telecommunication device may include a memory that stores a software application has been granted registered permissions to access a input and/or output component of the user telecommunications device as well as a trust policy has been set by the user to proscribe access by that particular software application to the input and/or output component. In implementing the trust policy, the software application may be prevented from accessing the input and/or output component notwithstanding the software application having registered permissions to access the input and/or output component.

Abstract: The present disclosure describes systems and methods for an app provider to deliver information—such as notifications, alerts, messages, and other data—between client devices without the use of a third-party push token. When receivers are connected to the app provider system, the app provider will deliver a notification and the communication to the receivers without the use of a third-party push token. When receivers are not connected to the app provider system, the app provider may cache communications and notifications until the next time the receiver connects to the app provider.

Abstract: A screen unlocking method of an electronic terminal is provided as follows. Recorded debug parameters used for selecting target fingerprint images in the most recent N instances are counted, to determine a most frequently used debug parameter, where N is a natural number. Current debug parameters are adjusted based on the most frequently used debug parameter, to debug fingerprint images currently acquired. A target fingerprint image is selected from the fingerprint images debugged. Whether the target fingerprint image satisfies an unlocking condition is identified and a screen of the electronic terminal is unlocked when the unlocking condition is satisfied. Accordingly, an image acquiring method and an electronic terminal are also provided.

Abstract: In one embodiment, a method is executed by an information handling system comprising computer hardware. The method includes monitoring a desktop environment of a user for a desktop-administration event. The method further includes, responsive to a detected occurrence of the desktop-administration event, identifying at least one script-execution process to invoke. The at least one script-execution process executes at least one privilege-agnostic desktop-administration script. The method also includes determining whether the at least one script-execution process is designated for privilege elevation. Moreover, the method includes, responsive to a determination that the at least one script-execution process is designated for privilege elevation, injecting a security token of the at least one script-execution process with elevated privileges to yield a privilege-injected script-execution process.

Abstract: Techniques are disclosed for providing and/or implementing utilizing declarative techniques for transaction-specific authentication. Certain techniques are disclosed herein that enable transaction signing using modular authentication via declarative requests from applications. An application can declaratively specify one or more transaction factor values to be used in an authentication, and the authentication, using a transaction-signed one-time password, can be directed by an access manager module without further involvement of the application. Upon a successful or non-successful authentication, the access manager module can provide the result back to the application. Accordingly, an authentication process specific to (and valid only for) a particular transaction can be performed without direct involvement of the application and without application-centric knowledge required by the access manager module.

Abstract: A security appliance includes: a network port enabling direct connection to a gateway; a storage module having stored thereon firmware for operating the security appliance; and a processor that executes the program code of the firmware. The firmware configures the appliance to: establish a seamless communication interface with a connected gateway; monitor traffic coming into and going out from the connected gateway; and identify traffic anomalies within the monitored traffic. The firmware further configures the appliance to: in response to identifying one or more of the traffic anomalies: forward information about the identified traffic anomalies to a centralized database for evaluation and reporting; and initiate steps to prevent further occurrence of the traffic anomalies, without user approval.