Abstract: The method of authenticating the source of a communication is disclosed. The method includes executing a clock for an operation period. The method also includes receiving a communication from a remote device at a communication time corresponding to a time interval of a plurality of time intervals sequentially covering the operation period. Each time interval has an associated authentication value. The communication includes a commitment value. The method also includes determining whether the commitment value matches the authentication value associated with the time interval corresponding to the communication time. The method also includes processing the communication when the commitment value matches the authentication value associated with the time interval corresponding to the communication time.

Abstract: Techniques and mechanisms for exchanging encrypted communications wirelessly with an accommodation-capable eye-mountable device (EMD). In an embodiment, a controller of the EMD is configured to encrypt data to be sent from the EMD to an auxiliary device or to decrypt data received by the EMD from the auxiliary device. Cryptographic operations to securely exchange the communications are based on a key value and a vector determined at the EMD. In another embodiment, the auxiliary device operates as a master, and the EMD operates as a slave, at least with respect to enablement of a functionality of the EMD to change an association of a cryptographic key value with a vector.

Abstract: The present subject matter relates to securing data on a computing system. In an example, a request to execute an application instance of the application is received. After receiving the request a role to be associated with the application instance may be identified based on one of user inputs, an object-role mapping, and a set of rules. Further, the application is executable in a plurality of application instances and the role of the application instance is indicative of a nature of activity to be performed in the application instance. The identified role is then associated with the application instance. Based on the role, data pertaining to the application instance may be stored in a memory location allocated to the role of the application instance. Further, each role has a dedicated memory location.

Abstract: Methods, apparatus, and systems for characterizing vulnerabilities of an application source code are disclosed. Steps for characterizing vulnerabilities include traversing a representation of the application source code, generating a signature of a potential vulnerability of the application source code, and determining characteristics of the potential vulnerability based on a correlation between the generated signature of the potential vulnerability and previously stored signatures of potential vulnerabilities.

Abstract: According to an embodiment, a receiver is connected to transmitters through photon communication channels and data communication channels to generate identical cryptographic keys to be shared with each transmitter. The receiver includes a sharing unit, a key distilling unit, a data communication controller, and a calculator. The key sharing unit is configured to generate a shared bit string through quantum key distribution with each transmitter via a corresponding photon communication channel. The key distilling unit is configured to generate the cryptographic keys from the respective shared bit strings. The data communication controller is configured to receive from each transmitter first information about a corresponding cryptographic key via a corresponding data communication channel. The calculator is configured to calculate the photon timeslots based on at least the first information. The data communication controller is configured to transmit the photon timeslots to the transmitters.

Abstract: A method and system for managing temporal aspects of accounts and entitlements in target systems in an organization is provided. In an embodiment, an identity management system may receive request to create an account on a target system of the organization. In some embodiments, the identity management system may cause, in co-operation with the target system, the account to be created in the target system, at a first time. In some aspects, the identity management system may associate a second time with the account. In some examples, the second time may correspond to an activation time of the account. In some embodiments, the identity management system may cause in co-operation with the target system, the account to be activated on the target system, at the second time.

Abstract: The present invention provides an eye-controlled password input apparatus, which comprises a display device to display a password menu, an image capturing device to capture an user's eye region image, a memory unit to store at least one preset password and a corresponding account number, a control unit to generate the password menu according to the preset password, and an image processing unit. The image processing unit obtains a plurality of reference objects from the eye image so as to recognize the eye movement direction and to confirm password input. After input a character of the password, the display device generates another password selection menu for the user to input another password character until the password input program is completed.

Abstract: A method and apparatus for securing access to a document stored by a document management and collaboration system are disclosed. In the method and apparatus, access credentials pertaining to a document are obtained, whereby the access credentials are usable for authenticating a request to access the document. A message including the access credentials is then sent out-of-band in relation to a notification indicating availability of the document for access. The document management and collaboration system then receives a request to access the document, whereby the request includes the access credentials, and authenticates the request based at least in part on the access credentials.

Abstract: The present disclosure relates to methods and devices for mitigating the impact from Internet attacks in a Radio Access Network, RAN (10), using Internet transport. This object is obtained by a method performed in a User Equipment, UE (13) associated with the RAN (10) using Internet transport. The method comprises receiving from at least a network node (11, 12, 21, 22, 23) in the RAN (10), information associated with an Internet attack. Obtaining, based on the information, a mitigation action, the mitigation action mitigating the impact of the attack on the RAN service. The method further comprises to perform the obtained mitigation action to mitigate the impact on the RAN service level.

Abstract: Systems and methods may provide for receiving web content and determining a trust level associated with the web content. Additionally, the web content may be mapped to an execution environment based at least in part on the trust level. In one example, the web content is stored to a trust level specific data container.

Abstract: A system may include a traffic interception module configured to intercept network traffic of a host device. A traffic virtualization module may be configured to generate a virtual file on the host device containing the intercepted network traffic. A security system interface module may be configured to provide the virtual file to a secure digital security system over a virtualized file interface coupling the host device to the secure digital security system, and to receive instructions to allow or to deny the network traffic from the secure digital security system over the virtualized file interface. A traffic access management module may be configured to allow or to deny the network traffic based on the instructions.

Abstract: A device fingerprinting system provides an additional factor of authentication. A user device may be redirected, along with user ID parameters, to authentication system. The user device may be sent instructions to execute that collect and send back device characteristic information to the authentication system. The authentication can create a unique fingerprint of the device, and determine if the fingerprint has been seen before. If seen before, the authentication system may send back an authentication token indicating the additional factor of authentication was a success. If the fingerprint has not been seen previously, the authentication system may conduct a one-time password authentication as the additional factor. If successful, the fingerprint may be stored in association with the user device for future authentication as an additional factor.

Abstract: The disclosed computer-implemented method for image-based encryption of cloud data may include (1) identifying a user account for a cloud data store, wherein the cloud data store stores at least one secret to be secured by encryption on behalf of the user account, (2) receiving an image file to be used at least in part to generate a cryptographic element to be used for encrypting the secret, the cryptographic element capable of being re-created when the image file is provided again at a later time, (3) using at least one cryptographic function, generating the cryptographic element based at least in part on the image file, and (4) securing the secret by encrypting the secret using the cryptographic element. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Implementations and techniques for asymmetrical chaotic encryption are generally disclosed. One disclosed method for asymmetrical encryption includes determining a ciphertext control block from data, where the ciphertext control block is based at least in part on one or more Chebyshev polynomials. The method also includes encrypting at least a portion of the data into an encrypted ciphertext block, where the encrypted ciphertext block is based at least in part on Logistic Mapping, and in which a final ciphertext includes the encrypted ciphertext block and the ciphertext control block.

Abstract: Delivering author specific content includes identifying author specific content with tags inserted into its metadata across multiple online resources and delivering updates about the author specific content to a user specified activity stream.

Abstract: Systems, methods, and non-transitory computer-readable media can detect an operation that causes a challenge response process to be initiated. An image category associated with a recognized category label can be identified. At least one image associated with the image category can be displayed during the challenge response process. The operation can be executed when the challenge response process, based on the at least one image, is successfully completed.

Abstract: Data provided on a first computing device is represented by a graphical object displayed on a screen. A user can initiate an “attach event” with a gesture to enable the graphical object to be associated and/or virtually attached to the user and/or a user's hand/fingers. An image capture component can view/track user movements. Based on the viewed/tracked movements, the graphical object representing the data on the first computing device can be moved on a screen of the first computing device to correspond to the movement of the user's hand/finger. The graphical object also can be moved to a position on a screen of a second computing device when the user moves a hand/fingers to an area corresponding to the position. A user may initiate a “release event” with a gesture and can end the association and enable the data to be sent to the second computing device.

Abstract: In some embodiments, a content management system can initiate a scan of a content item when the content management system detects that activity associated with the content item triggers a scan policy. In some embodiments, a content management system can initiate a scan of a user's account when the content management system detects that activity associated with the content item triggers a scan policy. A scan policy can specify, for example, a number of shares, downloads and/or previews of the content item allowable in a period of time. When the number of shares, downloads, and/or previews exceeds the specified number in the policy in the specified period of time, the content management system can initiate a scan (e.g., virus scan, malware scan, etc.) of the content item and/or the user's account.

Abstract: Systems and methods are described for orchestrating a security object, including, for example, defining and storing a plurality of policies in a database coupled to a policy engine and receiving, by the policy engine, the security object and at least one object attribute associated with the security object. In addition, the policy engine determines the acceptability of the security object based, at least in part, on the at least one object attribute and at least one of the plurality of policies corresponding to the at least one object attribute. The security object to at least one communication device associated with the policy engine is distributed when the security object is determined to be acceptable. The at least one communication device establishes communication based, at least in part, on the security object.

Abstract: A method and system for managing entitlements provided by a target system in an organization is provided. In one embodiment, a user of an organization may utilize services provided by an identity management system to request for resources stored in one or more target systems of the organization. Upon receiving the request, the identity management system may identify if an account is associated with the user that enables the user access to the resource in one of the target systems. In some examples, the identity management system may provision a new account for the user, associate the new account with the user and grant an entitlement to the new account, wherein the entitlement enables the user to access the requested in the target system.