Abstract: An electronic device (22) includes a communication interface (36) and a processor (30), which is configured to store and process secret information and to communicate with a host device (24) via the communication interface. An environmental detector (38) is configured to detect a change, relative to a baseline, in an operating environment of the electronic device, and in response to the detected change, to initiate a secure communication between the processor and the host device when the detected change is in a predefined first range, and to invoke a countermeasure against tampering with the device when the detected change is in a predefined second range, disjoint from the first range.

Abstract: Methods, apparatus, and systems for characterizing vulnerabilities of an application source code are disclosed. Steps for characterizing vulnerabilities include traversing a representation of the application source code, generating a signature of a potential vulnerability of the application source code, and determining characteristics of the potential vulnerability based on a correlation between the generated signature of the potential vulnerability and previously stored signatures of potential vulnerabilities.

Abstract: For multi-node encryption, a method generates an upstream node nonce from communication data exchanged with an upstream node. In addition, the method generates a first upstream message transformation as a function of the upstream node nonce. The method further generates a tunnel transformation as a function of previous upstream message transformations and the first upstream message transformation.

Abstract: Systems and methods are disclosed for providing, generating, and managing profiles. Such systems and methods may be implemented to control access to a function of a web server or site based on a level of trust associated with a user or device profile. According to one exemplary method, session information associated with a request to access a function of a web server is identified. At least one processor determines whether the request is associated with a trusted device profile based on the at least the session information. Access to the requested function is provided when the request is associated with a trusted device profile.

Abstract: A system for securing and tracking usage of transaction services or computer resources by a client computer from a first server computer, which includes clearinghouse means for storing identity data of the first server computer and the client computer(s); server software means and client software means adapted to forward its identity data and identity data of the client computer(s) to the clearinghouse means at the beginning of an operating session; and a hardware key connected to the client computer, the key being adapted to generate a digital identification as part of the identity data; wherein the hardware key is implemented using a hardware token access system, a magnetic card access system, a smart card access system, a biometric identification access system or a central processing unit with a unique embedded digital identification.

Abstract: A computing device includes a central processing resource, memory, a network interface, and a security control module. The security control module determines when to change a program of the computing device. When the program is to be changed, the security control module accesses a library of programs that includes a plurality of versions of the program and selects one of the plurality of versions of the program. The security control module then updates an active program list to include the selected version of the program. When the program is evoked, the central processing resource uses the selected version of the program such that execution of the program is changed, which changes internal operation of the computing device thereby reducing adverse impact of the malicious software.

Abstract: A data storage system including a SSD includes a capability to detect whether its location is acceptable for function, and a capability to self-disable in the event the location of the device is unacceptable, or to self-enable only while the location of the device is acceptable.

Abstract: A method of operating a mobile device comprises executing a trusted service application in a trusted operating system through secure access, executing a trusted web server module in the trusted operating system, wherein the trusted web server module is configured to transfer information using an internet protocol and the information is generated by execution of the trusted service application, and executing a user application in a rich operating system through normal access, wherein the user application is configured to relay communication between a remote web server and the trusted web server module through a security session.

Abstract: Systems and methods include receiving data corresponding to a request to access a resource by an identity provided with authority to access the resource. Systems and methods include determining whether the identity is a member of a community based on associating data. The community includes identities as members thereof. Systems and methods include determining a risk level associated with the request. The risk level is determined using a history of access of the resource by a particular member the community if the identity is a member of the community. The risk level is determined using a history of access of the resource by the identity if the identity is not a member of the community. Systems and methods include determining an access policy based on the risk level associated with the request. The access policy indicates whether access to the resource by the identity is to be restricted.

Abstract: A method for displaying a digital document to a user where the display sequence of the pages of the document is personalized based on the user's past interactions with the document, such as viewing, annotating, editing, sharing, etc. on each pages. As user interacts with the document, the viewer application on the client computer reports the user interactions to a server. Through analytics, the server can decide the importance of individual pages and rank the pages accordingly, and sends page ranking information back to the client. The viewer application on the client can then render the document where pages are ordered based on the ranking, which reflects the user's interest in these pages. Different modes of reorganizing a document based on user interaction history are provided, so that the pages can be displayed in sequences based on the frequency of certain types of user interactions.

Abstract: Aspects of the invention include methods and systems for electronically signing a plurality of documents, such as an insurance application, a loan application, a set of mortgage papers, a bank application, or the like. A customer, or multiple customers, electronically submits the signature once and the customer's one signature is applied to all of the areas where the customer signature is required. The electronic signature may include initials and/or a graphical representation of the customer's handwritten signature. Aspects of the invention include an apparatus comprising a display, a memory, and a processor coupled to the memory and programmed with computer-executable instructions that, when executed, perform a method for electronically signing a plurality of documents.

Abstract: A method and system for securing a VXLAN environment, including configuring a default network policy, associated with interfaces of the network device, for dropping all VXLAN frames including a VXLAN attribute; obtaining, by the network device, registered VTEP identifiers; determining, using the registered VTEP identifiers, that an interface of the network device is operatively connected to a registered VTEP associated with a registered VTEP identifier; disassociating the default network policy from the interface based on the determination; receiving, at the interface, a frame; performing a first verification that the frame is a VXLAN frame by examining the frame to determine that the frame includes the VXLAN attribute; performing a second verification to determine that the VXLAN frame includes a registered VTEP identifier; allowing, based on the first verification and the second verification, the network device to process the VXLAN frame; and processing the VXLAN frame.

Abstract: Associating a network packet with biometric information for a user includes identifying biometric identification information for a user of a network device, including an identifier of the biometric identification information in at least one of a header and a trailer of a network packet without including biometric identification information in a payload of the network packet, and sending the packet via a network, wherein the identifier identifies the network packet as having originated from the user.

Abstract: There is disclosed a technique for use in authentication. In one embodiment, the technique comprises a method with the following steps. The method comprises detecting an occurrence associated with an authentication device. The method also comprises receiving a one-time password as issued by the authentication device. The method further comprises receiving an authentication factor, wherein the authentication factor is unrelated to one-time passwords issued by the authentication device. The method still further comprises determining whether to suspend authentication by the authentication device based on the one-time password and the authentication factor.

Abstract: A method for redacting QA system answer information based on user access to content including analyzing a corpus by natural language processing techniques, wherein the corpora includes non-sensitive and sensitive content, and storing the analyzed corpora in memory; receiving a user question to be answered by utilizing the analyzed corpora; utilizing a processor to determine a set of answer information by processing using the corpora; determining a user access right to sensitive content; and redacting an answer information item from the set of answer information if sensitive content to which the user does not have access was used to determine the answer information item.

Abstract: A system or computer usable program product for redacting QA system answer information based on user access to content including analyzing a corpus by natural language processing techniques, wherein the corpora includes non-sensitive and sensitive content, and storing the analyzed corpora in memory; receiving a user question to be answered by utilizing the analyzed corpora; utilizing a processor to determine a set of answer information by processing using the corpora; determining a user access right to sensitive content; and redacting an answer information item from the set of answer information if sensitive content to which the user does not have access was used to determine the answer information item.

Abstract: An integrated circuit includes a programmable logic device and optionally a control circuit coupled to the programmable logic device (PLD). The control circuit may detect that a reconfiguration criterion is satisfied. Responsive to the reconfiguration criterion being satisfied, the control logic may configure, using one or more randomizations, the PLD to implement a secret operation, wherein a first randomized configuration of the PLD results in a first circuit implementation that is different from, but functionally equivalent to, a second circuit implementation that results from a second randomized configuration of the PLD.

Abstract: A cryptographic system includes a memory device and a processor. The memory device has at least two sections, including a first section and a second section. The processor is configured to determine a mode of operation, receive a signal, and selectively zeroize at least one section of the memory device based at least in part on the received signal and the determined mode of operation.

Abstract: An information processing device for managing information saved in a save location, including an authentication unit configured to manage first authentication information and second authentication information in association with each other, said first authentication information required to authenticate a client device requesting an operation relevant to the information, and said second authentication information required for authentication at said save location that saves the information; a save location monitor unit configured to monitor the information saved in the save location by using the second authentication information, and update index information of the information saved in the save location; and an information management unit configured to create a list of the information saved in the save location by using the index information of the information saved in the save location, and provide the list to the client device.

Abstract: The present invention relates to a system and method for controlling a network access of a network packet on the basis of a thread which is inserted into a process through code injection. The network access control system according to the present invention comprises: a process inspecting unit for detecting a code injection-based thread included in a process; and a network monitoring unit for performing network filtering so as to detect a network packet having access to a network, and, if a communication subject of the detected network packet is the code injection-based thread, blocking the traffic of the detected network packet.