Abstract: An information processing system includes circuitry that stores at least one secret key that corresponds to a public key. The circuitry causes display, on a screen, of information corresponding to the public key and information corresponding to the secret key. The circuitry also modifies the display of the first information corresponding to the public key when the public key is used and the display of the second information corresponding to the secret key when the secret key is used.

Abstract: A method and system are provided for improved distributing of a complete software image to all electronic devices of a certain type or model while using encryption to limit its use to specific ones of those devices. In the method, the entire software image is encrypted with a global key and the encrypted software image is distributed to all devices which have the capability of running that software. The global software decryption key for decrypting the software image is uniquely encrypted for every device that is authorized to use the software and the encrypted global software key is distributed to those devices from a field or factory provisioning server across a point-to-point connection.

Abstract: Approaches presented herein enable credentials to be revoked or otherwise modified while limiting the impact of inadvertent or unintended changes in access. In some embodiments, the revocation of a credential can occur over a period of time with the level of access being diminished over that period, in order to prevent an inadvertent denial of access while indicating to the requestor that there is an issue with the credential. When a new policy is created for a new credential, a prior policy can be retained for at least a period of time such that users with inadvertently revoked access can obtain a level of access per the previous policy. Various embodiments trace the calls for a credential throughout the system in order to determine which services, processes, or components might be affected by the revocation, such that an appropriate remedial action can be taken.

Abstract: An application associated with a remote device executes logic to receive, from a remote system, data identifying a plurality of compromising entities, identify an incoming communication initiated by the remote device, and identify information regarding a source of the incoming communication. Additionally, the logic determines an entity associated with the source of the incoming communication and determines that the entity associated with the source matches at least one of the plurality of compromising entities based on comparing the data identifying the plurality of compromising entities and the entity associated with the source of the incoming communication. In addition, the logic generates a signal configured to block the incoming communication.

Abstract: A network attached storage device coupled to a local network and including a network interface configured to receive digital content from a remote content provider outside the local network. The network attached storage device includes storage having a first region accessible by a user of the local network and a secure region. The network attached storage device includes a processor coupled to the storage, the processor configured to control access to the secure region of the storage based on instructions received from a remote content provider.

Abstract: An unlocking control method is applied in a wearable device and a lockable electronic device. The wearable device communicates with the electronic device and can be bound to it. The wearable device can produce an unlocking setting instruction to set an unlocking mode of the electronic device, and can send the unlocking setting instruction to the bound electronic device. The wearable device can set the unlocking mode of the electronic device and produce an unlocking control instruction, sending the unlocking control instruction to the electronic device. The electronic device receives the unlocking control instruction, and is controlled to unlock itself according to the received unlocking control instruction and the unlocking mode of the electronic device.

Abstract: The present disclosure generally relates to visually varying an image using parallax image layers, and more specifically, relates to visually varying presentation of an access right displayed on a mobile device to enhance verification of access to resources. The variation of multiple layers of an image may be based on sensor data detected at the mobile device.

Abstract: A method and apparatus for identifying malicious activity. At least one memory is configured to store historical communication data. At least one processor is configured to retrieve the historical communication data related to communications between a server and a plurality of clients in a system. The processor is further configured to cluster the historical communication data to group communications of the historical communication data. The processor is further configured to identify a plurality of patterns that indicate malicious activity based on the grouped communications. The processor is further configured to receive current communication data. The processor is further configured to determine whether the current communication data matches the one of the plurality of patterns.

Abstract: A processor implementing techniques for processor extensions to protect stacks during ring transitions is provided. In one embodiment, the processor includes a plurality of registers and a processor core, operatively coupled to the plurality of registers. The plurality of registers is used to store data used in privilege level transitions. Each register of the plurality of registers is associated with a privilege level. An indicator to change a first privilege level of a currently active application to a second privilege level is received. In view of the second privilege level, a shadow stack pointer (SSP) stored in a register of the plurality of registers is selected. The register is associated with the second privilege level. By using the SSP, a shadow stack for use by the processor at the second privilege level is identified.

Abstract: Systems, computer-readable media and methods for enabling secure computation on spreadsheet software. A secure spreadsheet is implemented as an add-in to an existing spreadsheet program, or as a new spreadsheet program/web application, to allow secure computations on private input data (and also optionally with private functions) without the parties learning anything about them, via the familiar spreadsheet interface and its formula language. Automatic conversion of previous spreadsheet data and formulas is provided whenever possible, or assisted via a helper. The secure computation can be executed between the computers of the involved parties, or outsourced to a third-party—cloud computing system (FIG. 4)—: the secure cryptographic calculation module automatically optimizes for the best performing technique of secure computation (for example, homomorphic encryption, garbled circuits, oblivious transfers, secret sharing, oblivious random access machines and/or a combination of the previous crypto-primitives).

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

Abstract: Presented are a method, apparatus, and computer-readable medium for data exchange. The method includes specifying, by a user equipment (UE), a first data, and creating, by the UE, a rule set, the rule set governing access to the first data. The method further includes uploading, by the UE, the first data with the rule set to a user selected server, the first data being accessible at the user selected server based on the rule set.

Abstract: Methods and devices for generated and handling an alert are described. In one aspect, an electronic device includes an input interface and an output interface. The electronic device also includes a memory storing an application and a processor coupled to the input interface, the output interface and the memory. The processor is configured to generate a selectable alert on the output interface while the electronic device is in a device lock mode. The selectable alert is associated with the secure application. The processor is also configured to, while the electronic device is in the device lock mode, receive, from the input interface, a signal representing a command to activate the selectable alert. The processor is also configured to, responsive to receiving the command to activate the selectable alert, execute a secure event in the secure application while the electronic device remains in the device lock mode.

Abstract: In one embodiment, a server computer may receive, from a client device, a request to download an application, wherein the client device is logged-in to a session associated with a user account in a communications system. In response to the request, a downloader module executable file may be appended with the login information and the authentication information. The server computer may transmit the downloader module executable file to the client device. In response to a second request (from the downloader module executable file), the server computer may transmit the installer file to the client device.

Abstract: There is provided a method comprising: receiving, by an apparatus of a data center, a request message from a server computer of said data center, the apparatus and the server computer being physically separate entities communicatively coupled with each other, said message requesting data center specific information stored into a read-only memory area of the apparatus; initiating deciphering of the request message in response to receiving the request message; and as a response to successfully deciphering the request message, transmitting a response message to the server computer, said message comprising the data center specific information acquired from the read-only memory area of the apparatus.

Abstract: A device may receive a trigger to determine whether a malicious file is operating on a client device. The device may determine a network activity profile associated with the malicious file based on receiving the trigger to determine whether the malicious file is operating on the client device. The network activity profile may include information regarding network activity associated with the malicious file when the malicious file is executed in a testing environment. The device may monitor network activity associated with the client device. The device may determine that the network activity associated with the client device matches the network activity profile associated with the malicious file based on monitoring the network activity associated with the client device. The device may provide information indicating that the network activity associated with the client device matches the network activity profile associated with the malicious file.

Abstract: Techniques are described for communicating encoded data using start code emulation prevention. The described techniques include obtaining at least one partially encrypted packet, identifying at least one portion of the packet that is unencrypted, and determining that the identified unencrypted portion(s) emulates a start code. Start code emulation prevention data or emulation prevention bytes (EPBs) may be inserted into only the encrypted portion of the packet. The modified packet may be communicated to another device/storage, along with an indication of which portion(s) of the packet are unencrypted. Upon receiving the packet and indication, the receiving device may identify and remove the EPBs in the identified unencrypted portion(s) of the packet, and decrypt the packet to recover the data. In some aspects, upon identifying the indication, the receiving device may only search for EPBs in the unencrypted portion(s) of the packet, thus yielding a more efficient start code emulation prevention process.

Abstract: A method securely scans a second web page linked to a first web page being displayed by a browser. The method identifies a target link to a second web page from one or more links contained within a first web page. Prior to receiving a user selection of the target link, the method prefetches content from the second web page and loads the prefetched content from the second web page into a safe cache on the client computing device before receiving the user selection of the target link. The method scans the prefetched content from the second web page for a security threat, within the safe cache, wherein the safe cache is configured to prevent the prefetched content from altering a memory location or storage location external to the safe cache. In response to identifying a security threat within the prefetched content, the method displays a warning to the user.

Abstract: Techniques are disclosed for enabling tenant hierarchy information to be migrated directly between different multi-tenant system (e.g., from a shared IDM system to a Nimbula system, or vice versa). A corresponding new tenant is created in a Nimbula system based on a combination of the tenant information and the service information from the shared IDM system. The Nimbula system extracts the tenant name and the service name from a request and asks the shared IDM system to verify that the user actually is a member of the tenant identified by the extracted tenant name. Upon successful authentication of the user, the Nimbula system requests the IDM system for roles that are associated with both the user and the extracted service name. The Nimbula system enable access to the service upon determining whether the requested operation can be performed relative to the specified service based on the roles.

Abstract: Embodiments are disclosed for limiting an attack surface of a server application by enforcing integrity of a message transmitted to the server application. An example method includes receiving, by communications circuitry of a receiving system hosting the server application, a message including specific message content and a token. The example method further includes determining, by authentication circuitry of the receiving system and using the specific message content, whether the token comprises a valid message integrity secure token. If the token comprises a valid message integrity secure token, the example method further includes performing, by response circuitry of the receiving system, an operation in response to the message. If not, the method may include generating, by the authentication circuitry of the receiving system, an error message. Corresponding apparatuses and computer program products are also provided.