Abstract: Aspects of the subject disclosure are directed towards providing feedback to users of multi-user system that has biometric recognition capabilities, so that a user knows whether the system has correctly associated the user with his or her identity. The feedback may include a display of a current camera view, along with visible identity information that is associated with each user in the view. The feedback may include per-user icons (e.g., tiles, thumbnail images and so on) by which a user visually confirms that he or she is correctly recognized. Any misrecognition may be detected via the feedback and corrected. Feedback may convey other information, such as the current interaction state/capabilities of a user.

Abstract: A method for providing an update of code on a memory-constrained device includes a) determining a minimum necessary compressed code space (MNCCS) of the update of code, b) dividing the update of code into a plurality of chunks, c) applying an All-Or-Nothing Encryption scheme (AONE) on each chunk, d) providing integrity information of least one intermediate ciphertext block of each AONE encrypted chunk, e) verifying integrity of the one or more intermediate ciphertext blocks based on the provided integrity information, f) providing the encryption key of the AONE for decryption of the update of code if integrity was verified, and g) decrypting the intermediate ciphertext blocks using the provided encryption key and updating the code.

Abstract: The disclosed tools include enhanced and flexible tools to enable users who may be business competitors to share non-generic data in a substantially generic and in a substantially equitable manner. The resulting incentive to more freely share data between competitors will benefit users such as brand owners and enhance content delivered to their end users based on shared data.

Abstract: Concepts and technologies disclosed herein are directed to modes of policy participation for feedback instances. According to one aspect, a system can receive an event associated with an active feedback instance operating in a runtime. The system can map the event to a policy participation level policy. The system can determine a new policy participation level for the active feedback instance according to the policy participation level policy.

Abstract: The present teaching relates to exchanging a key with a device. In one example, a secret value is generated. A message is transmitted to the device. The message includes information related to the secret value based on which the device is to create a cryptographic key. A visual code displayed on the device is captured. The visual code includes a first piece of information and a second piece of information. A key value is generated based on the first piece of information and the secret value. A test value is calculated based on the key value. It is determined whether the device is securely connected based on the test value.

Abstract: A vehicle processing device authenticates that an authorized user has requested an action by the vehicle, and generates an authentication acknowledgement message. At least two security devices being present within the cabin of, or close to, the vehicle during a predetermined period following an authentication trigger event that occurs while the user performs a predetermined sequence of authentication activities (i.e., button presses, operating the vehicle or a part of it, etc.) provides a basis for the authentication acknowledgement message. Typically, information unique to each security device has been associated with the vehicle at a service provider's server. The authentication acknowledgement may include an activation code that results from processing the information, unique to each security device, received from the security devices and other random information, such as date.

Abstract: Some embodiments provide a novel method for authorizing network requests for a machine in a network. In some embodiments, the method is performed by security agents that execute on virtual machines operating on a host machine. In some embodiments, the method captures a network request (e.g., network control packets, socket connection request, etc.) from a primary application executing on the machine. The method identifies an extended context for the network request and determines whether the network request is authorized based on the extended context. The method then processes the network request according to the determination. The extended context of some embodiments includes identifications for primary and secondary applications associated with the network request. Alternatively, or conjunctively, some embodiments include identifications for primary and secondary users associated with the network request.

Abstract: A resource security system may generate access rules for use in determining whether to grant or deny a request for access to a resource. In order to generate the access rules, the resource security system may select certain access request parameters and determine conditions associated with those parameters. The resource security system may generate mutually exclusive segments associated with a condition of each of the parameters. The resource security system may generate independent access rules based on the segments. The resource security system may then evaluate the performance of each of the access rules based on validity information corresponding to previously received access requests that satisfy the conditions of a particular access rule.

Abstract: The present invention relates to a method and system for managing profiles for use with touch systems. A user logs into a communal device using a pointer paired with a mobile device. The communal device is authenticated and retrieves the user's profile. The user profile is used to setup a workspace on the communal device. The workspace is granted access to the user's content on a content server. When the communal device has multiple users, each workspace may be shared or not depending on the user's requirements. Each pointer is individually identified to a particular user and workspace.

Abstract: Apparatuses, systems, methods, and computer program products are disclosed for automated event migration. A method includes aggregating a set of events from one or more servers to a trusted hardware device. Certain different events of a set of events may be associated with different service providers. A method includes identifying, on a trusted hardware device, a repeating event from a set of events. A method includes prompting a user to migrate subsequent instances of a repeating event from one service provider to a different service provider of a plurality of service providers. A method includes migrating subsequent instances of a repeating event, using a user's electronic credentials, from one service provider to a different service provider in response to the user accepting a prompt.

Abstract: Fully homomorphic encryption integrated circuit (IC) chips, systems and associated methods are disclosed. In one embodiment, an integrated circuit (IC) homomorphic processor chip is disclosed. The IC homomorphic processor chip includes at least one processor slice. Each processor slice includes local control circuitry, a numeric theoretic transform (NTT) butterfly unit, and on-chip memory. The NTT butterfly unit is responsive to the local control circuitry to operate in multiple modes for performing operations on encrypted data using homomorphic encryption. Each mode is associated with a different configuration of the NTT butterfly unit.

Abstract: A method includes acts for establishing a subscription for an entity. The method includes receiving, at a cloud service provider, a request from an entity to establish a subscription. The request includes credentials for the entity that are not proper credentials for an organization associated with the entity that the entity should use to access services for the organization. The method further includes performing a corrective action based on detecting one or more factors to determine that the entity is associated with the organization. The method further includes providing services based on the corrective action.

Abstract: The present invention includes: an electronic document receiving unit receiving an original electronic document; a text information extracting unit extracting text and text location information by analyzing content of the original electronic document; an image information extracting unit extracting an image and image location information by analyzing the content; a verification data generating unit generating original forgery falsification verification data by using at least one of the text and the text location information, the image and the image location information; and a secure electronic document generating unit generating a secure original electronic document after encrypting and inserting the original forgery falsification verification data in a preset position of the original electronic document.

Abstract: A network sensor, inserted into a mirror port of a network switch or router, may be configured to monitor the network traffic originating from an embedded device. Metadata in the network traffic may be passively extracted by the network sensor and transmitted to a server in order to monitor and analyze the behavior of the embedded device. The server may employ machine learning to distinguish typical behavior of the embedded device from atypical behavior. Further, code may be injected into the firmware of the embedded device, and the code may be programmed to broadcast a performance beacon whenever certain firmware functions are executed. A collection of the performance beacons may be analyzed at the server to reconstruct an execution path of the embedded device, and machine learning may be applied to determine whether the execution path is typical or atypical.

Abstract: The disclosed embodiments include systems and methods for dynamically managing privileged access for non-privileged accounts. Operations may include receiving a request from a computer device associated with a network account to access a privileged resource, wherein the network account lacks any privileged account membership enabling the network account to access the privileged resource. Operations may include authenticating the network account, and assigning, based on the authentication, privileged on-demand membership for the network account, wherein the privileged on-demand membership enables the network account to access the privileged resource. Operations may also include identifying that the network account should no longer have access to the privileged resource, and removing, based on the identification, the privileged on-demand membership for the network account.

Abstract: The authorization of unique computer peripheral specimens to connect to a host computer employs a computer connected device storing both a unique identifier matched by a digital fingerprint authenticating the unique identifier, a device driver on a host computer for communicating with the computer peripheral device, and a policy module that communicates with the host to determine the security policy for the computer peripheral device. The host computer decides whether to allow the computer peripheral device be used by the host, according to the security policy set by the policy module.

Abstract: Described herein are various technologies pertaining to authentication of integrated circuits by using external factors to affect or modify an output of a physically unclonable function (PUF) circuit. In an example, the output of the PUF circuit in response to a challenge signal can be sensitive to changes in environmental factors. In another example, the output of the PUF circuit can be sensitive to user-selectable configuration parameters of the PUF circuit. In yet another example, the output of the PUF circuit can be modified by additional circuitry external to the PUF circuit based upon one or more selectable or configurable inputs. A PUF-based device authentication system that uses external factors as authentication inputs to affect a challenge response of the device authentication system can enhance authentication capabilities by permitting multi-factor authentication.

Abstract: Embodiments of an invention for method, apparatus, and instructions for safely storing secrets in system memory are disclosed. In one embodiment, a processor includes a hardware key, an instruction unit, and an encryption unit. The instruction unit is to receive an encryption instruction and a compare instruction. The encryption instruction is to have a first plaintext input value. The compare instruction is to have a second plaintext input value. The encryption unit is to, in response to the encryption instruction, encrypt the first plaintext input value using the hardware key to generate a ciphertext value, and, in response to the compare instruction, decrypt the ciphertext value using the hardware key to generate a plaintext output value and compare the plaintext output value to the second plaintext input value.

Abstract: A cloud infrastructure security assurance service is enhanced to facilitate bursting of cloud applications into other cloud infrastructures. The security assurance service provides a mechanism to enable creation and management of secure application zones within a cloud infrastructure. When the security assurance service receives an indication that a workload associated with a cloud application triggers a cloud burst, the service is extended into a new cloud infrastructure. Once the security assurance service is instantiated in the new cloud infrastructure, it identifies the broad security requirements of the application, as well as the security capabilities of the new environment. Using this information, the security assurance service computes a minimal security environment needed by the cloud application for the burst operation.

Abstract: An information processing system includes circuitry that stores at least one secret key that corresponds to a public key. The circuitry also causes display, on a screen, of information corresponding to the public key and information corresponding to the secret key.