Abstract: Systems and method for alerting a user device based on a proposed anonymization of a contribution to a conversation thread via one or several location-based anonymization rules are disclosed herein. The system can include a user device that can have location-determining features that can determine a physical location of the user device; a network interface that can exchange data with a server via a communication network; and an I/O subsystem that can convert electrical signals to user-interpretable outputs in a user interface. The system can include a server that can: receive a contribution from the user device; determine an anonymization level for applying to the contribution; identify a potential identifier in the content of the contribution; anonymize the potential identifier according to the determined anonymization level; and generate and provide an alert to the user device.

Abstract: A peripheral and central device in a wireless network, such as a Bluetooth Low Energy network, may maintain privacy while connecting. During connecting energy in the peripheral device may be saved by linking an advertised address of the peripheral device to a resolvable private address of the central device, thereby providing an early indication if the central device is, according to the peripheral device, allowed to connect to the peripheral device. Hence a peripheral device performing such linking may have an improved resistance to a denial-of-service attack.

Abstract: An app of a mobile device registers the mobile device for a remote credential server (RCS) and receives a device token. When a credential for a remote asset is supplied on the mobile device it is routed to the RCS and stored external to the mobile device but referenced on the mobile device via an asset token. When the credential is needed, the device token and the asset token permit the RCS to authenticate and return the credential to or on behalf of the mobile device so that the mobile device can authenticate to and access the remote asset.

Abstract: Embodiments of systems, apparatuses, and methods to protect data stored in a storage system of a device from malware alternation are described. In some embodiments, a system receives an indication that the data is to be protected. In addition, the system further triggers an interrupt of the device and secures the data from the malware alternation.

Abstract: A system includes a vehicle communications platform (VCP) operatively disposed in a vehicle and a control device. The control device selects a privacy ON mode or a privacy OFF mode. The privacy ON mode enables the VCP to synchronize a privacy setting of a mobile communications device to a vehicle notification setting, and is triggered when the privacy setting of the device is on, and either at least one passenger is present in the vehicle or a user indicates that the VCP should synchronize the privacy setting to the vehicle notification setting. The privacy OFF mode inhibits the VCP from synchronizing the privacy setting to the vehicle notification setting, and is triggered when the privacy setting of the device is off, or no passengers are present in the vehicle, or the user indicates that the VCP should not synchronize the privacy setting to the vehicle notification setting.

Abstract: A method and apparatus for providing a security service for a vehicle-dedicated data channel in linking between a vehicle head unit and an external device is disclosed. The method of providing the security service for the vehicle-dedicated data channel may include: transmitting, to the terminal, a predetermined integrity verification request message for requesting integrity verification of application software and an operating system included in the terminal; receiving an integrity verification result message from the terminal, exchanging a plaintext symmetric key with the terminal when integrity of the operating system and the application software is successfully verified according to the integrity verification result message; and establishing a vehicle-dedicated data channel to the terminal and transmitting and receiving a packet encrypted using the plaintext symmetric key through the established vehicle-dedicated data channel when the plaintext symmetric key is successfully exchanged.

Abstract: A method for transmitting data between controllers in a vehicle network includes transmitting a first data code including an identification number. A second data code is transmitted including a length value of data codes to be transmitted. Data codes are transmitted by using the length value of the data codes to be transmitted. A random number and a position information value of the data codes to be transmitted are included in last and previously transmitted data codes.

Abstract: An apparatus and a method for encrypting and decrypting data in a device are provided. The apparatus includes a processor and a memory. The processor is configured to transmit a data command from an application to an encryption driver that executes in a kernel space, determine if the application is authenticated to perform the data command based on an access policy, transmit, when the application is authenticated, a first key to a cryptographic library that executes in an application space, and perform the data command based on the first key after receiving a response via the cryptographic library. The first key is stored in an encryption driver in the kernel space and is not available to applications in the application space.

Abstract: An integrated firewall provides security in a multi-tenant environment having a connection-based switched fabric directly connecting database servers which provide a plurality of database services with application servers hosting database service consumers each having a different database service consumer identity. The firewall functionality integrated into each database server provides access control by discarding communication packets which do not include a database service consumer identity and using the database service consumer identity in combination with an access control list to control access from the database service consumers to the database services. The access control includes address resolution access control, connection establishment access control, and data exchange access control based on said access control list.

Abstract: A component subsystem and a method for authenticating the component subsystem. The component subsystem may be installed in a host device. The method can include an authentication protocol, wherein the host device sends a test voltage value to the component subsystem which, in turn, generates a test voltage based on the test voltage value. The test voltage is applied to a test cell that includes a wordline, a bitline, and a memory film. A response voltage is read from the bitline and compared to an expected value. If the response voltage matches the expected value, host device and/or component subsystem functionality is enabled. If the response voltage does not match the expected value, the host device and/or component subsystem functionality is disabled.

Abstract: Systems for managing personalized access to shared online objects. A user accesses a server in a cloud-based environment, wherein the server is interfaced with storage devices that store one or more content objects. The server receives communications packets comprising at least one session attribute, wherein receiving the one or more communications packets is responsive, either directly or indirectly, to an act of the user to invoke a new content access session. The session attribute is used to generate personalized workspace properties that are based on explicitly-provided information or based on inferences that pertain to the invoked content access session. Access to content objects is personalized using explicit or inferred workspace session properties. Personalization includes any aspects of branding preferences, working group colleagues, roles, privileges, friends, etc. Personalization can be based on personalized workspace properties that are inferred based on rules or combinations of data.

Abstract: Techniques for providing information security threat assessment and amelioration are disclosed. The techniques may include obtaining fundamental data, obtaining document data, preparing fundamental instance nodes from the fundamental data, preparing document nodes from the document data, preparing edges between at least some of the nodes, storing the nodes and the edges in a manner that reflects a graph structure, and causing to be displayed at least a portion of a graph defined by at least one node and at least one edge.

Abstract: In one embodiment, a method is performed by a computer system. The method includes monitoring events in relation to files stored at multiple network nodes and, responsive to the monitoring, detecting that a new file has been created from an existing file. The method further includes accessing a stored file-family model of the existing file, the stored file-family model comprising interconnected nodes, wherein the interconnected nodes represent a plurality of overlapping file variants such that one of the interconnected nodes represents the existing file. In addition, the method includes logically connecting the existing file and the new file in the stored file-family model. The method also includes determining a primary file variant in the stored file-family model and, responsive to a determination that the existing file is not the primary file variant, notifying one or more users.

Abstract: A method includes receiving, from a first device at a second device, a message indicating that the first device is available to share a resource. The method includes transmitting, from the second device to the first device, a request to use the resource. The method includes, in response to acceptance of the request, transmitting data to the first device, wherein a multimedia capture setting of a multimedia capture device is adjusted based on the data. The method also includes receiving multimedia content at the second device, the multimedia content captured by the multimedia capture device based on the multimedia capture setting.

Abstract: A first collection including a first feature vector and a Q&A feature vector is constructed. A second collection is constructed from the first collection by inserting noise in at least one of the vectors. A third collection is constructed by crossing over at least one the vectors of the second collection with a corresponding vector of a fourth collection, migrating at least one of the vectors of the second collection with a corresponding vector of a fifth collection, or both. Using a forecasting configuration, a vector of the third collection is aged to generate a changed feature vector, the changed feature vector containing feature values expected at a future time. The changed feature vector is input into a trained neural network to predict a probability of the cyber-attack occurring at the future time.

Abstract: Methods, systems, and computer program products are included for performing module unloading in a protected kernel environment. A method includes loading a module into a kernel, the module including an exit function. The kernel provides, to a hypervisor, a memory location corresponding to the exit function of the module. A kernel protection feature is activated. After activating the kernel protection feature, the hypervisor detects an attempt to execute the exit function. The hypervisor determines that the attempt to execute the exit function corresponds to the memory location provided to the hypervisor. Based on the determining, the hypervisor allows execution of the exit function.

Abstract: A computer receives a set of objects from a client, whereby at least one of the objects of the set are respectively associated and encrypted with a unique file encryption key (FEK). The computer encrypts each of the FEKs with a common master encryption key, MEK, resulting in respective locked keys. In an initial backup, the encrypted objects together with their associated locked keys are transmitted to a backup server where a first module determines if locked key has changed via referencing an encryption state associated with the encrypted objects. If an MEK has changed, the existing FEKs are re-encrypted with the changed MEK to generate new locked keys, and, in a subsequent backup operation, sending the new locked keys to the backup server to replace the existing locked keys, while avoiding transmitting to the backup server the objects whose associated FEKs are affected by the changed MEK.

Abstract: A set of collections of forecasted feature vectors is selected from a repository for a future time window after a present time, a cyber-attack being in progress in a data processing environment at the present time, a collection in the set having feature vectors that are indicative of an event related to the cyber-attack in a region of the environment at a discrete time. The events corresponding to the collections in the set are classified into a class of cyber-attack. From a mapping between a set of phases of the cyber-attack and a set of classes, a phase is determined that corresponds to the class. The determined phase is predicted as likely to occur during the future time window in the region.

Abstract: A method and server are provided for sending a secure message from a first computing device to a second computing device. A first computing device sends an encrypted, secure message a message server. The message server processes the secure message to unencrypt and separate the secure message contents into two or more separately downloadable message parts. The server sends a complex link to the second computing device, or sends a complex link to the first computing device for sending to the second computing device. When the complex link is selected by a user of the second computing device the server transmits a first part of the message to the second computing device. After transmitting the first part, the server then separately transmits a second part of the message to the second computing device.

Abstract: Digital data is optically broadcast through an environment by controllably switching the brightness or chrominance of LED solid state lamps, or of other illumination sources (e.g., television screens and backlit computer displays). This optical data channel is useful to convey cryptographic key data by which devices within the environment can authenticate themselves to a secure network. In some embodiments, the optical modulation is sensed by the camera of a smartphone. The row data output by the smartphone's camera sensor is processed to extract the modulated data signal. In some monochrome embodiments, data communication speeds far in excess of the camera's frame rate (e.g., 30/second), or even the camera's row rate (e.g., 14,400/second) are achieved. Still greater rates can be achieved by conveying different data in different chrominance channels. A great number of other features and arrangements are also detailed.