Abstract: An electronic component includes a processor and a memory. The electronic component has a secure platform capable of storing at least one dual key pair and a corresponding digital signature. There is also a system including a host machine and an electronic component capable of being operated by the host machine. The electronic component has a processor, a memory, and a secure platform capable of storing at least one dual key pair and a corresponding digital signature. Another aspect describes a method, which includes reading a public key from an electronic component by a host machine, verifying the public key against a stored key in the host machine, digitally signing data using a private key from the electronic component, verifying the signed data against the stored key, and using the electronic component by the host machine only if the signed data and the public key are verified.

Abstract: Authenticating issues involving the re-authenticating of a first device that was previously authenticated are resolved by use of a second device which receives a notification of the failed authentication. The second device sends a response to the notification which is operable to facilitate re-authentication of the primary device and without requiring the user to provide credentials at the first device prior to obtaining the re-authentication at the primary device and/or without requiring the primary device to obtain a code to be entered into the secondary device and/or prior to the primary device being notified of a failure condition associated with the primary device.

Abstract: Decision trees can be securely evaluated with reasonable computation speed and bandwidth utilization. A user device encrypts input vectors using a client's public key in an additively homomorphic encryption system. A server computer effectively randomizes the decision tree for each use, such that a value indicative of a path resulting from applying an input vector to the decision tree is different each time the decision tree is used. The server computer homomorphically computes the evaluations of each decision node. The server computer provides the value indicative of the path through the decision tree as one part accessible by the client, and another part accessible by the server. The server computer uses the parts to look up a corresponding output value from a database of output values for each path. In this operation, only the output value corresponding to the combined parts can be retrieved, and only by the intended recipient.

Abstract: A security device may receive information identifying a set of conditions for providing countermeasure code to a client device. The security device may receive information identifying an action to be performed when the countermeasure code is executed by the client device, and may determine the countermeasure code to be provided to the client device when the set of conditions is satisfied. The security device may receive a request from the client device, and may determine a response to the request. The response may include response code for serving content of a web page to the client device. The security device may determine that the set of conditions has been satisfied, and may insert the countermeasure code into the response code. The security device may provide the response code and the countermeasure code to the client device, and the countermeasure code may cause the client device to perform the action.

Abstract: By a Web browser, an authentication screen is displayed based on HTML data received from a Web server, and authentication information inputted via the authentication screen is managed. Upon a display of the authentication screen, in a case where it is set to display an address of the HTML data as the identification information of the authentication screen, the address of the HTML data is displayed in a case where the title of the authentication screen does not exist, and in a case where it is set to not display the address of the HTML data as the identification information of the authentication screen, a predetermined character string is displayed in a case where the title of the authentication screen does not exist.

Abstract: The invention relates to a computer-implemented method for automated approval of a non-compliance of a modified configuration of a computer system with one or more compliance rules, the method comprising: receiving by a package management system a pre-approved modification pattern in form of a software package, deploying a modification pattern of the software package and providing compliance exception pre-approvals of the software package to a compliance management system, performing a compliance check of the resulting modified configuration of the computer system, in response to detecting a non-compliance with a compliance rule, comparing the detected non-compliance with the one or more pre-approved non-compliances, in response to a matching of the detected non-compliance with one or more of the respective pre-approved non-compliances, automatically approving the detected non-compliance by the compliance management system.

Abstract: Host name raw data from access logs of computers is grouped into distinct groups. At least one feature, an alphanumeric or alphabetic-only digest, is extracted from each group and its characters are ordered depending upon their frequency of use. Sampling is performed upon host names from a database of known normal host names to generate groups of randomly selected host names. Similar digests are also extracted from these groups. The digest from the raw data is compared to each of the digests from the normal host names using a string matching algorithm to determine a value. If the value is above a threshold then it is likely that the host names from the raw data group are domain-generated. The suspect host names are used to reference the raw data access log in order to determine which user computers have accessed these host names and these user computers are alerted.

Abstract: Provided is an output section that outputs data to outside; a condition storage section that stores an abnormal condition showing at least one of a characteristic of data to be outputted from the output section by means of malicious software and a characteristic of an operational pattern of the output section that results when the malicious software outputs data; and an output control section that prohibits output of data when at least one of a characteristic of data to be outputted from the output section and a characteristic of an operational pattern of the output section satisfies the abnormal condition.

Abstract: Disclosed are various embodiments for validating the identity of network sites. A communication session is established with a network site using a credential for the network site. A validation of the communication session is generated based at least in part upon a profile for the network site. The profile is derived from at least one previous communication session with the network site. An action is initiated in response to the validation when the validation indicates a discrepancy exists between the profile for the network site and the communication session with the network site.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving an enrollment biometric identifier of a user. Determining a matching threshold based on a characteristic of the enrollment biometric identifier of the user. Storing the matching threshold in an enrollment profile for the use in association with the enrollment biometric identifier.

Abstract: Techniques for utilizing a trusted platform module of a host device are described. According to various embodiments, a client device that does not include a trusted platform module (TPM) may leverage a TPM of a host device to provide trust services to the client device.

Abstract: Systems, methods, and apparatus to monitor mobile Internet activity are disclosed. An example method comprises determining if a media request originated from a desktop computer or a mobile device by inspecting a user agent identifier of the media request. The media request is blocked if the media request originated from the desktop computer, the blocking to prevent the media request originating from the desktop computer from affecting a media exposure monitoring result. If the media request originated from the mobile device, an identifier of the media requested by the media request in association with the mobile device is stored.

Abstract: The System Integrity Guardian can protect any type of object and repairs and restores the system back to its original state of integrity. The Client component is the user interface for administering the System Integrity Guardian environment. An administrator can determine which servers to protect, which objects to protect, and what actions will be taken when an event that breaches integrity occurs. The Monitor Agent component is the watchdog of the System Integrity Guardian that captures and addresses any event that occurs on any object being protected. The Server component includes the server and the Protected Object Central Repository. The authoritative copies are maintained, digital signatures are created and stored, objects are validated, and communication between the three units is performed.

Abstract: An example of security threat analysis can include generating a security threat hypothesis based on security data in a threat exchange server. A request for analysis based on the security data can be sent via communication links to at least one security monitored participant to analyze the security data. A response can be received from the at least one security monitored participant with information related to the completed security related task.

Abstract: An account management server, a communication device and a service device are provided for managing access to an account. The account management server, for example, includes, but is not limited to, a storage device configured to store identifying information for each of a plurality of service devices and configured to store an account associated with each of the plurality of service devices, and a processor communicatively coupled to the storage device, wherein the processor is configured to: receive identifying information from a communication device; identify at least one service device whose stored identifying information matches the received identifying information; and grant management access to the account associated with the identified at least one service device to the communication device.

Abstract: An approach is provided for generating privacy ratings for applications. A privacy ratings platform determines use information associated with one or more applications executing on one or more devices. By way of example, the use information is determined based, at least in part, on usage data associated with one or more input sources, one or more components, one or more categories of personal information, or a combination thereof associated with the one or more devices. The privacy ratings platform then processes and/or facilitates a processing of the use information to determine one or more privacy ratings for the one or more applications.

Abstract: There is provided an information processing device including an information storage unit configured to store information about a state in which a first secret key used during authentication is held in devices, and information about connection between the devices, and a communication unit configured to send the first secret key so that the first secret key is delivered to the devices based on the information stored in the information storage unit.

Abstract: Disclosed in some examples are methods, systems, and machine readable mediums which provide a security rating to an STA for a WLAN AP. Prior to connecting to an AP, the STA employs pre-connection logic in the STA to identify likely safe and likely unsafe APs. Once the user connects to an AP, the STA connects first in an untrusted mode. In the untrusted mode, the STA uses the network connectivity provided by the AP to establish a secure connection to a network-based WLAN trust service for post-connection security checks. If the AP passes the post-connection security checks, the STA may allow other applications to access the network connection provided by the AP.

Abstract: An embodiment includes a secure and stable method for sending information across a compute continuum. For example, the method may include executing an application (e.g., video player) on a first node (e.g., tablet) with a desire to perform “context migration” to a second node (e.g., desktop). This may allow a user to watch a movie on the tablet, stop watching the movie, and then resume watching the movie from the desktop. To do so in a secure and stable manner, the first node may request security and performance credentials from the second node. If both credential sets satisfy thresholds, the first node may transfer content (e.g., encrypted copy of a movie) and state information (e.g., placeholder indicating where the movie was when context transfer began). The second node may then allow the user to resume his or her movie watching from the desktop. Other embodiments are described herein.

Abstract: A device includes a security process unit (SPU) associated with a logical ring of SPUs. The SPU receives a packet with an address associated with a malicious source, and creates, based on the packet, an entry in a data structure associated with the SPU. The entry includes information associated with the packet. The SPU provides an install message to a next SPU in the logical ring. The install message instructs the next SPU to create the entry in another data structure, and forward the install message to another SPU. The SPU receives the install message from a last SPU, and sets a state of the entry to active in the data structure based on receiving the install message from the last SPU. The SPU performs a particular action on another packet, associated with the malicious source, based on the setting the state of the entry to active.