Abstract: In an embodiment, a data processing system comprises: one or more processors; one or more non-transitory computer-readable storage media storing sequences of instructions which, when executed by the one or more processors, cause the processor to perform: in a local data service, receiving a request for processing data; identifying one or more local policies applicable to the request; based, at least in part, on the one or more local policies, determining whether the request may be processed locally; in response to determining that the request may not be processed locally, transmitting the request to one or more remote brokers to cause the one or more remote brokers to determine a remote data service configured to process the request.

Abstract: A device may include one or more processors to receive network topology information of a network and device capability information of devices in the network; detect a threat to the network; determine threat information associated with the threat; select a security policy and an enforcement device of the network to enforce the security policy based on the network topology information, the device capability information, and the threat information; and perform an action associated with the threat based on the security policy and the enforcement device.

Abstract: Systems and methods of secure analytics using an encrypted analytics matrix are disclosed herein. An example method includes encoding an analytic parameter set using a homomorphic encryption scheme as a homomorphic analytic matrix; transmitting a processing set to a server system, the processing set including at least the homomorphic analytic matrix and a keyed hashing function; and receiving a homomorphic encrypted result from the server system, the server system having utilized the homomorphic encryption scheme and the keyed hashing function to evaluate the homomorphic analytic matrix over a datasource.

Abstract: A portable media system for a host computer system, and method of operation thereof, that includes: a controller in the portable media system for communicating clear information between the portable media system and the host computer system; and an encryption system in the portable media system for providing an encryption algorithm for the controller to decrypt cipher information for the host computer system.

Abstract: A method of extracting data from one or more data sources and loading the data into one or more destinations sources is disclosed. The method can include deploying data engines into one or more user network systems, receiving input with respect to a first data source, receiving input with respect to a second data destination, and receiving input with respect to one or more user-defined data stored on the first data source. The method can further include receiving input with respect to linking the first data source and second data destination to the deployed data engines and pinging, via data engines, for requests to extract and direct the user-defined data from the first data source, and retrieving, via the data engines, the user-defined data from the first data source and storing the retrieved user-defined within an intermediary database to be loaded it into the second data destination.

Abstract: In order to provide confidentiality protection, an encryption method, a decryption method, and related apparatuses are provided. An encryption device generates a first initial layer-3 message. The first initial layer-3 message includes a first part and a second part. The device generates a keystream for encrypting the first initial layer-3 message. The device performs an exclusive OR operation on the keystream and the first initial layer-3 message to generate a second initial layer-3 message. The second initial layer-3 message includes an encrypted first part of the first initial layer-3 message, an unencrypted second part of the first initial layer-3 message, and an encryption indication indicating that the first part of the first initial layer-3 message is encrypted. The device transmits the second initial layer-3 message to a network device. Small data comprised in the second initial layer-3 message is protected by the encryption.

Abstract: Systems, methods, and storage media implemented by a computer for enabling tracking of software are disclosed. Exemplary implementations may: receive marking input code corresponding to a computer program; identify locations of the marking input code that can be modified in ways that preserve functionality of the computer program; choose at least one code transformation with associated intrinsic constants; derive derived constants from the specific intrinsic constants; apply the at least one chosen code transformation, including injecting the derived constants into the marking input code; saving the results of the above steps on computer readable media as marked code; and save metadata including a list of the derived constants on computer readable media in a file that is separate from the marked code.

Abstract: A system and method for scrubbing data to be shared between organizations to test a joint solution, and for preventing the introduction of unscrubbed data. Each organization captures a subset of data, which may be customer data from a line of business. The first organization scrubs its data according to scrubbing rules, and then passes the scrubbed data to its test environment, while the second organization passes its unscrubbed data to its test environment. The scrubbed data is communicated to the second organization and is applied to the unscrubbed data in order to scrub it, and then communicate it to the first organization. Both organizations use the scrubbed data in their respective test environments to test the joint solution or joint testing. Scrubbing the data may involve scrubbing only specific data fields containing sensitive information.

Abstract: An electronic message is analyzed for malware contained in the message. Text of an electronic message may be analyzed to detect and process malware content in the electronic message itself. The present technology may analyze an electronic message and attachments to electronic messages to detect a uniform resource location (URL), identify whether the URL is suspicious, and analyze all suspicious URLs to determine if they are malware. The analysis may include re-playing the suspicious URL in a virtual environment which simulates the intended computing device to receive the electronic message. If the re-played URL is determined to be malicious, the malicious URL is added to a black list which is updated throughout the computer system.

Abstract: Systems and methods for providing network security include receiving, by a first server of a first network, data having a destination of a second network; determining, by the first server, a first set of actions to be taken based at least in part on the data, including transmitting the data to applications on the first server; converting, by the first server, the data into a first data structure; adding, by the first server, the data into a queue shared with a second server of the first computer network; reading, by the second server, the data in the form of the first data structure from the queue; determining, by the second server, a second set of actions to be performed based at least in part on the read data; converting, by the second server, the read data into a second data structure; and transmitting the converted data to the destination.

Abstract: An apparatus is provided for facilitating cross-platform authentication. The apparatus may include at least one memory and at least one processor configured to detect that a visual token includes data indicating one or more authentication credentials for accessing a communication device in response to scanning the visual token. The computer program code may further cause the apparatus to communicate the authentication credentials of the detected visual token to the communication device to request the communication device to determine whether the authentication credentials are valid for a user. The computer program code may further cause the apparatus to enable access to the communication device in response to receiving an indication from the communication device that the authentication credentials of the detected visual token are valid. Corresponding computer program products and methods are also provided.

Abstract: A secure computation system configured to perform multi-party computation on a value of a predetermined function whose argument includes secret data, comprises a plurality of server apparatuses; wherein the plurality of server apparatuses, comprise: storage units that store shares that are bases over (of) a finite field generated by performing secret sharing on the secret data; share expansion units that generate extended shares by expanding the shares; OR operation units that perform OR operations included in the predetermined functions using the extended shares; and NOT operation units that perform NOT operations included in the predetermined functions using the extended shares.

Abstract: A system, method, and computer program product are provided for identifying a file utilized to automatically launch content as unwanted. In one embodiment, a file is identified in response to a detection of unwanted code, the file utilized to automatically launch content. Additionally, it is determined whether an identifier associated with the unwanted code is included in the file. Further, the file is identified as unwanted based on the determination.

Abstract: An assigned share which is a proper subset of a subshare set with a plurality of subshares as elements, and meta information indicating values according to the elements of the subshare set or indicating that the elements are concealed values are stored. When a value according to a provided corresponding value according to a subset of the assigned share is not obtained from the meta information, a provided value according to the provided corresponding value obtained from the subset of the assigned share is outputted. When a value according to an acquired corresponding value according to a subset of an external assigned share, which is a proper subset of the subshare set, is not obtained from the meta information, input of an acquired value according to the acquired corresponding value is accepted. When the acquired value is inputted, a secret share value is obtained at least using the acquired value.

Abstract: A method for key rotation includes initiating key rotation for a user account of a multi-factor authentication platform enabling one-time password authentication using a first symmetric cryptographic key; generating, at an authenticating device, a second symmetric cryptographic key; transmitting, at the authenticating device, the second symmetric cryptographic key to the multi-factor authentication platform; configuring the multi-factor authentication platform and the authenticating device to disable authentication that uses the first symmetric cryptographic key; and configuring the multi-factor authentication platform and the authenticating device to enable authentication that uses the second symmetric cryptographic key.

Abstract: Methods, system and devices are provided that generate a sequence of sub-keys for cryptographic operations from a main key. The main key is operated on only once to generate the sub-keys of the sequence, with a transformation comprising one or more one-way functions. The respective bit values of the sub-keys of the sequence are set using respective bit values of the one or more one-way functions. Advantageously, deriving sub-key bits from respective output bits of one or more one-way functions removes or at least reduces correlations between the main key and the sub-keys, as well as between sub-keys, making it harder or even impossible to recover the main key or other sub-keys from a single sub-key, for example as found using a side-channel attack.

Abstract: A secure access control system configured to control access to sensitive data stored on disparate systems is disclosed. A first entity is designated to control access to second entity data. An authentication token, generated using a key derivation function, is used to authenticate the first entity. The authenticated first entity is granted access to second entity data. An access control interface is generated configured to selectively grant or withdraw access to second entity data. The access control interface identifies entities associated with respective access controls. The access control interface is instantiated on a first entity device. Activation indications of access controls is received over a network. Access to second entity data is accordingly granted or withdrawn. Access control transition event rules and/or access control transition time rules are retrieved.

Abstract: A method of using a smartcard may include detecting possible fraudulent use of a biometric sensor embedded within the smartcard and restricting, but not preventing, subsequent use of the smartcard after the possible fraudulent use has stopped. The restriction may include one or more of not permitting the bearer to make an action that they would normally be permitted to make, requiring a higher authorization confidence score than would normally be required before permitting the bearer to perform one or more actions, and requiring the bearer to pass a secondary authorization step before permitting the bearer to perform one or more actions.

Abstract: An example electronic device includes memory for storing a program for unlocking the first electronic device using a wearable electronic device; wireless communication circuitry; and one or more processors configured to execute the program stored in the memory to cause the electronic device to at least establish wireless communication, via the wireless communication circuitry, with the wearable electronic device when the wearable electronic device is in a wireless communication range of the first electronic device; determine whether the wearable second electronic device is authenticated for unlocking the first electronic device; determine whether the wearable electronic device is in a specific range of the first electronic device based on a signal transmitted from the wearable electronic device being worn; and unlock the first electronic device based on determining that the wearable electronic device is authenticated and is in the specific range of the electronic device.

Abstract: Various examples described herein are directed to systems and methods for managing an interface between a user and a user computing device. The user computing device may determine that an audio sensor in communication with the user computing device indicates a first command in a user voice of the user, where the first command instructs the user computing device to perform a first task. The user computing device may determine that the audio sensor also indicates a first ambient voice different than the user voice and match the first ambient voice to a first known voice. The user computing device may determine that a second computing device associated with the first known voice is within a threshold distance of the user computing device and select a first privacy level for the first task based at least in part on the first known voice.