Abstract: A method is provided for encrypting a code of a computer program using an encryption key selected from among at least two encryption keys. Such a method includes: obtaining a descriptive grammar of the language of the code to be encrypted; encoding the code by using the descriptive grammar delivering a character string within which at least one start instruction of the code is encoded as a representation in the character string; encryption of the character string by using the encryption key belonging to the set of encryption keys, delivering an encrypted string. A method of decryption includes the inverse steps and also makes use of the descriptive grammar of the code.

Abstract: A method for execution by a dispersed storage and task (DST) processing unit includes obtaining audit records for an audit object and determining when the audit object is complete. When the audit object is complete, aggregating the audit records of the audit object within the audit object by generating the audit object to include the audit records; generating identifier (ID) information and generating integrity information. Fields of the audit object are populated with the audit records, the ID information, and the integrity information and a name of the audit object is determined for storage of the audit object and the name of the audit object in a dispersed storage network (DSN).

Abstract: Systems and methods are provided to allow a smart phone or any terminal to activate a door lock using a web site or server computer system. An access control system is provided that includes a server and an access device. The access device includes a processor and a communication module. The process has control of a door lock and is able to receive a reservation certificate presented by a portable terminal through the communication module. The processor activates the door lock when a current reservation certificate has been presented.

Abstract: A management apparatus includes an assignment unit, a receiver, and a storage unit. The assignment unit assigns issuance privilege key information representing privilege to issue document IDs to one or more processing apparatuses. Each of the one or more processing apparatuses is located on one of local networks and is configured to execute a protection process to generate a protected document from a document. The receiver receives from the one or more processing apparatuses document IDs issued for protected documents by the one or more processing apparatuses. The storage unit stores the document IDs received by the receiver. Each of the document IDs includes the issuance privilege key information assigned by the assignment unit to the one or more processing apparatuses, and information indicating identity of a document ID issued by one of the one or more processing apparatuses.

Abstract: Technical solutions are described automatically filtering user images being uploaded to a social network. An example computer-implemented method includes detecting an image file, which contains an image of a user, being uploaded to the social network server. The method further includes determining compliance of the image file with a predetermined profile associated with the user. The method further includes, in response to the image failing to comply with the predetermined profile, modifying the image file to generate a modified image file, and uploading the modified image file to the social network server.

Abstract: An error correction circuit for a physical unclonable function (PUF) circuit includes a redundant bits memory, an output rectifier circuit, an error comparator, error counter, error bits memory, error update comparator, output update circuit, and a redundant bits update circuit. The error correction circuit identifies permanent error bits in a set of output bits of the PUF circuit, eliminates the permanent error bits, and generates a set of updated output bits.

Abstract: The present disclosure discloses a method of allowing WebView to verify the source context, source reputation, integrity and/or security level of a web content and inform the user with regards to the security and blocks web contents that are determined harmful or inappropriate. In one embodiment of the present disclosure, the WebView checks a trusted data source to see if the visited web content has been labeled or flagged as suspect, safe or unsafe by initiating a connection to a trusted third-party database using a to determine whether or not the URL is associated with a domain that has been classified or labeled as safe or unsafe. The WebView then informs the user about the security level, suspect quality, reputation and/or integrity of the web content through a visual indicator or it can redirect the user to a warning page explaining why access to the site is prohibited, or it can block access without warning.

Abstract: A method includes detecting a storage device and determining whether the storage device has been checked-in for use with at least a protected node. The method also includes granting access to the storage device in response to determining that the storage device has been checked-in for use with at least the protected node. The method further includes storing data identifying file activity involving the storage device on the storage device. The data could identify all files copied to or from the storage device and all file activity that is blocked from occurring on the storage device. The method may also include copying one or more log files stored at the protected node onto the storage device, and storing the data identifying the file activity may include appending data identifying details of the file activity to the one or more log files.

Abstract: A system and methods for permitting open access to data objects and for securing data within the data objects is disclosed. According to one embodiment of the present invention, a method for securing a data object is disclosed. According to one embodiment of the present invention, a method for securing a data object is disclosed. The method includes the steps of (1) providing a data object comprising digital data and file format information; (2) embedding independent data into a data object; and (3) scrambling the data object to degrade the data object to a predetermined signal quality level. The steps of embedding and scrambling may be performed until a predetermined condition is met. The method may also include the steps of descrambling the data object to upgrade the data object to a predetermined signal quality level, and decoding the embedded independent data.

Abstract: An identity authentication method includes sending, by a third-party application client, an operation request to a third-party application server, in response to receiving a first operation indication for requesting to perform a target operation, the operation request requesting the third-party application server to perform the target operation, and receiving, by the third-party application client, to-be-signed information from an authentication server via the third-party application server, in response to the operation request being sent, the to-be-signed information comprising a challenge random number.

Abstract: Existing approaches to security within network, for instance one M2M networks, are limited. For example, content might only be protected while the content is in transit between entities that trust each other. Here, the integrity and the confidentiality of content in an M2M network are protected. Such content may be “at rest,” such that the content is stored at a hosting node. Only authorized entities may store and retrieve the data that is stored at the hosting node, and the data may be protected from a confidentiality perspective and an integrity perspective.

Abstract: A method and system. A computer iteratively processes a unique condition digest of at least two condition digests in each iteration of a loop for a sufficient number of iterations to process all condition digests of the at least two condition digests. The processing in each iteration includes concatenating a reference digest with the unique condition digest of the iteration to generate a concatenand and hashing the concatenand to generate a hashed concatenand that serves as the reference digest for the next iteration if the next iteration is performed. Each unique condition digest is a different condition digest in each iteration of the loop. The regenerated reference digest of the last iteration of the loop is a last digest.

Abstract: A computer-implemented method provides an improvement in security breach detection and comprises using a broker computing device, sending an initial digital fingerprint of a computing device out-of-band for storing in a distributed data repository, wherein the initial digital fingerprint is based on initial security service data of the computing device; using a gateway computing device, remotely calculating a current digital fingerprint of the computing device based on current security service data of the computing device; using the gateway computing device, conducting a real-time out-of-band health check of the computing device based, at least in part, on the initial digital fingerprint stored in the distributed data repository; and using the gateway computing device, in response to conducting the real-time out-of-band health check, determining whether to restore the computing device with configurations consistent with the initial digital fingerprint stored in the distributed data repository.

Abstract: A method, information handling system (IHS) and a detection system for detecting a spoofed firmware image in an IHS. The method includes a processor triggering a controller to execute a diagnostic image for testing an image under test. At least one first test result is received from the controller executing the diagnostic image. The method further includes determining whether the first test result is a valid first test result. In response to determining that the first test result is not a valid first test result, the image under test is identified as a spoofed image that has failed testing. An error message is generated that identifies the image under test as being a spoofed image and the error message is stored to an error log.

Abstract: Systems and methods of assessing Wi-Fi network vulnerability and enforcing policy based thereon in a cloud-based security system include obtaining and storing security risk scores for a plurality of Wi-Fi networks based in part on analysis performed by user equipment in range of each of the plurality of Wi-Fi networks; detecting user equipment associated with the cloud-based security system either desiring to connect to or already connected to a Wi-Fi network; obtaining a security risk score of the Wi-Fi network; and enforcing policy for the user equipment based on the obtained security risk score of the Wi-Fi network.

Abstract: Provided is a method and a security module for determining or providing a device-specific private key for an asymmetrical cryptographic process. A device-specific private primary seed is reproducibly formed from a device-specific secret piece of data, and the device-specific private key is determined from the device-specific private primary seed.

Abstract: Disclosed is a method enabling increasing the security of storing and archiving digital data and adjusting the security level, which level can be selected on the basis of the type and use of the digital data. The method includes restructuring an original file in the form of a plurality of separate, identifiable blocks. Each block includes a field for the binary elements of the data, and a plurality of fields reserved for items of information that each indicate a useful characteristic related to the block, such as the unique identification code. The blocks are transferred to a plurality of dedicated storage sites. Each block corresponds to at least one storage site. A Cartographic Table is set up, containing the Identification Codes of the blocks and associating therewith the number and address(es) of the dedicated storage site(s), and is transferred into the memory of the system and made secure.

Abstract: Attacks with inserted data may be greatly thwarted with the disclosed innovation featuring systems and methods of using a governor. A governor may act directly in in-line processing to reduce and limit attack surfaces, enforcing validators pre-selected by applications and/or, in the absence of application preselection, selecting and validating validators separately. The applicability of such a technical improvement to system operations improves the technical operations of most any system with one or more applications that accept potential attack surface items, such as data, data fields and/or data types, from “open” or uncontrolled sources.

Abstract: Various systems and methods are provided that detect malicious network tunneling. For example, VPN logs and data connection logs may be accessed. The VPN logs may list client IP addresses that have established a VPN connection with an enterprise network. The data connection logs may list client IP addresses that have requested connections external to the enterprise network and remote IP addresses to which connections are requested. The VPN logs and the data connection logs may be parsed to identify IP addresses that are present in the VPN logs as a client IP address and in the data connection logs as a remote IP address. If an IP address is so present, user data and traffic data associated with the IP address may be retrieved to generate a risk score. If the risk score exceeds a threshold, an alert to be displayed in a GUI is generated.

Abstract: There are disclosed devices, system and methods for detecting malicious code existing in an internet advertisement (ad) requested by a published webpage viewed by a user. First, receipt of malicious code of the ad is detected, where that code may be malicious code that causes a browser unwanted action without user action. The content is wrapped in a java script (JS) closure and stripped of hyper-text markup language (HTML) content that would provide an extraneous count impression for the ad. The content is then executed in a behavior sandbox that prevents display of the malicious code and the unwanted action. When a security error results from this execution, it is discontinued, the content is not displayed and the unwanted action is intercepted. After execution in the behavior sandbox begins, the ad may be executed in browser sandbox that causes a first count impression for the ad.