Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving first user input by a primary device from a primary input device, where the user input is provided by a user to the primary input device that is coupled to a primary device. Receiving second user input provided by the user to a secondary input device that is in communication with the primary device. Determining a user credential based on the first user input and the second user input, where at least one or the first input and the second input includes at least a portion of the user credential. Receiving an indication that the user is authentic based on the user credential, and, in response, enabling the user to further interact with the primary device.

Abstract: A method and device for classifying collected images. The method and device include instructions to compare a captured image to a known set of images to determine the location depicted therein; and applying a classification upon the image based upon the determined location depicted therein and whether the determined location indicates that the image has the potential to depict privacy sensitive information.

Abstract: Disclosed is a method implemented in an identity document including a microcircuit and a unit enabling the microcircuit to communicate with a terminal, the microcircuit being designed to permit the transmission of data obtained (directly or indirectly) from data memorized in a storage zone in response to a request received from the terminal, furthermore including the following steps: reception by the microcircuit of an identifier of the terminal; at least partial comparison of the identifier of the terminal and of at least one portion of an identifier stored in the microcircuit; and performance of a set action depending on the result of the comparison. An identity document in which such a method is implemented is also described.

Abstract: Techniques for processing blockchain data are described. Each contract participant of a plurality of contract participants in a blockchain generates, for a target contract, a paired temporary public key and private key generated based on an asymmetric encryption algorithm. Each contract participant sends the temporary public key to other contract participants. First signature data is generated by each contract participant signing data information including the target contract and temporary public keys of the contract participants by using the temporary private key. A contract participant encrypts predetermined contract information by using a regulatory key of a regulator to generate an encrypted contract signed by each contract participant using the temporary private key, to generate second signature data.

Abstract: Techniques are disclosed for managing session activity of SSO access across multiple data centers. Session activity of SSO access is managed across multiple geographically disperse computing systems clustered together to form a multi-data center (MDC) system. A first data center in the MDC system may implement session adoption to manage an SSO session of the user in the MDC system. Information about subsequent sessions established by other data centers may be adopted by the first data center. The first data center may obtain session activity data from each session that is adopted for the user. The session activity may be used to determine whether SSO session is active for the user across data centers in the MDC system. Authorization to access a resource at any data center in the MDC system may be granted based on the status of the SSO session using session adoption among the data centers.

Abstract: Systems and methods are provided for configuring and deploying decoy content over a network. The methods generate decoy content, including identifying information, based on information about network traffic in a virtual network associated with a user. Cause the decoy content to be sent in the virtual network. Determine, based at least in part on the identifying information, that at least the portion of the decoy content was used. In response to determining that the portion of the decoy content was used, alert the user that the decoy content was used.

Abstract: Methods and systems for security analysis include determining whether a process has an origin internal to a system or external to the system using a processor based on monitored behavior events associated with the process. A security analysis is performed on only processes that have an external origin to determine if any of the processes having an external origin represent a security threat. A security action is performed if a process having an external origin is determined to represent a security threat.

Abstract: The provisioning of a security token object to a user is disclosed. The security token object is used for accessing a computing resource through a client device, such as a mobile device. A security token object provisioning request may be received from the mobile device. In response, an authentication request may be transmitted. The user is authenticated against a user identity based upon a set of received identity credentials provided by the user. The extraction of a unique token identifier from the security token object is initiated, and completed without intervention from the user. The unique token identifier received from the client device is associated with the user identity in a data store. By providing the security token object, the user can gain access to the computing resource.

Abstract: A security manager configured to generate a plurality of learned security policies and provide at least one learned security policy and a security agent to a client machine for enforcement of the at least one learned security policy by the security agent on the client machine. The security manager configured to receive alerts from the security agent indicating anomalous behavior on the client machine.

Abstract: Methods, devices, and systems are provided for approving a transaction through an exchange of presented user contextual approval information and approval decryption. The user contextual approval information is generated by a user during a transaction, cryptographically signed, and provided to a transaction server. The user contextual data uniquely describes the transaction to the user and can be employed to aid a user in approving or validating the transaction in a subsequent approval action. In particular, a transaction may present the contextual approval information to a user in the form of an approval challenge message. The approval challenge message may be sent to a known user device via the transaction server in the form of a text or multi-media message. The user may respond to the message with an approval or denial response.

Abstract: A service provider (SP) network device or system can operate to enable a WiFi protected access 2 (WPA2) pass-through with a user equipment (UE) and further define various partitions between a physical access point (pAP) and a virtual AP (vAP) according to one or more virtual network functions (VNFs). The WPA2 pass-through can be an interface connection that passes through a computer premise equipment (CPE) or wireless residential gateway (GW) without the CPE or GW modifying or affecting the data traffic. One such partition, can include security functions, including authentication and authorization being initially at the CPE, while other network functions of the community WiFi network are virtualized and moved to the SP network. The SP network device can receive traffic data from a UE through or via the WPA 2 pass-through from a UE of a community Wi-Fi network at a home, residence, or entity network.

Abstract: A dongle (100) for controlling access to an interface (200) is provided. The dongle (100) includes a dongle memory (120) configured to communicatively couple to the interface (200), the dongle memory (120) comprising a program code (122) that includes authorized menus (122a), wherein the program code (122) is configured to authorize access to one or more menus on the interface (200).

Abstract: In an approach, an intermediary guest manager operates within a virtual machine hosted by a host machine and managed by a hypervisor. The intermediary guest manager manages one or more guest operating systems operating within the virtual machine and implements one or more security services for the guest operating systems. The security services provided to the guest operating systems may include system call filtering, memory protections, secure memory dumps, and others. In some cases, the intermediary guest manager consults a threat defense policy which contains a number of records, where each record has one or more triggers representing suspicious activity and one or more actions to take in response to being triggered. When the intermediary guest manager identifies a request, such as a system call or memory access, that meets the trigger of a particular record, the intermediary guest manager executes the associated actions to remediate the suspicious activity.

Abstract: Securing network devices by forecasting future security incidents for a network based on past security incidents. In one embodiment, a method may include constructing past inside-in security features for a network, constructing past outside-in security features for the network, and employing dynamic time warping to generate a similarity score for each security feature pair in the past inside-in security features, in the past outside-in security features, and between the past inside-in security features and the past outside-in security features. The method may further include generating a Coupled Gaussian Latent Variable (CGLV) model based on the similarity scores, forecasting future inside-in security features for the network using the CGLV model, and performing a security action on one or more network devices of the network based on the forecasted future inside-in security features for the network.

Abstract: Data in a portable electronic device is protected by using external and internal status detection means to determine if the device is misplaced, lost, or stolen. The device then takes, singly or in combination, one of several actions to protect the data on the device, including declaring its location to an owner or service provider, locking the device or specific functions of the device to disable all data retrieval functionality, erasing or overwriting all the stored data in the device or, where the data has been stored in the device in an encrypted format, destroying an internally-stored encryption key, thereby preventing unauthorized access to the encrypted data in the device.

Abstract: A system and method for providing secure communication between a source and a destination that is secured by secret sharing, during a vulnerability window in which all secret shares are collected in one or more points along the communication paths. Accordingly, during the regular operation of the communication protocol, a common random secret OTP is created by sending random bits from the sender to the receiver and the source is allowed to perform bitwise XOR operation between the information to be sent and the common random secret OTP, prior to using secret sharing. The results of the bitwise XOR operation are sent to the destination using secret sharing and the destination reconstructs the random secret and decrypts the received data, using the common established random secret. The common random secret is based on polynomial randomization being transferred from the source to the destination using secret sharing.

Abstract: Systems and methods are described for connecting a private network to the Internet through a remote wireless adapter. According to one embodiment, a remote wireless adapter sets up a tunnel with a network security device through a local area network (LAN) adapter of the remote wireless adapter and sets up a wide area network (WAN) connection through a wireless modem which is connected to the wireless adapter. The remote wireless adapter receives an outgoing data packet sent by the network security device through the tunnel and writes the outgoing data packet to the WAN connection. The remote wireless adapter also receives an incoming data packet through the WAN connection and forwards the incoming data packet to the network security device through the tunnel.

Abstract: Described herein is a method and system for wireless data transmission with network coding which limits encryption operations to a critical set of network coding coefficients in combination with multi-resolution and/or multi-description video coding. Such a method and system achieves hierarchical fidelity levels, robustness against wireless packet loss and efficient security by exploiting the algebraic structure of network coding.

Abstract: The present disclosure discloses a network access method performed at a computer server in connection with a social networking platform, comprising: receiving a network access request from a first social networking account at a first terminal to a second social networking account at a second terminal, the network access request for accessing a wireless network bound to the second social networking account, the first and second social networking account both being associated with the social networking platform; forwarding the network access request to the second social networking account, the network access request including the first social networking account and an identifier of the wireless network; receiving a feedback instruction sent by the second social networking account; and sending authorization information of the wireless network to the first social networking account when the feedback instruction is an access authorization instruction, the authorization information including verification informatio

Abstract: An added security feature on a mobile device to require an owner or an authorized user of the mobile device to provide a shutdown password to power off the mobile device is disclosed. The shutdown password is configured and set by the owner or the authorized user and stored internally in a data storage device of the mobile device. When so configured, the mobile device triggers a shutdown password input field to be displayed on the mobile device screen. The user of the mobile device must provide the shutdown password in order to power off the mobile device, thereby preventing unauthorized powering off of the mobile device and associated GPS and internal communications circuitry of the mobile device, allowing the mobile device to be tracked in the event of an emergency or when the mobile device is lost or stolen.