Abstract: An approach is provided for securely authenticating an identity of a user participating in an electronic transaction. A request for a biometric identifier/security question is converted to a first Quick Response (QR) code. Based on user attributes and a request from the user's mobile device to a computer to initiate the transaction, the first QR code is disassembled into first and second portions. The first portion, but not the second portion, is sent to the mobile device. Responsive to the mobile device receiving and converting the biometric identifier/answer to the security question to a second QR code, and disassembling the second QR code into first and second portions, the second QR code is reassembled. The transaction is authorized based on whether the biometric identifier/answer matches a data repository record.

Abstract: A method for secure comparison of encrypted symbols. According to one embodiment, a user may encrypt two symbols, share the encrypted symbols with an untrusted third party that can compute algorithms on these symbols without access the original data or encryption keys such that the result of running the algorithm on the encrypted data can be decrypted to a result which is equivalent to the result of running the algorithm on the original unencrypted data. In one embodiment the untrusted third party may perform a sequence of operations on the encrypted symbols to produce an encrypted result which, when decrypted by a trusted party, indicates whether the two symbols are the same.

Abstract: A method for generating one or more secrets for use by members. The method includes sending a first request for connection with a second member, and sending a second request to connection with a third member. The method further includes receiving, by the first member from the second member, a second input after the first request is sent and after communication is initiated between the first member and the second member and receiving, by the first member from the third member, a third input after the second request is sent and after communication is initiated between the first member and the third member. The method further includes generating, using an n-bit generator executing on the first member, a message digest using a first input, the second input, and the third input, extracting a secret from the message digest, and storing the secret in a secrets repository on the first member.

Abstract: A security application for a computing device, e.g., a mobile phone, allows generation of a secret according to a unique user input (e.g., user credentials). The secret is stored in a directory such that it is retrievable when the unique user input is received via a user interface of a device on which the security application executes or is coupled with. Responsive to receiving an identifier associated with the secret, the security application prompts, e.g., via a user interface of the mobile phone, entry of the unique user input; and, subsequently, verifies the unique user input. Following such verification, the security application provides the secret for use in encoding a communication with a remote computer-based station. Entry of the user credentials may be required prior to the security application generating the secret, and may be responsive to receipt of an invitation (e.g., from the remote computer-based station) to generate it.

Abstract: Systems and methods for managing the identity of a user, for managing the identity of the user in a public storage facility, and for certifying pending transactions for a user are disclosed. One example method includes receiving, at an input device, personal data that identifies the user. The personal data is represented as input data. The input device is configured to process a hashing function to provide a hash value and user accessible interface for transmitting the hash value and a public key of the user to the public storage facility, e.g., block chain, and for receiving back from the public storage facility a transaction number corresponding to the hash value and the public key. In one example, the input device is configured to encrypt the hash value, a time stamp and the transaction number with a public key of a certification entity to provide user certifiable data to the certification entity. The certification entity is configured to access the public storage facility to verify the user.

Abstract: A security apparatus includes an encryptor configured to visually encrypt a target object, and a decryptor configured to decrypt an area corresponding to a decryption gesture in the encrypted target object, during a predetermined period of time.

Abstract: System and computer program product for allowing a computer to boot from a user trusted device. The computer comprises a long-term data storage device storing operating system (OS) services; and the user trusted device is connectable to the computer and stores: a boot loader, detectable and executable by a firmware of the computer, upon connection of the user trusted device to said computer; an OS loader for the OS; and one or more crypto drivers designed for allowing access to the OS and data, stored encrypted on said data storage device. The user trusted device is designed to prevent unauthenticated access of each of: the boot loader; the one or more crypto drivers; and the OS loader, as stored thereon.

Abstract: A method and system for providing a secure network. The system can have a URL programming interface, a server, and a database connected to the server. The server can be configured to receive requests from the URL programming interface. The server can include a file manager, an authentication server, a resource server, and a collaboration server.

Abstract: A non-transitory computer readable storage medium having stored thereon instructions executable by a processor to perform operations including: responsive to determining that a correlation between a representation of the first portion of network traffic and a representation of a known exploit kit results in a score above a first prescribed score value, classifying the representation of the first portion of the received network traffic into an exploit kit family corresponding to the representation the known exploit kit; and responsive to determining that the score is below the first prescribed score value and above a second prescribed score value, (i) analyzing the representation of the first portion of the received network traffic, and (ii) processing, within a virtual machine, a second portion of the received network traffic to determine whether processing of the received network traffic results in behavior indicative of an exploit kit is shown.

Abstract: A method, and a system are provided for implementing cloud based malware container protection. A container is provisioned for a user. The container is monitored, and when an abnormal activity is detected based upon historical metric data, a unikernel is provisioned and a user application is migrated to the unikernel while inspection occurs.

Abstract: A method is disclosed for deterring the reverse engineering of computer software code. The method involves the recognition of an unauthorized access attempt by one of a plurality of linked sub-processes embedded in the computer software code. In response to the unauthorized attempt, each of the sub-processes begins a recursive execution, resulting in computer system resources being increasingly diverted to the linked sub-processes, making it difficult to continue unauthorized attempts to access the computer software code.

Abstract: An energy management system comprises one or more appliances, a remote device, and a communication device. In one embodiment, the communication device forms a physical connection with the remote device and thereafter a physical connection with an associated appliances. The first physical connection binds the communication to the remote device, thereby forming a secure connection over which inputs and outputs can be exchanged between the remote and the associated appliance when the communication device is connected to the appliance.

Abstract: Systems and method for authorizing third-party authentication to a service are disclosed herein. As exemplary method includes an online service provider subsystem, which is configured to provide a service, 1) receiving a request from a user to use a third-party authentication service to authenticate the user to the service, 2) directing, in response to the request, the user to authenticate to the third-party authentication service, 3) receiving, from a third-party subsystem that provides the third-party authentication service, a third-party user identifier for the user, 4) requiring the user to verify an identity of the user, and 5) authorizing, based on the verified identity of the user, use of the third-party user identifier to authenticate the user to the service. Corresponding methods and systems are also disclosed.

Abstract: A security system and method for authenticating a user's access to a system is disclosed. The security system receives an authentication request from the user and responds by generating a security matrix based on a previously stored user keyword and user preference data, the security matrix being different for each authentication request. The security system sends the security matrix to the user and awaits a one-time code in response to the security matrix. The user forms the one-time code based on the user keyword, the user preferences, and the security matrix. The security system validates the one-time code against the security matrix, the keyword, and the user preferences, and responds by sending an authentication result to the user that either permits or denies access to the system. Additionally, the security system sends a success or fail message to the system to be accessed.