Abstract: Embodiments described herein provide a privacy mechanism to protect user data when transmitting the data to a server that estimates a frequency of such data amongst a set of client devices. In one embodiment, a differential privacy mechanism is implemented using a count-mean-sketch technique that can reduce resource requirements required to enable privacy while providing provable guarantees regarding privacy and utility. For instance, the mechanism can provide the ability to tailor utility (e.g. accuracy of estimations) against the resource requirements (e.g. transmission bandwidth and computation complexity).

Abstract: Disclosed embodiments relate to securely caching and provisioning secrets for use in an offline process. Techniques include accessing, at an endpoint computing resource storing a secret, a first cryptographic key; encrypting the secret using the first cryptographic key; receiving, from an auxiliary device, a second cryptographic key; encrypting the encrypted secret with the second cryptographic key to produce an encrypted block; sending, without using a network connection, the encrypted block to the auxiliary device for decryption; receiving, from the auxiliary device and without using a network connection, a decrypted version of the encrypted block; and decrypting the encrypted secret with a cryptographic key corresponding to the first cryptographic key.

Abstract: Methods and systems for classifying malicious locators. A processor is trained on a set of known malicious locators using a non-supervised learning procedure. Once trained, the processor may classify new locators as being generated by a particular generation kit.

Abstract: In a method for enabling support for backwards compatibility in a User Domain, in one of a Rights Issuer (RI) and a Local Rights Manager (LRM), a Rights Object Encryption Key (REK) and encrypted REK are received from an entity that generated a User Domain Authorization for the one of the RI and the LRM and the REK is used to generate a User Domain Rights Object (RO) that includes the User Domain Authorization and the encrypted REK.

Abstract: Disclosed are various embodiments for using an audio interface device to facilitate authentication for other devices. An authentication service causes a first client device to present an authentication code via an output device of the first client device. The authentication service receives the authentication code from a second client device. The second client device is in an authenticated state for access to an account, and the second client device received the authentication code from an environmental sensor while in a listening mode. The authentication service authenticates the first client device for access to the account in response to determining that the authentication code received from the second client device matches the authentication code presented by the first client device.

Abstract: Once information requesting superseding of a log-in through an authentication app is obtained from a service provision app on a user terminal, a service provision server transfers authentication request response information to the service provision app and, after an authentication redirection request thereof is transferred to the authentication app and then server challenge request information is obtained, server challenge request response information is transferred to the authentication app, thereby supporting the determination as to whether or not certificates of the server and the app are valid, an authentication result message including information on the validity is obtained from an authentication server, a predetermined access token is transferred to the service provision app, and thereby the log-in is handled by providing support such that a service can be used.

Abstract: Systems and techniques are disclosed for secure storage and searching of information on insecure search systems. One of the methods is implemented by a system of one or more computers being in communication with clients and search engines. A request associated with storage of client information in a search engine is obtained. First cryptographic information is generated based on a portion of the client information, such that the first cryptographic is to be utilized for indexing by the search engine. Second cryptographic information is generated based on performing an order-preserving encryption process on portion of the client information, such that the second cryptographic information is to be utilized to recover order associated with information included in the portion. The first cryptographic information and the second cryptographic information are provided for storage in the search system.

Abstract: This invention provides a method for managing a transaction right in a digital rights management server. The transaction right is the right to a transaction of a utilization right of a digital content item. The method comprises steps of obtaining an attribute associated with the digital content item from metadata of the digital content item; and generating the transaction right on the basis of a pre-stored rule and the attribute of the digital content item. Since the transaction right is generated on the basis of the attribute of the digital content item, or in other words, the transaction right is dependent on the attribute of the digital content item, the generated transaction right of digital content items can be different if the corresponding attribute associated with the digital content items are different. Furthermore, in additional to the metadata, the generation of the transaction right only requires the pre-stored rule, resulting in affordable complexity and cost.

Abstract: A system for detecting a non-targeted attack by a first machine on a second machine is provided. The system includes an application that includes instructions configured to: extract network data corresponding to traffic flow between the first and second machines, where the second machine is implemented in a cloud-based network; identify a first suspect external IP address based on the network data; calculate features for the first suspect external IP address, where the features include exploration type features and exploitation type features; train a classifier based on predetermined examples and the features to generate and update a model; classify the first suspect external IP address based on the model and at least some of the features; and perform a countermeasure if a classification provided from classifying the first suspect external IP address indicates that the first suspect external IP address is associated with a malicious attack on the second machine.

Abstract: A cyber-security system and method for proactively predicting cyber-security threats are provided. The method comprises receiving a plurality of security events classified to different groups of events; correlating the plurality of received security events to classify potential cyber-security threats to a set of correlation types; determining a correlation score for each classified potential cyber-security threat; and determining a prediction score for each classified potential cyber-security threat, wherein the prediction score is determined based in part on the correlation score.

Abstract: A method of securely supporting at least one application for use on a wireless device, including storing a plurality of locations, storing a plurality of public asymmetric keys for encryption of the plurality of locations, providing an interface for a virtual store, providing the location of a plurality of authorization files, displaying a list of applications available for the wireless device, presenting content associated with the list of applications available for the wireless device, receiving a customer selection of an application, creating an authorization file comprising the location of the application, storing the plurality of authorization files, providing an authorization file, authorizing one of the plurality of locations based on decryption of at least one of the plurality of public asymmetric keys, and installing on the wireless device the user selected application.

Abstract: A security application for a computing device, e.g., a mobile phone, allows generation of a secret according to a unique user input (e.g., user credentials). The secret is stored in a directory such that it is retrievable when the unique user input is received via a user interface of a device on which the security application executes or is coupled with. Responsive to receiving an identifier associated with the secret, the security application prompts, e.g., via a user interface of the mobile phone, entry of the unique user input; and, subsequently, verifies the unique user input. Following such verification, the security application provides the secret for use in encoding a communication with a remote computer-based station. Entry of the user credentials may be required prior to the security application generating the secret, and may be responsive to receipt of an invitation (e.g., from the remote computer-based station) to generate it.

Abstract: Embodiments are direct to monitoring communication between computers may be using network monitoring computers (NMCs). Network packets that are communicated between the computers may be captured and stored in a data store. If the NMCs identify a secure communication session established between two computers, the NMCs may obtain key information that corresponds to the secure communication session that includes a session key that may be provided by a key provider. Correlation information associated with the secure communication session may be captured by the NMCs. The correlation information may include tuple information associated with the secure communication session. And, the key information and the correlation information may be stored in a key escrow. The key information may be indexed in the key escrow using the correlation information.

Abstract: Techniques are described that generally relate to centralized vulnerability discovery and management of disparate network-connected devices. A computing device connected to a network determines vulnerabilities for devices connected to the network. The computing device identifies the devices connected to the network and determines vulnerability information for the network-connected devices using one or more remote sources of vulnerability information. For example, the computing device may access websites containing vulnerability or security information, e.g., by performing web searches on a periodic basis, subscribing to one or more web-based feeds of vulnerability information, or the like. The computing device performs a variety of operations (e.g., ranking vulnerabilities, applying patches, sending notifications, or the like) for the network-connected devices based on the vulnerability information.

Abstract: A hydraulic excavator (1) includes a wireless authentication device (52) performing wireless authentication with a portable key device (51) and a vehicle body controller (48) for starting an engine (15) based on authentication by the wireless authentication device (52) and an operation of a start switch (12). The wireless authentication device (52) transmits a request signal within an authenticable range and performs authentication when it receives an ID code for authentication replied from the portable key device (51) based on the transmitted request signal. The vehicle body controller (48) prohibits driving of a hydraulic actuator (5E, 5F, 5G, 5H, 2E, 2F, 3A) when the portable key device (51) is outside of the authenticable range even if a gate lock lever (13) has been switched to an unlock position.

Abstract: A method for managing certificates includes the steps of transmitting, over an electronic network by an electronic device of a client, a certificate request to a certificate management portal separate from the client, establishing an interaction with an electronic interface of a certificate authority by the certificate management portal; generating, by the certificate authority, a certificate package, delivering the generated certificate package to the certificate management portal, and downloading from the certificate management portal, by the client, at least one certificate of the delivered certificate package.

Abstract: Systems, apparatuses, methods, and computer readable mediums for modeling malicious behavior that occurs in the absence of users. A system trains an anomaly detection model using attributes associated with a first plurality of events representing system activity on one or more clean machines when users are not present. Next, the system utilizes the trained anomaly detection model to remove benign events from a second plurality of events captured from infected machines when users are not present. Then, the system utilizes malicious events, from the second plurality of events, to train a classifier. Next, the classifier identifies a first set of attributes which are able to predict if an event is caused by malware with a predictive power greater than a threshold.

Abstract: User input into a user interface is symbolically represented to increase security. User input received into a user interface and a mapping is applied to the user input. A result of the mapping is provided. The user interface may be updated to include the result of the mapping and/or may be provided to another device, such as over a short range communication channel. A person who views or otherwise has access to the user interface does not obtain the user input, but the result of the mapping indicates whether the user input was provided correctly.

Abstract: A technique for assessing and quantifying a cyber security risk is provided that includes a cyber resilience platform for obtaining reliable data from a vast set of available metrics, standardizing the data, and extracting meaning from the data to inform cyber security decisions. The disclosed technique provides visibility of a dynamic cyberspace landscape by identifying key factors that impact types of cyber security risk. These key factors can be used to distinguish between users of different risk types for various cyber threats and to identify actions affecting loss probabilities associated with a cyber threat. Strengths and weaknesses in a customer's cyber security profile are identified, including configuration settings that impact the effectiveness of cyber security protection measures and a cyber security score indicative of the customer's risk exposure.

Abstract: A control system facilitates communication between a plurality of networked services. The control system includes a client agent associated with a first service of the networked services, and a destination agent associated with a second service of the networked services. The client agent includes an injection mechanism that intercepts a network request issued by the first service, transparently injects a token into the network request while the network request is in transit, and automatically transmits the network request to the second service in accordance with one or more security policies associated with the second service. The destination agent includes an interception mechanism that intercepts the network request, extracts the tokens from the network request, and determines whether to forward the network request to the second service.