Abstract: In various embodiments, a method comprises detecting a removable media device coupled to a digital device, authenticating a password to access the removable media device, injecting redirection code into the digital device, intercepting, with the redirection code, a request for data, determining to allow the request for data based on a security policy, and providing the data based on the determination. The method may further comprise selecting the security policy from a plurality of security policies based, at least in part, on the password and/or filtering the content of the requested data. Filtering the content may comprise scanning the data for malware. Filtering the content may also comprise scanning the data for confidential information.

Abstract: A method for protecting data integrity through an embedded system having a main processor core and a security hardware module. The method includes the following: the main processor core generates transmit data, the security hardware module calculates a transmit message authentication code from the transmit data, the main processor core links the transmit data and the transmit message authentication code to form a transmit message, and the main processor core transmits the transmit message to a receiver.

Abstract: A portable biometric authentication device communicates with a terminal device using near field communication (NFC). The portable biometric authentication device includes; a NFC antenna, a power supply circuit that generates at least one power voltage in response to an electromagnetic field generated by the terminal device and received via the NFC antenna, a sensor subsystem that operates in response to the at least one power voltage and includes a biometric sensor that acquires biometric information from a user, and a control subsystem that operates in response to the at least one power voltage and includes a NFC controller that controls the communication of the biometric information to the terminal device using the NFC antenna.

Abstract: Embodiments described herein combine both glyph technologies and cryptography technologies by encrypting data with a private key of an entity tasked with issuing controlled documents, and then converting the resulting encryption as a visual glyph, such as a QR code. This permits validation of the printed document by scanning the QR code using a smartphone and decrypting using the issuing entity's public key. In some embodiments, a purpose-built software application executed by the smartphone may automatically recognize QR codes on a document presented for review and then automatically decrypt the QR code using the public key of the issuing entity. A user performing the validation may then compare the document's content with the decrypted data on the smartphone.

Abstract: Methods, non-transitory computer readable media, access policy management apparatuses, and enterprise network systems that facilitate adaptive organization of web application access points in webtops are disclosed. With this technology, access points for web applications are more effectively presented in webtops to facilitate more efficient access to web applications by clients. In particular, this technology utilizes historical application access pattern data to determine a subset of allowed web applications most likely to be accessed in a current session, and generates and provides a webtop with access points for web applications organized based on the determined subset of the allowed web applications. Thereby, this technology facilitates adaptive webtops that reduce the amount of time required to locate access points for web applications and improve user productivity.

Abstract: A machine implemented method for protecting at least one edge node in a network of nodes is provided. The method comprising: communicatively coupling said at least one edge node with a proxy node; providing an application for said at least one edge node in an isolated area associated with said at least one edge node at said proxy node; determining that an update for said at least one edge node is required; increasing a reboot frequency of said at least one edge node following said determination that an update is required; and increasing a reboot frequency of said proxy node following said determination that an update is required.

Abstract: Disclosed is a system for detecting an attack, which includes a server and a plurality of vehicles capable of wirelessly communicating with each other. Each of the vehicles has a sensor, a sensor information acquisition unit, a traffic information reception unit, and a transmission unit that transmits the sensor information and the traffic information to the server. The server has a reception unit that receives the sensor information and the traffic information from the vehicles, a verification unit that verifies whether the sensor information and the traffic information are inconsistent with each other, and a notification unit that notifies, when the sensor information and the traffic information are inconsistent with each other, the vehicles of the inconsistency.

Abstract: A method for execution by a dispersed storage and task (DST) processing unit includes: generating an encoded data slice from a dispersed storage encoding of a data object and determining when the encoded data slice will not be stored in local dispersed storage. When the encoded data slice will not be stored in the local dispersed storage, the encoded data slice is stored via at least one elastic slice in an elastic dispersed storage, cryptographic material and an elastic storage pointer indicating a location of the elastic slice in the elastic dispersed storage are generated, and the cryptographic material and the elastic storage pointer are stored in the local dispersed storage.

Abstract: A method for distributing a quantum digital key is described. The method comprises the use of an optical broadband source to generate an optical broadband signal. The optical broadband signal may be transmitted from a first party to a second party through an optical communication channel. The optical broadband signal may be transmitted with a low brightness, such as less than one photon/(sec-Hz), so as to be immune from passive attacks. Furthermore, a method for detecting the presence of active attackers is described. The method may comprise a coincidence measurement configured to measure the level of entanglement between an optical detection signal and an optical idler signal.

Abstract: In order to configure an access point, the access point requests information specifying an associated cloud-based controller when the access point is first turned on at a user location. In particular, the access point may provide, to a configuration device, a controller query requesting information specifying a unique network address of a cloud-based controller associated with the access point. This controller query may include an identifier of the access point (such as a serial number). Then, the access point receives, from the configuration device, the information specifying the unique network address of the cloud-based controller, such as a fully qualified domain name of the cloud-based controller. Note that the cloud-based controller may be one of multiple cloud-based controllers from different providers, and the access point may be associated with the cloud-based controller based on the received information specifying unique network address.

Abstract: An information processing device (1) includes: a Syscall instruction monitoring part (313) configured to monitor at least an instruction to pass processing to a kernel (35) of an OS among instructions issued to a CPU (11); and an exclusive loader (201) configured to load a monitoring software (31) functioning as the Syscall instruction monitoring part (313) at region A in a RAM (30), the monitoring software set at ring 0 that is higher than ring (2) set for the kernel (35) of the OS. Even when an access is tried to a resource by executing a malicious program, the access can be detected and intrusion of the malicious program to the kernel can be blocked.

Abstract: A computerized method of managing a computer remote session operation, comprising providing a server for hosting application execution; configuring a number of predefined user accounts with low security permissions on said server, where said user accounts are not tied to any specific real user; Whenever a remote user requests to start a remote session, finding an available user account not currently in use on said computer, allocating it for the remote session and marking it as unavailable for subsequent session requests; Generating a one-time password for said user account; Communicating the assigned user account identifier and temporary password to client component on the user's side, either directly or through an intermediate broker, causing the client component to connect to the server using said user account identifier and temporary password; and, upon termination of the remote session, deleting the assigned user account's data and marking it as available again.

Abstract: Technologies for a distributed Internet of Things (IoT) system are disclosed. Several IoT devices may form a peer-to-peer network without requiring a central server. Information may be stored in a distributed manner in the distributed IoT system, allowing for storing information without transmitting it to a remote server, which may be costly and introduce security or privacy risks. Each IoT device of the distributed IoT system includes a machine learning algorithm that is capable of uncovering patterns in the input of the distributed IoT system, such as a pattern of user inputs in certain situations, and the distributed IoT system may adaptively anticipate a user's intentions.

Abstract: A virtual private access method implemented by a cloud system, includes receiving a request to access resources from a user device, wherein the resources are located in one of a public cloud and an enterprise network and the user device is remote therefrom on the Internet; forwarding the request to a central authority for a policy look up and for a determination of connection information to make an associated secure connection through the cloud system to the resources; receiving the connection information from the central authority responsive to an authorized policy look up; and creating secure tunnels between the user device and the resources based on the connection information.

Abstract: Techniques for generic authentication with arbitrary services are provided. A request to authorize with a first service, of a plurality of services, using the OAuth protocol, is received by a generic client library, from a first application. A set of parameters specific to an implementation of the OAuth protocol provided by the first service are identified in a configuration file. An HTTP request is generated based on the set of parameters identified in the data structure, and the first application is authorized with the first service via the OAuth protocol using the generated HTTP request.

Abstract: A network traffic system includes a network traffic mangling application for modifying a signature of packets that are transmitted in the network traffic system. The network traffic mangling application includes a user module control agent and a kernel module for executing the network traffic mangling application. The user control module agent modifies and mangles the behavior of the kernel module and communicates with the kernel module.

Abstract: A method and system for performing an operation on protected sensitive data. A processor of a data processing system receives, from a computing system: (i) the protected sensitive data, (ii) an identification of an operation that accesses and utilizes the protected sensitive data during performance of the operation, and (iii) a request to perform the operation, wherein the computing system is external to the data processing system. The processor de-protects the received protected sensitive data, which generates unprotected sensitive data from the protected sensitive data. The processor performs the operation, which includes accessing and utilizing the unprotected sensitive data and generating a result. After the operation is performed, the processor re-protects the unprotected sensitive data, which restores the protected sensitive data. The processor sends the result to the computing system.

Abstract: The present disclosure relates to techniques for helping targeted users determine whether it is safe to supply personal information requested by a web site. In one embodiment, a method generally includes extracting textual content from a web page that requests information from a user and determining, based on the textual content, the type of information requested. A service type the web page provides is also determined based on the textual content. The service type and the information type are then compared to a set of predefined rules to determine a risk level associated with the web page. A visual indicator of the risk level is then displayed with the web page.

Abstract: A method to create autonomous decision logic (ADL) may include receiving a request to create the ADL. The request includes a selection of an input and a selection of an output. When executed by a client device, the ADL is configured to provide the output based at least partially on an identification of the input. The method further includes electronically packaging the input and the output to generate the ADL. The method includes sending the ADL via a transport layer to the client device for execution of the ADL on the client device. The client device is configured to generate encrypted data pertaining to the execution of the ADL. The method includes receiving, from the client device, the encrypted data pertaining to the execution of the ADL. The method further includes decrypting the encrypted data. The method includes presenting at least some of the decrypted data on a display.

Abstract: Embodiments create and manage a device profile on a mobile device for continued authentication of the mobile device. The device profile includes a state assigned to a mobile device. The state of the device can be managed through the device profile. The mobile device is allowed to conduct payments based on the current state assigned to the mobile device. In response to a request to conduct a payment transaction using the mobile device, the state information in the mobile device profile is checked. The payment transaction using the mobile device is allowed when the state information indicates a trusted state. The payment transaction using the mobile device is limited when the state information indicates a suspended state. The payment transaction using the mobile device is prevented when the state information indicates an untrusted state.