Abstract: Method and systems for performing biometric registration and authentication of a user, via a user device, over a communication network to provide access to a secure network. The method includes transmitting, via the communication network, non-biometric authentication credentials of the user to initiate a determination of validity of the non-biometric authentication credentials. The method further includes receiving an authentication token based upon the determination of the validity of the non-biometric authentication credentials. The method further includes obtaining biometric information from the user via the user interface and at least one biometric sensor. Biometric data, produced from the biometric information obtained from the user, is sent to an ID server configured to store the biometric data in association with the user. The client app is configured to perform a biometric authentication to provide access to the secure network based on the biometric data stored by the ID server.

Abstract: There is disclosed in an example a computing apparatus, comprising: a network interface; a messaging application to communicate via the network interface; and one or more logic elements comprising a security layer, discrete from the messaging application, to: generate a message; secure the message; and send the message via the messaging application.

Abstract: Systems and methods for tokenization to support pseudonymization are provided herein. An example method includes receiving an input set, seeding a random number generator with one or more secret data, transposing the input set using a first random number/transposition parameter generated by the random number generator to create a transposed input set, transposing a token set using a second random number/transposition parameter generated by the random number generator to create a transposed token set, and generating a token by substituting transposed input set values with transposed token set values.

Abstract: Systems and methods may provide for online identification and authentication. In one example, the method may include generating a credential to represent a relationship based on a common ground of authenticated communication between a first user and a second user, identifying the second user to the first user, authenticating the relationship of the second user to the first user, and initiating, upon authentication, a communication between the first user and the second user.

Abstract: Methods, systems, and devices for wireless communication are described. In one method, a wireless device may securely communicate with a local area network (LAN), via a first connection with a source access node (AN), based on a first security key. The wireless device may perform a handover from the source AN to a target AN. The wireless device may derive a second security key based on the first security key, and securely communicate with the LAN, via a second connection with the target AN, based on the second security key and a restriction policy for the second security key. The wireless device may perform an authentication procedure to obtain a third security key, which may not be subject to the restriction policy, and securely communicate with the LAN, via the second connection with the target AN, based on the third security key.

Abstract: A non-transitory computer-readable storage medium comprising instructions stored thereon. When executed by at least one processor, the instructions may be configured to cause a computing system to at least receive a message, the message including a header, an encrypted symmetric key, and an encrypted body, decrypt the encrypted symmetric key using a private key to generate a decrypted symmetric key, decrypt the encrypted body using the decrypted symmetric key to generate a decrypted body, and store the header, the decrypted symmetric key, and the decrypted body in long-term storage.

Abstract: An example network communication device include a communication circuit and a processing circuit. The communication circuit securely communicates over a network using a rotating code and the processing circuit enter a sleep mode at which time values of the rotating code are unknown by the network communication device. The processing circuit enters the sleep mode by requesting another network communication device of the network to authorize entering the sleep mode, and entering the sleep mode responsive to an indication verifying that the network communication device and the other network communication device agree on a set of secure parameters that is created pseudo-randomly, wherein the processing circuit enters the sleep mode with the set of secure parameters as stored for awakening but without storage of the values of the rotating key.

Abstract: Embodiments of the invention provide for malware collusion detection in a mobile computing device. In one embodiment, a method for malicious inter-application interaction detection in a mobile computing device includes filtering applications installed in a mobile device to a set of related applications and then monitoring in the mobile device execution of the related applications in the set. The method additionally includes computing resource utilization of one of the related applications executing in a background of the mobile device while also computing execution performance of a different one of the related applications. Finally, the method includes responding to a determination that the computed resource utilization is high while the computed execution performance is poor by generating a notification in the display of the mobile device that the one of the related applications is suspected of malware collusion with the different one of the related applications.

Abstract: A method, an apparatus, and a computer program for detecting network anomaly in a distributed software defined networking (SDN) environment. The method includes collecting a control message from a distributed SDN controller and generating network characteristic information using the control message. The network characteristic information includes statistic information or event information included in the control message, new calculation information calculated using the statistic information or the event information, and network stateful information. The method, the apparatus, and the computer program for detecting network anomaly have high utilization, scalability, availability, and distribution properties to a user by supporting a variety of functions for detecting network anomaly in the SDN environment and providing a high-level API to the user.

Abstract: A document production system may construct a document from fragments based on a theme associated with the document. The theme may contain section(s), each section having an access control list (ACL) associated therewith. The ACL may specify role-based user group(s) and permission(s) for the role-based user group(s). The system may evaluable rules applicable to the document. At least one rule may pertain to the ACL(s). The evaluation may include, at least in part, utilizing user login information received over a network from a client device. In constructing the document, the system may assemble the document in accordance with the rules and utilizing the fragments and meta information that describes the document. The system may render the document thus assembled utilizing the ACL, generate a view of the document, and communicate the view of the document over the network to the client device for presentation on the client device.

Abstract: An example method of enforcing granular access policy for embedded artifacts comprises: detecting an association of an embedded artifact with a resource container; associating the embedded artifact with at least a subset of an access control policy associated with the resource container; and responsive to receiving an access request to access the embedded artifact, applying the access control policy associated with the resource container for determining whether the access request is grantable.

Abstract: An apparatus for computer-network security includes a network interface and a processor. The network interface is configured for communicating over a communication network. The processor is configured to detect a request from a first computer to access a non-existent shared resource of a second computer, to send to the first computer, responsively to the request, a response that imitates a genuine grant of access to the non-existent shared resource, so as to initiate an interaction between the first computer and the shared resource, and to process the interaction so as to identify a malicious activity attempted by the first computer.

Abstract: Systems and methods are disclosed for managing and protecting electronic content and applications. Applications, content, and/or users can be given credentials by one or more credentialing authorities upon satisfaction of a set of requirements. Rights management software/hardware is used to attach and detect these credentials, and to enforce rules that indicate how content and applications may be used if certain credentials are present or absent. In one embodiment an application may condition access to a piece of electronic content upon the content's possession of a credential from a first entity, while the content may condition access upon the application's possession of a credential from a second entity and/or the user's possession of a credential from a third entity. Use of credentials in this manner enables a wide variety of relatively complex and flexible control arrangements to be put in place and enforced with relatively simple rights management technology.

Abstract: Methods and systems provide application platform security enforcement. A distributed system communicates between a plurality of remote devices and at least one secured server to facility providing a secured service. The distributed system may comprise a remote communication server and one or more security layer components where the plurality of remote devices connect through ones of the security layer components. Upon detection of a security breach by a first remote device, the distributed system determines potential devices at risk from the plurality of remote devices, analyzing risk factors for commonalities. A lock down and/or quarantine of the first remote device and the devices at risk is instructed. Risk factors may include whether the remote devices communicate via a same security layer component, are geographically proximate; and/or are associated at the user level, for example are proximate users in a social network graph. Reactivation is also provided.

Abstract: Disclosed herein is a method of connection of home appliance to a network, a network-connection system for home appliances, and an apparatus related to a network-connection setting for home appliances. The network connection method of home appliance includes an operation in which a terminal device receives an input of an authentication key of an access point (AP) apparatus and the terminal device or the AP apparatus verifies and authenticates the authentication key; an operation in which a home appliance is set to be in a state of communicating with the terminal device; an operation in which the home appliance is interconnected to the terminal device and the terminal device transmits an identification number and the certificated authentication key of the AP apparatus to the home appliance; and an operation in which the home appliance is connected to the AP apparatus based on the identification number and the authentication key of the AP apparatus.

Abstract: A processor may receive plaintext data. The plaintext data may correspond to a query. The processor may identify a granularity of the plaintext data. The processor may compress the plaintext data using a binary search tree. The binary search tree may compress the plaintext data based on the granularity of the plaintext data. The processor may encrypt the plaintext data by randomizing the order in which the binary search tree stores the compression of the plaintext data. The stored order of the binary search tree may act as a private key. The processor may process the query over an encrypted cumulative compressed database.

Abstract: A data processing request is obtained containing blockchain data and an identifier used to identify a blockchain network to which the data processing request belongs. The identifier is extracted from the data processing request. Based on the identifier, corresponding processing logic associated with the data processing request is executed. The blockchain data is stored to a blockchain storage area corresponding to the identifier.

Abstract: A communication apparatus that transmits a challenge code on the basis of a received request signal and performs authentication of an authentication target apparatus transmitting the request signal on the basis of the challenge code and a response code generated on the basis of the challenge code includes a control unit configured to perform a predetermined fail-safe process when a request signal is received a set number of times or more from the authentication target apparatus before completion of the authentication after the transmission of the challenge code.

Abstract: A multi-tenant system that provides cloud-based identity management receives a request to execute a job, where the job has a scheduled start time, or a timeframe to complete, that exceeds the validity time of a request access token. The system generates the request access token corresponding to the job, where the request access token has access privileges. The system schedules the job and persists the request access token. The system triggers the job at the scheduled start time and generates a derived access token based on the request access token, where the derived access token includes the access privileges. The system then injects the derived access token during runtime of the job and calls a microservice using the derived access token to execute the job.

Abstract: Technologies for secure mediated reality content publishing includes one or more mediated reality servers, multiple mediated reality listeners, and multiple mediated reality creators. The mediated reality server performs an attestation procedure with each listener based on a pre-provisioned attestation credential of that listener and provisions a session encryption key to each validated listener. The attestation procedure may validate a trusted execution environment of each listener. The mediated reality server generates aggregated mediated reality content based on protected mediated reality content received from the creators and generates an associated license that defines one or more content usage restrictions of the aggregated mediated reality content. The server sends the aggregated mediated reality content to the listeners, protected by the corresponding session encryption key.