Abstract: Examples relate to scaling persistent connections for cloud computing. In some examples, a data packet is used to determine connection information of the first connection. At this stage, server portion of the first connection is closed by using the connection information to send a close command to the cloud server. In response to a keepalive signal from the client computing device, the connection information is used to send a keepalive response to the client computing device to maintain a client portion of the first connection. In response to a service request from the client computing device, a service notification including the service request is sent to the client computing device, where the client computing device initiates a second connection with the cloud server to process the service request.

Abstract: In one implementation, a method for providing security on externally connected controllers includes receiving, at a reporting agent that is part of a security middleware layer operating on a controller, an indication that a process has been blocked; obtaining, by the reporting agent, trace information for the blocked process; determining, by the reporting agent, a code portion in an operating system of the controller that served as an exploit for the blocked process; obtaining, by the reporting agent, a copy of malware that was to be executed by the blocked process; generating, by the reporting agent, an alert for the blocked process that includes (i) the trace information, (ii) information identifying the code portion, and (iii) the copy of the malware; and providing, by the reporting agent, the alert to a network interface on the controller for immediate transmission to a backend computer system.

Abstract: The subject of the invention is a countermeasure method for an electronic component implementing a public-key cryptography algorithm on an elliptic curve E defined over a field and comprising an iterative scalar multiplication operation making it possible to obtain a point [k]P on the basis of a point P of the curve E and of an integer k that must remain secret, the electrical consumption of the electronic component being dependent on the value taken by at least one so-called critical point used during said operation to iteratively determine the point [k]P.

Abstract: A communication device for handling data transmission/reception for dual connectivity comprises a storage unit for storing instructions of connecting to a first base station (BS) and a second BS; receiving a message from the first BS, wherein the message configures a handover to a third BS and a connection change to a fourth BS; updating a first parent key to a first updated parent key and updating a second parent key to a second updated parent key based on the first updated parent key, in response to the message; updating a first security key to a first updated security key based on the first updated parent key and updating a second security key to a second updated security key based on the second updated parent key, in response to the message.

Abstract: Aspects extend to methods, systems, and computer program products for controlling performance of a requested user operation. It is determined if a requested user operation can access data on behalf of a user based on an obtained user context associated with the user. The user context identifies the location of an object representing a user relative to other objects within a hierarchical data structure. The context is used to derive a role for the user. A control expression is accessed. The control expression governs access of the requested user operation for the derived role. A set of permissions is formed for the user by evaluating the control expression using the user context and a data context for the data. The user's authorization to perform the requested user operation is determined from the set of permissions. The requested user operation is performed according to the determined user's authorization.

Abstract: Aspects of the present disclosure include a system comprising a computer-readable storage medium storing at least one program and a method for managing access permissions associated with data resources. The method includes providing a user interface for registering a policy to a client device, and receiving a policy registration associated with a data resource stored in a first network database. The method further includes registering a policy associated with the data resource based on the policy registration. The registering of the policy includes creating a policy object that is linked to the data resource and storing the policy object in a second network database.

Abstract: Based on a hidden service address table stored in a memory, a virtual circuit related to a hidden service is mapped to a corresponding port-level channel based on the hidden service's address. Data associated with the hidden service is routed between the virtual circuit and the port-level channel. This enables binding of high level anonymity protocols to low level communication services of a network fabric and ensures that other nodes in the network fabric can leverage fabric-hosted hidden services without requiring updates to an existing anonymity protocol.

Abstract: A method, apparatus, article of manufacture, and a memory structure for providing a security infrastructure that permits the programming of limited hardware resources that can accept newly downloaded applications and securely support a very large number of services offered by content providers each have the potential to utilize their own independent CAS/DRM system. The CE device owner can consume content from a variety of sources and enable switching among different and existing CAS/DRM security profiles as required by the content provider applications loaded in CE devices.

Abstract: User authentication techniques based on geographical locations associated with a client device are provided. An example method for authentication of the client device includes receiving an authentication request from the client device. The method may include establishing current geographical location of the client device. The method may further include establishing a trusted tolerance geographical area associated with the client device. After establishing the trusted tolerance geographical area, the method may proceed with determining whether the current geographical location of the client device is within the trusted tolerance geographical area. The method may further include authenticating the client device based on the determination that the current geographical location of the client device is within the trusted tolerance geographical area.

Abstract: Share values for use in a cryptographic operation may be received and the cryptographic operation may be performed based on the share values. A pseudorandom number that is to be used by the cryptographic operation may be identified and the pseudorandom number may be generated based on a portion of the share values that are used in the cryptographic operation. The cryptographic operation may then be performed based on the generated pseudorandom number.

Abstract: Service providers may operate one or more services configured to detect requests generated by automated agents. A CAPTCHA may be transmitted in response to requests generated by automated agents. The CAPTCHAs may be included in a modal pop-up box configured to be displayed by a client application displaying a webpage to a customer of the service provider. Furthermore, the CAPTCHAs included in the modal pop-up box may be rendered inactive and caused not to be displayed by client application executing the webpage. Submitted solutions to CAPTCHAs may be presented with a cookie that enables access to resources of the service provider without restriction. Cookies may be tracked and their use may be used to detect automated agent activity.

Abstract: A method for providing encrypted information by an information entity to one or more operating entities, the information entity having a database for storing encrypted information and the one or more operating entities being configured to operate on the encrypted information, wherein the encrypted information is stored encrypted with an encryption key known to the one or more operating entities includes performing, by an operating entity, a request on the encrypted information, wherein plaintext information to be stored encrypted is provided in tuples, each having ID information, one or more fields with field information specifying the fields, and values, wherein at least the values are encrypted with non-deterministic order preserving encryption with at least one encryption key such that each plaintext value is encrypted into a set of encrypted values, and wherein the set of encrypted values is partitioned into a left set and a right set.

Abstract: Tools, strategies, and techniques are provided for evaluating the identities of different entities to protect individual consumers, business enterprises, and other organizations from identity theft and fraud. Risks associated with various entities can be analyzed and assessed based on analysis of social network data, professional network data, or other networking connections, among other data sources. In various embodiments, the risk assessment may include calculating an authenticity score based on the collected network data.

Abstract: Implementations of a system and method of generating and using bilaterally generated variable instant passwords are disclosed. The system is used to secure electronic transactions (e.g., an auction in which one or more bidders are unknown to the auctioneer). In this system an Internet Service Provider (ISP), on request from a USER (e.g., a bidder), facilitates an authentication process with a SERVICE PROVIDER (e.g., an auctioneer). The SERVICE PROVIDER may send a sub-folder, containing a USER name, a temporary sub variable character set, and a CALL, to the USER through the ISP. The password used to access the sub-folder is transmitted directly to the USER by the SERVICE PROVIDER. The USER gets authenticated to the SERVICE PROVIDER by using the USER name, the temporary sub variable character set, and the CALL retrieved from the sub-folder. After USER's authentication, further transactions (e.g., bids) are performed using a password for each transaction.

Abstract: The present invention relates to methods, network devices, and machine-readable media for an integrated environment for automated processing of reports of suspicious messages, and furthermore, to a network for distributing information about detected phishing attacks.

Abstract: An example method is provided in according with one implementation of the present disclosure. The method includes receiving location-locked data (LLD), receiving at least location information related to a permitted region, and deterministically generating at least one location-specific encryption key (LSK) based at least on the location information related to the permitted region. The method further includes encrypting the LLD such that the encrypted LLD can be decrypted using one of the at least on LSK.

Abstract: An apparatus, computer program, and method are provided for generating an intermediate entitlement specification that specifies one or more access rights in connection with a service or content. A plurality of entitlement policies is stored that are configured for being used to determine one or more entitlements to be sent to a device. In operation, an offer specification is received, and at least one of the plurality of entitlement policies is identified based on the offer specification. An intermediate entitlement specification is generated that specifies one or more access rights in connection with a service or content, based on at least one entitlement policy. In use, a run-time entitlement specification may be generated, in response to a request for the service or content during a run-time. Further, in one embodiment, the run-time entitlement specification may be generated utilizing at least one intermediate entitlement specification.

Abstract: An interception-proof authentication and encryption system and method is provided that utilizes passcodes with individual pins that are made up of symbols from a set of symbols, and tokens that contain at least two symbols from the set of symbols used for the passcode. Multiple tokens (a “token set”) are presented to a user, with some or all of a user's pre-selected pins (symbols) randomly inserted into some or all of the tokens. The user selects a token from the token set for each pin position in the passcode. The user is authenticated based on the selected tokens. Because each selected token may or may not contain one of the pre-selected pins in the user's passcode, and also contains other randomly generated symbols that are not one of the pre-selected pins in the user's passcode, someone that observes which tokens the user has chosen cannot determine what the user's actual passcode is.

Abstract: A cloaking authority system that securely and anonymously identifies a misbehaving device based on its digital certificate. The system may include a cloaking authority server or device that is communicatively connected to a misbehavior authority server, and may also include a pseudonym certificate authority device, and a registration authority device. The cloaking authority device receives, from the misbehavior authority server, a request for a cloak index, wherein the request for the cloak index includes the linkage value from a PC of a misbehaving computerized device. The cloaking authority device processes the linkage value to produce a cloak index, which identifies the misbehaving computerized device and which is unique and anonymous, and transmits it to the requesting misbehavior authority server. The misbehavior authority server uses the cloak index to identify the specific computerized device that has misbehaved, usually repeatedly.

Abstract: Disclosed herein is a method for detection of a cyber-threat to a computer system. The method is arranged to be performed by a processing apparatus. The method comprises receiving input data associated with a first entity associated with the computer system, deriving metrics from the input data, the metrics representative of characteristics of the received input data, analyzing the metrics using one or more models, and determining, in accordance with the analyzed metrics and a model of normal behavior of the first entity, a cyber-threat risk parameter indicative of a likelihood of a cyber-threat. A computer readable medium, a computer program and a threat detection system are also disclosed.