Abstract: Techniques for signer-initiated electronic document signing via an electronic signature service using a mobile or other client device are described. Example embodiments provide an electronic signature service (“ESS”) configured to facilitate the creation, storage, and management of documents and corresponding electronic signatures. In some embodiments, when a signer user receives a hard copy (e.g., paper) signature document, the signer may capture an image of the signature document with a camera of a mobile device. The signer can then import the captured image into the ESS for signature, storage, and/or transmission to other parties.

Abstract: To easily identify an invalid device certificate by means of a validity check when signing keys that are used to create device certificates are compromised, a piece of status information is provided for device certificates that comprises positive evidence of the existence and validity of the device certificate, and alternatively or additionally to apply a special validity model for device certificates, wherein the time of issue of the device certificate is documented by means of a signed electronic timestamp, and wherein a different signing key is used for signing the timestamp than for signing the device certificate. Additionally, all information that is required for the validity check of a device certificate is stored in a memory of the device or in a memory associated with the device, so that an identity check on the device can be performed at any time without fetching additional data.

Abstract: The disclosed technology is generally directed to device authentication in an IoT environment. For example, such technology is usable in authenticating IoT devices to an IoT Hub. In one example of the technology, data field targets are received for an IoT device. The data field targets may include at least one device identity data field target and at least one telemetry data field target. Data field entries are received from the IoT device at a first time. The data field entries may include at least one device identity data field entry and at least one telemetry data field entry. A determination is made as to whether the data field entries match the corresponding data field targets for the IoT device. The IoT device is selectively allowed to connect to the IoT hub based on the determination.

Abstract: A computer readable medium having instructions embodied therewith, the instructions executable by a processor or programmable circuitry of a federation server to cause the processor or programmable circuitry to perform operations including configuring a plurality of identification (ID) federations between the federation server and a plurality of applications such that each of the plurality of ID federations is between the federation server and one of the plurality of applications, receiving a first authentication request for authenticating a user who has been authenticated on a first application of the plurality of applications using an ID federation between the first application and the federation server from among the plurality of ID federations, and sending a second authentication request to a second application of the plurality of applications for authenticating the user using an ID federation between the federation server and the second application from among the plurality of ID federations.

Abstract: An apparatus and a method for providing a security service in a communication system are provided. The security device includes a receiver configured to receive validation information used for validating data received by a receiving apparatus from the receiving apparatus, at least one processor configured to determine whether the validation information matches set validation related information, and a transmitter configured to transmit information indicating the determined result to the receiving apparatus.

Abstract: The disclosed computer-implemented method for validating a user's physical location may include (i) identifying a plurality of sensor-equipped devices that are connected to a local network, wherein the local network is associated with a physical location, (ii) receiving a request to validate that a user is present at the physical location that is associated with the local network, (iii) instructing, in response to receiving the request, the user to interact with at least one sensor-equipped device in the plurality of sensor-equipped devices, (iv) confirming, based on observing a response of the sensor-equipped device, that the user has interacted with the at least one sensor-equipped device, and (v) validating, in response to confirming that the user has interacted with the at least one sensor-equipped device, that the user is present at the physical location. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method of redirecting search queries from an untrusted search engine to a trusted search engine is a software application that is used to prevent personal information from being collected by untrusted search engines. The software application receives a search query URL for a desired search engine which corresponds to a search query. The search query is compared to a provided plurality of untrusted URL patterns in order to determine if the desired search engine can be trusted. If the search query URL is not found on in the plurality of untrusted URL patterns, the search is allowed to proceed. If the search query URL is found in the plurality of untrusted URL patterns, the search query is redirected to a trusted search engine. At least one trusted URL pattern is provided so that the search can be redirected to a trusted search engine.

Abstract: Methods, systems, and computer readable mediums for securely establishing credential data for a computing device are disclosed. According to one example, a method includes assigning, by a credential manager, credential set data to a computing device and mapping the credential set data to a device identifier key associated with the computing device in a credential data store accessible by the credential manager. The method further includes receiving, from a provisioning service client, a credential set request message including the device identifier key by the credential manager in response to an activation of the computing device at a customer location site and sending, by the credential manager to the provisioning service client, the credential set data for authenticating the computing device at the customer location site.

Abstract: According to an embodiment of the present disclosure, an electronic device may comprise a first sensor configured to obtain first biometric information of a first authentication level from a user, a second sensor configured to obtain the first biometric information and/or second biometric information of a second authentication level higher than the first authentication level from the user, a memory configured to store at least one piece of biometric information authenticated in relation with the user, and a processor configured to compare the at least one piece of biometric information with the first biometric information obtained through the first sensor while the electronic device operates in a locked state, to activate a timer to stop input to the first sensor for a designated time when authentication based on the first biometric information fails a designated number of times based on the comparison of the first biometric information, to obtain the second biometric information through the second sensor whi

Abstract: A hybrid cluster environment with a public cloud cluster having nodes storing data and a plurality of private clusters is provided, wherein each of the plurality of private clusters has nodes storing data. Registration data that indicates a customer identifier, a new private cluster, and a file transfer server is received. The new private cluster is added to the plurality of private clusters in the hybrid cluster environment. Input to design a job to process data in the hybrid cluster environment is received. It is determined that the job is to be deployed to the new private cluster. The job is deployed to the new private cluster using the file transfer server, wherein the job is executed at the new private cluster. Job status information and one or more job logs are received with the file transfer server.

Abstract: A hybrid cluster environment with a public cloud cluster having nodes storing data and a plurality of private clusters is provided, wherein each of the plurality of private clusters has nodes storing data. Registration data that indicates a customer identifier, a new private cluster, and a file transfer server is received. The new private cluster is added to the plurality of private clusters in the hybrid cluster environment. Input to design a job to process data in the hybrid cluster environment is received. It is determined that the job is to be deployed to the new private cluster. The job is deployed to the new private cluster using the file transfer server, wherein the job is executed at the new private cluster. Job status information and one or more job logs are received with the file transfer server.

Abstract: A method comprising: launching, by a pre-boot environment, a pre-boot launch enclave (LE); creating, by the pre-boot LE, a launch token for a pre-boot quoting enclave (QE); authenticating, by the pre-boot LE, the launch token; launching, by the pre-boot environment with the launch token in response to the authentication, the pre-boot QE; generating, by the pre-boot QE, a public provisioning key, a private provisioning key, and an attestation key; verifying, by the pre-boot QE with a public key, authenticity of a device; securing, by the pre-boot QE with the public provisioning key, private provisioning key, and the public key, a communication channel with the device; encrypting, by the pre-boot QE with a system specific seal key, the public provisioning key, the private provisioning key, and the attestation key; and storing, by the pre-boot QE, the encrypted public provisioning key, the encrypted private provisioning key, and the encrypted attestation key in the device.

Abstract: Systems and methods implemented by an application executed on a mobile device for service driven split tunneling include receiving and configuring the application on the mobile device; responsive to a set of rules, opening one or more tunnels to one or more host concentrators in the cloud; and intercepting packets being transmitted from the mobile device and one of forwarding the packets over the one or more tunnels and forwarding the packets directly based on the set of rules.

Abstract: The method includes receiving, by one or more computer processors, a first text, wherein at least a portion of the received first text is confidential. The method further includes identifying, by one or more computer processors, an intended recipient of the received first text. The method further includes identifying, by one or more computer processors, a first conversion model, which corresponds to the intended recipient. The method further converting, by one or more computer processors, the received first text into a third text that does not include confidential text based upon the identified first conversion model.

Abstract: Systems and methods are provided that include: accessing implicit authentication data from a possession factor associated with an authorized user; at the possession factor or at an authentication platform: generating a possession confidence level using the implicit authentication data, the possession confidence level being one of a plurality of possession confidence levels, the possession confidence level indicating a likelihood that the possession factor is possessed by the authorized user; identifying, among a plurality of varying authentication requirements, an authentication requirement for the transaction based on the possession confidence level, the authentication requirement defines a process or action to prove authority to perform the transaction or a process or action to prove an identity of a user attempting to perform the transaction; and implementing the authentication requirement for the transaction.

Abstract: One example method of operation may include receiving a request, from an entity, for one or more tokens based on one or more attributes, encrypting and masking the one or more attributes, adding the encrypted and masked one or more attributes to the one or more tokens, and transmitting the one or more tokens to the entity.

Abstract: A device for securing USB or Firewire port interconnections includes a microcontroller comprising a processor; a first connector/lead in communication with the microcontroller and configured to be coupled with a USB or Firewire external device; and a second connector/lead in communication with the microcontroller and configured to be coupled with a protected host. An optional user interface communicates with the microcontroller. When the microcontroller detects that the external device is coupled to the first connector/lead, the processor is configured to display a prompt on the user interface for a user to initiate inputs prior to the external device being allowed to connect with the protected host; or is configured to automatically prevent the external device from being connected with the protected host if the external device is on a blacklist of devices known to have device handlers in the protected host at a BIOS level, without modifying the protected host.

Abstract: Aspects of the present disclosure include systems and methods for detecting unwanted software. An exemplary method comprises identifying a first file associated with a first application and a second file installed on the computing device, wherein the first file is related to the second file, identifying a second application installed on the computing device that uses at least one of the first and second files, determining a first frequency of use for the first application and a second frequency of use for the second application, determining that the second application was installed at substantially the same time as the first application based on a comparison of the first frequency of use and the second frequency of use and determining that the first application is an unwanted application when the comparison of the first frequency and the second frequency results in a degree of similarity greater than a threshold value.

Abstract: The subject matter discloses a method for securing personal information, comprising securing the personal information stored on a data server using a cryptographic secret, said cryptographic secret is unique to a user, storing a first share of the cryptographic secret on a secret storage server communicating with the data server and a second share of the cryptographic secret on a computerized device controlled by the user, detecting a request from the data server to perform an action on the personal information, transmitting the request to the computerized device controlled by the user to use the second share of the cryptographic secret to decrypt the personal information, decrypting the personal information using the first share and the second share, without storing both the first share and the second share in a single device concurrently and performing the action on the personal information on the data server.

Abstract: A data processing method and apparatus relate to the field of communications technologies and applicable to data processing used to resolve a low security problem of data stored in a memory. A memory encryption/decryption (MED) apparatus receives a data write command, encrypts to-be-written data, scrambles an address to which data is to be written, and then saves a cyclic redundancy check (CRC) code of the to-be-written data and encrypted to-be-written data in a memory according to a scrambled address to which data is to be written. Solutions provided in the embodiments of the present disclosure are.