Abstract: The disclosed computer-implemented method for generating user profiles may include (i) analyzing a data set of user profiles for services, (ii) detecting a measurement of obfuscation that was applied to a specific attribute across multiple user profiles for a specific service, (iii) applying the measurement of obfuscation to true data for a new user by fuzzing the true data to create a fuzzed value, and (iv) generating automatically a new user profile for the specific service by populating the specific attribute within the new user profile with the fuzzed value. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems and methods for detecting malicious activity in a computer system. One or more graphs can be generated based on information objects about the computer system and relationships between the information objects, where the information objects are vertices in the graphs and the relationships are edges in the graphs. Comparison of generated graphs to existing graphs can determine a likelihood of malicious activity.

Abstract: Examples associated with firmware encryption are described. One example device firmware includes a base module. The base module controls a base function of the device. The device firmware also includes a first encrypted module that modifies a first function of the device. The first encrypted module is inactive until decrypted. A decryption module decrypts the first module using a first encryption key and controls activation of the first encrypted module.

Abstract: A technology is described for device communication with computing regions. An example method may include receiving at a first computing region a request for a computing resource. In response to receiving the request, a device associated with the request may be authenticated using authentication credentials for the device. An identity token that indicates permission for the device to access the computing resource in a second computing region may be generated and the identity token and instructions to connect to the second computing region may be provided to the device. The device may present the identity token to the second computing region in order to access the computing resource in the second computing region.

Abstract: A wireless network system includes a user device, a client and an access point. In the wireless network system, a wireless network mode of the client is started in an AdHoc mode in response to specific operation, a wireless network mode of the user device is switched to an AdHoc mode when it is detected that the wireless network mode of the client is started in the AdHoc mode. Then, infrastructure network information including a network name and an encryption key for setting the wireless network communication in the infrastructure mode is transmitted from the user device to the client, and the wireless network mode of the client is switched to the infrastructure mode on the basis of the infrastructure network information.

Abstract: Mechanisms for providing point to point encryption and tokenization enabling decryption, tokenization and storage of sensitive encrypted data on one system are discussed.

Abstract: A controller receives an encrypted media stream (“EMS”) and an identifier indicative of a selected content key from a headend. The EMS is encrypted with an encryption key and can be decrypted with a corresponding decryption key which is determinable from the selected content key. The controller receives indexes and content keys from the headend prior to receiving the EMS. Each index respectively corresponds to an identifier with one index corresponding to the identifier indicative of the selected content key. The content keys correspond to the indexes with one content key corresponding to the index corresponding to the identifier indicative of the selected content key. The controller selects the index corresponding to the identifier indicative of the selected content key upon receiving the EMS, determines the selected content key from the selected index, determines the decryption key from the selected content key, and decrypts the EMS with the decryption key.

Abstract: Provided is an information processing apparatus including a processing unit configured to perform a predetermined process on the basis of first information about a user that is acquired by a first apparatus from around a body of the user, and second information about a user that is acquired by a second apparatus different from the first apparatus.

Abstract: Embodiments of the present disclosure are directed to, among other things, improving data security with respect to data collection, verification, and authentication techniques associated with obtaining and transmitting identity information. For example, an identification credential may be received (e.g., via a short-range communications protocol such as iBeacon) by a first device from a second device. The credential may be associated with a second user of the second device. The first device may verify the credential and, if valid, an additional option to approve a secure communications channel may be presented at the first device. If the additional option is selected, a secure communications channel may be established between the first device and the second device.

Abstract: Provided is an information processing apparatus including a processing unit configured to perform a predetermined process on the basis of first information about a user that is acquired by a first apparatus from around a body of the user, and second information about a user that is acquired by a second apparatus different from the first apparatus.

Abstract: In one embodiment, a method includes receiving, from a device via a wireless signal, a request to access a WLAN of a router, the request including a device identifier. The provisioning agent may be within wireless ranges of the device and of the router. The provisioning agent may request, from an authentication server, a password for the device. The password may be uniquely generated by the authentication server for the device. The provisioning agent may receive the password from the authentication server. The provisioning agent may send, to the router, the password and the device identifier. The provisioning agent may receive, from the router, an indication that the router has verified the password with the authentication server. The router may store the device identifier in association with the password. The provisioning agent may send, to the device, the password. The password may authenticate the device to the router.

Abstract: The disclosed computer-implemented method for preventing malicious applications from exploiting application services may include (i) identifying an attempt by an application, executing within a sandboxed environment that isolates the application's data and code execution from at least one other application executing within an operating system on the computing device, to launch at least one application service, (ii) determining that the application represents a potential security risk, (iii) prompting a user of the computing device to remediate the potential security risk posed by the application by performing a recommended security action, and (iv) while waiting for the user to perform the recommended security action, securing the computing device by blocking the attempt by the application to launch the application service. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system discloses providing secure remote desktop session host experience to a user for a selected application while controlling the user's access to non-core functionalities of the selected application. An implementation of the system disclosed herein identifies a non-core functionality of an application running on a server, flags the executable files, shared object library files, and the registration keys necessary for the non-core functionality of the application, and disables the application's access to the identified executable files, the identified shared object library files, and the identified registration keys.

Abstract: A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.

Abstract: Systems and methods detect a potential hacking attack by monitoring the number and timing of DELBA (Delete Block Acknowledgement) action frames. When the number and timing of the DELBA action frames correspond to an unauthorized access pattern, an unauthorized access is detected. The potential unauthorized access may be detected by an access point (AP) or by the AP and a backend system. When a potential unauthorized access is detected, the AP may remain in silent mode for a longer period of time and limit access to the network to only trusted devices. In addition, an alarm or other notification of the potential unauthorized access may be provided to a user or other designated contact.

Abstract: An information output device includes: a first output unit that outputs acquired information acquired by a sensor; and a second output unit that converts personal information included in the acquired information into attribute information from which identification of an individual is impossible, and outputs the attribute information.

Abstract: Examples relate to throttling data access using a data porch. In some examples, an analysis engine is used to access memory and prepare a data response for a data request that is obtained from the data porch via a throttled data buffer. The data response is sent to the data porch via the throttled data buffer, where the throttled data buffer has a throttled data bandwidth that limits a data flow of data requests and data responses between the analysis engine and the data porch. In response to receiving the data response from the analysis engine via the throttled data buffer, the data porch is used to provide the data response to a networked device.

Abstract: A mobile computing device is operated to receive a trigger at a first instance. The trigger may be associated with a predefined condition or event or action. The mobile computing device may detect the predefined condition or event at a second instance. In response to detecting the predefined condition or event, a notification is activated on the mobile computing device that is based on the trigger.

Abstract: Methods and devices for managing browser extensions may include receiving a security list for restricting usage of one or more browser extensions on webpages that includes at least one or more of a webpage category and a uniform resource locator (URL). The methods and devices may include receiving a navigation request to a webpage and providing a browser extension decision whether to allow the one or more browser extensions to operate on the webpage based at least upon the security list.

Abstract: A network device identifies an Internet Protocol Security (IPsec) tunnel that connects the network device to a remote device and determines that dead peer detection (DPD) is enabled at the network device. The network device receives a first DPD request message from the remote device via the IPsec tunnel, and sends a first DPD response message to the remote device via the IPsec tunnel. The network device determines that a workload of the network device satisfies a threshold amount, and sends one or more encapsulating security payload (ESP) packets that include traffic flow confidentiality (TFC) payload data to the remote device via the IPsec tunnel. The network device determines that the workload of the network device does not satisfy the threshold amount. The network device receives a second DPD request message from the remote device and sends a second DPD response message to the remote device via the IPsec tunnel.